Where your data goes, and where it does not
Verillian is the layer your institution operates AI through. It sits at the device, decides at the moment of execution, and records what happened in a way that cannot be quietly changed. This is the whole flow.
scroll to view the full flow
The decision is made on the device, before any content reaches an outside model. A blocked request never leaves.
Providers receive exactly what your policy permits, redacted where your rules require it. Nothing more passes through.
Every event is signed and chained into a record your institution keeps, under keys we never see.
Intercept. Decide. Prove.
Three actions, in order, on every interaction. The order is the point. The decision comes before the data moves, and the proof comes with no extra step.
Intercept
AI traffic is intercepted on the device, before a prompt reaches any provider. Nothing depends on the provider cooperating, and nothing requires changing the tools your staff already use.
Decide
Your policy is enforced at the moment of execution. Each request is allowed, redacted, or blocked against the rules your institution sets. The decision happens before data leaves the endpoint.
Prove
Every event is signed and hash-chained into a tamper-evident record. When an auditor, a regulator, or a court asks what happened, the answer already exists and it holds up.
Every action gets a decision
Allow, redact, or block. The same decisions appear in the product, in the chain, and in every report, the vocabulary of what your AI was allowed to do.
The action is cleared by your policy and forwarded to the provider. Signed into the chain.
Sensitive data detected in the request is masked or removed before the prompt is forwarded.
The action is denied by your policy. It is never forwarded, and the attempt is sealed in the chain.
Proof you can open and read
Every event is signed and hash-chained into an append-only record, the construction used in certificate transparency and financial ledgers. The chain is not a black box: operators see every entry, every decision, and the unbroken hash that ties them together.
operator console · representative view, live feed
Deploy on your infrastructure, under your control
Two components, standard endpoint management, no change to the tools your staff use. The admin server runs where you put it, and the record stays inside your boundary.
- Enroll the fleet
- Sentinels deploy through your existing endpoint management. An enrollment queue and bulk operations handle scale.
- Distribute signed policy
- Policies are distributed as signed bundles. A sentinel rejects any policy not signed by a trusted authority.
- Operate offline, fail closed
- On lost connectivity a sentinel buffers locally and uploads later. If the buffer fills, it blocks all AI traffic. Not configurable.
- Localized and key-isolated
- The server stores ciphertext under your key. Signing keys never leave the device.
Verillian is infrastructure, not another tool in the stack
- nota gateway that needs every provider integrated through an API.
- nota wrapper that sits between your staff and one approved tool.
- notan AI company with a model of its own to sell you.
- nota data collector your interactions and your keys stay with you.
- not“AI governance” governance is a meeting. Verillian is enforcement.
See it run on your own endpoints
The clearest way to understand the flow is to watch it decide against your policy, on your fleet. That is what a pilot is for.