/ WIT OS / Security
Built secure. Operated secure.
WIT OS is the security layer for your AI — which means we hold ourselves to the bar we sell. Single-tenant isolation options, customer-managed keys, full audit, and a security team that runs Sentinel on itself.
- Single-tenant isolation available; multi-tenant default with strict separation
- Customer-managed keys (BYOK) on AWS KMS, Azure Key Vault, or GCP KMS
- SOC 2 Type II, ISO 27001, ISO 42001 (AI), HIPAA-eligible deployments
- Sentinel runs on Sentinel — every agent we ship is guarded by the same fabric
/ What you get
Everything you need. Nothing you don't.
Customer isolation
Logical isolation by default; single-tenant, dedicated VPC deployments available for regulated workloads.
Customer-managed keys
BYOK on AWS KMS, Azure Key Vault, or GCP KMS. We hold ciphertext only — you hold the keys.
Encryption everywhere
TLS 1.3 in transit, AES-256 at rest, envelope encryption for all customer data and model context.
Audit trail
Immutable logs for every prompt, tool call, model output, and policy decision. Streamable to your SIEM.
Data residency
US, EU, and UK regions. No cross-region replication unless you opt in. Sub-processors disclosed in the trust center.
Incident response
24-hour disclosure SLA, signed status updates, and a postmortem published within 30 days of resolution.
Ready to run on WIT OS?
Talk to the team about a managed deployment, a pilot, or a custom agent — we typically respond within an hour.