FEATURE 03PRIVACY · LOCAL AI · SWAPPABLE PERSONAS

The Exfiltration Gate

Default Phi-3, swappable to any sector-specific persona. Domain-aware intelligence at the driver level. Your PII never leaves the server.

Every suspect ioctl gets two passes. Stage one is a kernel-side heuristic on the hot path: size estimate plus reservoir sample, sub-microsecond. Stage two hands the survivors to the active SLM persona (HIPAA Guardian today, the rest of the rack roadmap, or your own LoRA) that scores intent against a learned exfil profile and returns a 0–100 risk rating with a reason. The persona's threshold — set by your operator, not by us — decides the outcome: allow, alert, or block. The model runs on the same host as the workload with no cloud round-trip and no third-party API. The Persona Switchboard hot-swaps the cartridge at the driver boundary with zero downtime.

Stage 1

size + xorshift sample · sub-µs hot path

Stage 2

Swappable persona · on-host · greedy decode

Latency

Sub-second on GPU · engagement-specific

Privacy

no host egress · no cloud · no third party

// TECHNICAL SPECIFICATION

S1 · Heuristic

size_estimate ≥ heuristic_min_bytes · sample_rate (xorshift)

S2 · Persona

GGUF · llama-cpp-2 · CPU or GPU

Cartridges

Live · DoD (IL5/IL6) · HIPAA · Custom (BYO) · more on the rack

Risk threshold

configurable 0–100 · default 70 · per-persona

Block action

alert (log) | SIGKILL pid (protected_pids excluded)

Update channel

signed bundle · we ship · air-gap safe

// SAMPLE CARTRIDGESSEE ALL 8 →

ACTIVEHIPAA

HIPAA GuardianUS Healthcare · PHI

Phi-3 mini · Q4_K_M1.2 ms

HIPAA §164.312 · HITECH §13402

ON THE RACK · 2026ROBOTICS

Robotics Safety OfficerAutonomous · Safety-Critical

TinyLlama 1.1B · Q40.9 ms

ISO 26262 · ASIL-D · IEC 61508

EMPTYCUSTOM

Custom LoRABring your own

Open · GGUF today · LoRA roadmapn/a

YOUR · POLICY