SECURITY · TRUST · PRIVACY

Built for the operations
your auditor will read.

MAIA writes decisions back into systems your team is accountable for. The audit, isolation, and explainability work isn’t optional, it’s the core of how the platform is engineered.

01 · Posture

Decision lineage is the audit trail. Every action carries its parents.

Every signal, detection, decision, and action MAIA emits is linked through parent_id. Your auditor can replay any production decision back to the originating sensor, ledger row, or message, along with the rule that fired, the confidence score, and the identities involved. The audit isn’t bolted on. It’s the backbone.

02 · Practices

What we engineer for by default.

01

Tenancy isolation

Every customer runs in a strictly scoped tenant. No shared connection pools, no shared cache keys, no cross-tenant query paths. Tenant ID is enforced at the runtime layer.

02

Sandbox-default integrations

Every connector boots in synthetic mode unless real credentials are explicitly set. Pilots run end-to-end against a fixture-shaped tenant before any prod credential leaves your environment.

03

Audit-grade lineage

parent_id chains every signal → detection → decision → action. Exportable to your SIEM as a structured event stream. No silent state changes.

04

Action gating + cure windows

Every agent ships at recommend-only. Write-back permissions are earned through measured pilot performance. Legally significant actions (e.g. RTA notices) always require human approval.

05

Encrypted in transit and at rest

TLS 1.3 everywhere. AES-256 at rest. Per-tenant keys. Secrets in a managed KMS, never in app config.

06

Least-privilege auth

OAuth 2.0 client-credentials, password grant, and SAML-bearer for connector auth. Internal RBAC scoped per tenant role.

07

Reduced model exposure

Operational data is processed inside our runtime. Model providers see only the prompts required for the decision, never raw ledgers, calendar contents, or PII at scale.

08

Reversibility & dry-run

Every non-trivial action supports dry-run. Reversible actions are tagged at decision time. The ledger records both intent and effect.

04 · DEFENCE-GRADE

For ISR, C2, and sustainment. Built so the policy enforces in software.

Defence and intelligence operations span classification levels, allied partners, and sustainment cycles. MAIA models classification as a runtime property and enforces policy on every read, not in documentation. Live demo at demo.maiaintelligence.io/fusion. Methodology paper at /research/multi-domain-fusion-2026.

Cross-classification fusion (Bell-LaPadula in software)

Classification is a runtime property on every entity. A scorer at level N can only read entities at ≤ N (read-down). Fused outputs are labelled at MAX(input classifications). Tenant policy caps the maximum output level. Enforced on every read in `engine.ts` — not a documentation property.

Hash-chained audit (FNV-1a, tamper-evident)

Every signal, decision, action, and outcome references the prior chain hash. Tampering breaks the chain visibly. Anchored per tenant, replayable end-to-end. Visible at /audit on the live demo.

Sovereign tenancy (Protected B class)

Per-program tenancy. Canadian, U.S., and Five Eyes-interoperable residency available on procurement. Sovereign-cloud deployment for Protected B and equivalent workloads. Public demo capped at PROTECTED-B; production tenants negotiate the cap.

REL TO marking enforcement

Five Eyes releasability markings (REL TO USA, GBR, AUS, CAN, NZL) are runtime properties, enforced on every read. The audit chain records which partner received which entity at which time — the exact evidence allied interoperability auditors ask for.

Lineage to source

Every action MAIA proposes carries the chain of evidence: which sensors, which detections, which scorers fired, with confidence and uncertainty bounds. Operator trust is earned at the action layer, in milliseconds, one legible decision at a time.

Spatiotemporal alignment with uncertainty propagation

Multi-modal contact reports join through a Mahalanobis-style space-time gate. Sensor reliability priors are learned online from the audit chain. Confidence and uncertainty propagate to every downstream output and gate the action tier (auto / review / critical).

Severity-banded action gates

Auto-tier executes within policy. Review-tier surfaces a defended recommendation to the operator. Critical-tier holds for explicit authorization with two-person integrity available. Every action carries a reversibility window during which it can be undone with full audit.

Cleared-personnel workflows

Tenant-level controls for cleared-personnel access, two-person integrity on critical actions, dual-key approval on actions that mutate readiness state. Configurable per tenant for the appropriate force structure.

Framework alignment

GoC NRC + DRDC research-security trend cardsALIGNED

  · Deep Learning for Health Decision SystemsBOUND

  · Cognitive ComputingBOUND

NIST AI RMF 1.0ALIGNED

ISO/IEC 42001:2023 (AI management)ALIGNED

CSE Top 10 IT Security ActionsMAPPED

PSPC SCED procurement requirementsMAPPED

Bill C-27 (PIPEDA / AIDA)TRACKED

Five Eyes interoperability (REL TO markings)ENFORCED

ALIGNED = architecture follows the framework’s principles in code. BOUND = lens binding active in the runtime. MAPPED = control crosswalk available on procurement. TRACKED = monitored for legislative status. ENFORCED = runtime property checked on every read.

For procurement, an inspector general, or an ATO authority package: the live demo, the methodology papers, and the architecture brief at docs/IDEAS_CHALLENGE_BRIEF.md are all evidence. We’d rather you click than read another datasheet.

03 · Compliance

Where we are. Honestly.

SOC 2 Type 1

in progress

Type 1 audit window: 2026 Q3 · Vanta-managed controls

SOC 2 Type 2

planned

Targeted post-Type-1, observation window 2026 Q4 → 2027 Q1

GDPR / PIPEDA

compliant

Data Processing Addendum available · sub-processor list maintained

Tenant data residency

available

US, Canada, EU regions on request

Penetration testing

annual

Independent third-party · summary report available under NDA

Vulnerability disclosure

active

security@maiaintelligence.io · 90-day coordinated disclosure window

We update this page when status changes. If you need our latest SOC 2 status, sub-processor list, or pen-test summary, contact security@maiaintelligence.io.

Procurement evaluating MAIA?

We’ll send our DPA, sub-processor list, and current SOC 2 status under NDA within one business day.

Request the security packet →

Built for the operationsyour auditor will read.