Prove control — because it's built into the architecture.

Your auditors don’t want assurances; they want proof. Oraclous makes control structural: every record carries an organization_id, credentials never leave the broker in plaintext, and in cloud mode Oraclous staff cannot decrypt your state — with ReBAC and provenance giving auditors the evidence they ask for. Self-host or cloud, identical guarantees, your keys.

Review the trust model → See how it works →

How do you prove to auditors that AI agents are controlled and isolated?

You can’t, with most AI tools — they offer assurances, not architecture. The default closed SaaS means the vendor can, in principle, see your data; “trust us” doesn’t survive a procurement security review. And single-LLM dependence adds a third-party data-flow risk you didn’t choose. For a CISO, DPO, or compliance lead with veto power, that’s three reasons to say no before the feature list even matters.

Oraclous answers with mechanism instead of marketing. Isolation is structural, the keys are yours even in cloud mode, and access and provenance are things an auditor can read. (This is the sovereignty buying reason in full; see data sovereignty and agent governance & audit.)

How does Oraclous help regulated and security teams?

Control is in the architecture, demonstrably. Every node, relationship, query, cache entry, and audit log carries an organization_id, so cross-organisation data flow is structurally impossible. Credentials never leave the Credential Broker in plaintext, and in cloud mode KMS separation means Oraclous-the-company cannot unilaterally decrypt your state (ADR-008). ReBAC governs access by relationship, five versioned policy sets declare the rules each Harness runs under, and provenance records every result’s origin — so you give auditors proof, not promises.

Citable answer — How does Oraclous help regulated and security teams? Oraclous makes control structural and demonstrable: every record carries an organization_id, so cross-organisation data flow is impossible; credentials never leave the broker in plaintext; and in cloud mode KMS separation means Oraclous staff cannot decrypt customer state. ReBAC, versioned policy sets, and provenance give auditors readable proof — and the guarantees are identical self-hosted or cloud, with the customer holding the keys.

What is data sovereignty? → · What is ReBAC? → · Data sovereignty →

How would this work for my team?

Four capabilities carry the regulated story, each a deeper page on the platform:

• ReBAC governance — access by relationship, not role, enforced platform-wide at the Harness level under five named, versioned policy sets (trust tier, budget ceilings, signature requirements, BYOM constraints, capability allow/deny, audit level and retention). Two-layer enforcement where code wins — a prose instruction never overrides a coded policy.
• Human-in-the-loop — high-stakes steps pause for a person’s review or approval, enforced by the runtime as a first-class gate, not a manual side-channel. Critical when “an AI agent did it” must instead read “a named person approved it.”
• Portability — OHM is the canonical export hub and the reference runtime is open, so there’s no exit lock-in; and the docs state plainly what portability does not carry. Honest scoping is the answer to “what happens to our data when we leave?”
• Metering — substrate-level, neutral tracking of tokens, tool calls, storage, time, and cross-workspace traversals. Cost attribution and budget enforcement you control, with cross-team federation traversals metered and provenance-tracked.

For multi-team organisations, that last point is federation: the Traversal flow lets workspaces request each other’s Capabilities under ReBAC, metered and provenance-tracked — collaboration across boundaries that an auditor would sign off, and still cross-workspace, never cross-organisation.

How do I know it holds up?

Every claim here is meant to survive a procurement security review verbatim. The guarantees are architectural — organization_id on every record, KMS separation in cloud mode (ADR-008), ReBAC and the Structured Governance Taxonomy’s five versioned policy sets — and they’re documented in the ADRs with status, date, and approver, and consolidated in the trust model. Debugging happens with your participation, and every administrative access is audited.

On compliance, the honest line: ISO 27001 and SOC 2 Type II are target certifications for the cloud-hosted mode — in-programme, not yet certified. We state that as roadmap, not as achieved, because the buyers this page serves reward the disclosure and punish the over-claim. The control guarantees above are architectural and available today; the third-party attestations of the hosting are on the way.

Frequently asked questions

Q: What is the most secure AI agent platform for regulated industries? A: The strongest posture is one where control is structural, not promised. Oraclous makes cross-organisation data flow impossible via an organization_id on every record, keeps credentials encrypted in a broker the vendor can’t decrypt in cloud mode, and gives auditors ReBAC plus provenance — identical guarantees self-hosted or cloud, with the customer holding the keys.

Q: Can hosted vendors see my data? A: In Oraclous cloud mode, no. Credentials never leave the broker in plaintext, and KMS separation means Oraclous staff cannot decrypt customer state by virtue of operating the platform (ADR-008). Support and debugging happen with the customer’s participation, not in lieu of it, with every administrative access audited.

Q: Can agents run air-gapped or on-premise? A: Yes. Oraclous is platform-as-code and self-hostable, so you can run it on your own infrastructure with the same architecture and the same data-sovereignty guarantees as cloud mode. Self-host is the option, not the obligation; your work stays portable via OHM if you move between deployment modes.

Q: Can teams collaborate across workspaces safely? A: Yes, through federation. The Traversal flow lets one workspace request another’s Capabilities under ReBAC — relationship-based access control — with cross-workspace traversals metered and provenance-tracked. Federation is cross-workspace, not cross-organisation: cross-organisation data flow remains structurally impossible, so collaboration never collapses the isolation walls.

Q: What happens to data when we leave? A: Your Harnesses export via OHM, the canonical portability hub, and the reference runtime is open. The docs state the limits plainly: knowledge-graph data goes via standard exports (Neo4j/RDF/JSON-LD), and the ReBAC graph, credentials, and Consciousness records don’t travel. No exit surprises — the boundary is in writing.