Security
adapterOS is designed for sensitive document work in environments where data movement, local access, and reviewer trust matter.
Why finance teams choose adapterOS
Model-risk teams can sign off
Deterministic, replayable runs give model-risk and validation the transparency SR 11-7 expects — instead of an opaque third-party LLM.
Books-and-records by default
AI-assisted interactions are captured for FINRA and SEC recordkeeping, not lost inside a vendor API.
Data stays inside the perimeter
Confidential filings, research, and client documents are processed on-premises with no egress, supporting GLBA and data-residency requirements.
Threat model
Primary attack surfaces
Supply chain integrity, insider risk, local privilege abuse, record deletion, and removable media handling. Offline shifts the problem from network defense to local controls and review discipline.
Mitigations
Model hash verification before use. Policy-bound workflows. Reviewable source trails. Change tracking. No outbound network calls. No telemetry. Explicit, verified updates.
Access control and isolation
Role-based access
RBAC and policy packs define what each role may do, enforced before a workflow is activated.
Tenant isolation
Workloads and evidence are isolated per tenant, so separate teams, programs, or classification levels do not share state.
Authenticated interfaces
Access to the web UI, REST API, and CLI is gated by JWT or API keys.
Security contact
Email: [email protected]
Acknowledge within 2 business days. Initial assessment within 5 business days.
On-prem adapterOS has no required external service dependency for sensitive document work. Website dependencies disclosed publicly: Resend (email delivery) and Cloudflare (hosting).
Start with a fixed-scope pilot
One workflow, your environment, hardware included — roughly 4–8 weeks from kickoff. You leave with a replayable evidence record you can show your reviewers, whether or not you proceed.