Where kernel-level
actually matters.
We deploy where userspace observability is a liability: data centers protecting proprietary weights, regulated healthcare and finance, multi-tenant clusters, and the LLM cores that will live inside the next generation of autonomous machines. The Sentry stands alone on every host; Arca Nexus rolls every verdict into one signed, fleet-wide chain of evidence.
Defense & National Security
Air-gapped AI governance for classified and CUI workloads — with a kernel-grade audit ledger your accrediting official can read.
Imagine a defense prime or national-security program office running mission models on accredited GPU enclaves. The mandate is absolute: no outbound network, CUI and classified data never cross the boundary, and every AI decision must be evidenced for the accrediting official. Arca Sentry deploys fully air-gapped — license verified offline, zero phone-home — and attaches at the NVIDIA driver boundary on every host. The DoD Sentinel persona (IL5/IL6) scores each suspect ioctl and blocks model-weight or CUI exfiltration before bytes leave the GPU. Every verdict seals into the kernel-grade Ledger, which becomes accreditation evidence an authorizing official can map directly to STIG, FedRAMP High, and CMMC controls. The same air-gap doctrine covers space systems and other national-security programs — an application of the posture, not a separate product.
One Nexus per enclave rolls every Sentry's verdicts into a single signed chain of evidence — the accreditation artifact an authorizing official wants for the whole air-gapped program, not a stack of per-host logs.
Protecting Proprietary Weights
Stop proprietary model weights — foundation weights, trading models, customer PII — from leaving the GPU at the ioctl boundary.
Imagine an AI lab or quant desk training proprietary models on H100s — the weights are the entire business. The risk: a contractor's notebook fires a large ioctl that pulls weights off the device. The hot-path heuristic flags transfers above the configured byte threshold; a sample is forwarded to the on-host SLM, which scores risk 0–100 and returns a reason. Above threshold, the daemon writes a structured alert and (if mode = kill) SIGKILLs the offending PID before the next ioctl batch lands. No data leaves the host at any point.
Nexus aggregates exfil-risk scoring across every research and training host into a single fleet view. SAN-bound per-line identity means a compromised contractor box can't impersonate a peer.
High-Compliance Healthcare
Kernel-level audit logs as evidence for HIPAA and FDA SaMD reviews — the proof health-AI vendors hand to their hospital customers.
Imagine a health-AI vendor shipping a GPU-backed diagnostic imaging model to hospital customers. Every customer's security review wants evidence that PHI never left the host. Arca Sentry attaches at libcuda.so and the ioctl tracepoint, records every GPU launch and ioctl as a structured event, exposes counts via Prometheus, and seals the kernel-side event stream into a tamper-evident Ledger the vendor hands to every customer's auditor — the same artifact for HIPAA and FDA SaMD review, captured below the application.
Across every customer deployment, Arca Nexus rolls each Sentry's verdicts into one signed compliance trail the vendor can produce on demand — the fleet view, not a stack of per-host logs.
Autonomous Robotics Observability
Kernel-side observability of GPU launches and ioctls in safety-relevant pipelines.
Imagine an industrial robotics OEM running on-vehicle perception + planning models on Nvidia accelerators. Safety review wants a record of every GPU kernel launch and every driver-bound ioctl, captured from the host kernel rather than from a userspace shim. The Auditor daemon provides that observability surface today: kernel-side recording and metric streams. Inline blocking of actuator-bound ioctl(2) (returning EFAULT from a kprobe with override) is a design we are evaluating; it is not part of the Auditor build today.
One Nexus per perimeter aggregates the fleet's GPU-side observability into a single chain of evidence. That is the same artifact safety review wants from every vehicle in the program.
Dynamic Compliance & Shielding
Two personas. One multi-tenant cluster. The HIPAA Guardian on Namespace-A and the PII Redactor on Namespace-B share one kernel attach with isolated memory.
Imagine a multi-tenant H100 cluster serving Healthcare workloads in Namespace-A and Finance workloads in Namespace-B from the same physical fleet. The Sentry loads the HIPAA Guardian persona on Namespace-A and the PII Redactor on Namespace-B from a single kernel attach. Each tenant gets policy enforcement that understands intent, not just regex. Hallucinated data leaks are scored at the cudaMemcpyDeviceToHost boundary and stopped per each persona's operator-set threshold before bytes leave VRAM, and a policy change to either namespace is a hot-swap at the kernel boundary: zero downtime, zero agent restart, zero Helm rollover. The same pattern lights up DoD IL5 / IL6, Sovereign AI, and Robotics safety as additional bays, all from the same Sentry, all signed and air-gap delivered.
Nexus rolls up per-host verdicts and persona swaps across the cluster. Compliance teams query one endpoint instead of grepping every box.
Cluster Governance for the CFO
Reclaim your VRAM. Shrink your cluster, not your performance.
Imagine a 512×H100 inference cluster running vLLM behind a serving stack. Spend looks normal until the Efficiency Auditor lands. Within a 7-day window, sys_exit_ioctl timing reveals 30% of the fleet is memory-bound on KV-cache pre-allocation, not compute. Roofline classification per shard confirms it. The auditor issues a quantization advisory (FP16 → INT4 GGUF on 11 PIDs) and a KV-cache eviction policy change. The signed savings PDF reports 31% reclaimable VRAM and an illustrative $471k/year recovered when modeled at a 20% reclaim rate, without buying another GPU or shrinking the model. Customer engagements report measured numbers.
Nexus aggregates VRAM-reclamation in dollars across the fleet using the same byte-for-byte formula the host computes. The CFO sees one number, sourced from every Sentry.