Security
adapterOS is designed for sensitive document work in environments where data movement, local access, and reviewer trust matter.
Why defense teams choose adapterOS
Operate in CUI and classified networks
Deterministic, air-gapped inference for contract packets, CUI, and technical data — with no egress in contested or disconnected networks.
Evidence your assessor accepts
Every run emits a replayable, cryptographically receipted record that maps to CMMC 2.0 and NIST SP 800-171/172 control families.
Ready for covered-AI controls
Model weights and adapters are versioned and policy-bound, anticipating NDAA §1513 covered-AI requirements folding into DFARS and CMMC.
Threat model
Primary attack surfaces
Supply chain integrity, insider risk, local privilege abuse, record deletion, and removable media handling. Offline shifts the problem from network defense to local controls and review discipline.
Mitigations
Model hash verification before use. Policy-bound workflows. Reviewable source trails. Change tracking. No outbound network calls. No telemetry. Explicit, verified updates.
Access control and isolation
Role-based access
RBAC and policy packs define what each role may do, enforced before a workflow is activated.
Tenant isolation
Workloads and evidence are isolated per tenant, so separate teams, programs, or classification levels do not share state.
Authenticated interfaces
Access to the web UI, REST API, and CLI is gated by JWT or API keys.
Security contact
Email: [email protected]
Acknowledge within 2 business days. Initial assessment within 5 business days.
On-prem adapterOS has no required external service dependency for sensitive document work. Website dependencies disclosed publicly: Resend (email delivery) and Cloudflare (hosting).
Start with a fixed-scope pilot
One workflow, your environment, hardware included — roughly 4–8 weeks from kickoff. You leave with a replayable evidence record you can show your reviewers, whether or not you proceed.