G8KEPR runs entirely inside your infrastructure. Every AI prompt, MCP tool call, and verification decision is processed on your compute — nothing crosses your network boundary to G8KEPR cloud.
Where each data type goes — and where it stays.
┌─────────────────────────────────────────────────────────────────┐
│ YOUR VPC / NETWORK │
│ │
│ ┌──────────────────┐ ┌───────────────────────────────┐ │
│ │ Your AI App │──mTLS──►│ sensor-ai-gateway │ │
│ │ (LLM calls, │ │ sensor-mcp │ │
│ │ agents, chat) │──/verify►│ sensor-verification │ │
│ └──────────────────┘ └───────────────┬───────────────┘ │
│ ┌──────────────────┐ │ CloudEvents │
│ │ MCP Server │──mTLS──►────────────────┘ │
│ │ (tool calls) │ ▼ │
│ └──────────────────┘ ┌───────────────────────────────┐ │
│ │ Collector │ │
│ │ spool + dedup + HMAC chain │ │
│ └───────────────┬───────────────┘ │
│ │ │
│ ┌───────────────▼───────────────┐ │
│ │ PostgreSQL (local) │ │
│ │ Audit log · RLS enforced │ │
│ │ 7-year retention │ │
│ └───────────────────────────────┘ │
│ │ optional egress │
│ ┌───────────────▼───────────────┐ │
│ │ Egress Firewall │ │
│ │ (disable = full air-gap) │ │
└───────────────────────────────┼───────────────────────────────┘
│ aggregated counts only
┌─────────────▼────────────────┐
│ G8KEPR Cloud │
│ metrics ingest · dashboard │
│ NO prompt/response content │
└──────────────────────────────┘
Every AI prompt, response, MCP tool call, and API payload is inspected inside your infrastructure. Nothing crosses your network boundary to G8KEPR cloud — not even anonymized excerpts.
Block all outbound traffic entirely. Sensors operate at full capability using locally cached threat patterns. The collector spools to local PostgreSQL with 7-year retention.
Every detection event is written to your PostgreSQL with a tamper-evident HMAC chain. G8KEPR can verify chain integrity during compliance audits without reading event content.
Sensors intercept traffic within your cluster over loopback/mTLS — no cross-region hop, no vendor proxy. Median overhead is sub-5 ms at p99.
Deploy in your AWS, Azure, GCP, or on-prem Kubernetes cluster. Elected data residency (EU, US, APAC) is enforced at the infra layer — not a configuration flag.
When egress is permitted, the collector transmits aggregated event counts and severity tallies. It never transmits prompt text, AI responses, tool arguments, or user data.
Most AI security vendors route your traffic through their cloud. G8KEPR does not.
| Property | G8KEPR | Cloud Proxy |
|---|---|---|
| AI traffic routes through vendor infra | No | Yes |
| Vendor can read prompts / responses | No | Yes |
| Air-gap / fully offline support | — | |
| Latency from vendor proxy hop | No | Yes |
| Full data sovereignty | — | |
| EU AI Act Art. 10 — data governance satisfied | — | |
| HIPAA / FedRAMP on-prem option | — |
EU AI Act Art. 10
AI data stays in your elected residency region. No cross-border transfer of training or inference data.
GDPR Art. 44–49
VPC-in-EU deployment requires no SCCs or adequacy decisions — data never leaves your EEA boundary.
HIPAA §164.312(a)(1)
PHI in AI prompts never leaves the covered entity's infrastructure. BAA scope stays clean.
SOC 2 CC6.6
G8KEPR has no logical access to customer data. Only aggregated metrics flow outbound.
Our solutions engineering team walks through the deployment topology, network requirements, and compliance posture for your specific cloud and regulatory environment. Available for Enterprise prospects.