Security
MLNavigator is designed for environments where the default assumption is that networks are hostile and audits are real. Offline operation reduces exposure, but it does not remove risk.
Threat Model
We treat supply chain integrity, insider risk, and local perimeter hardening as primary attack surfaces. Offline constraints shift the problem from network defense to artifact integrity and device posture.
Artifact Integrity
Receipts, manifests, and logs are designed to be tamper-evident through cryptographic linkage and signing, enabling later verification.
No Third-Party Tracking
The website avoids third-party analytics. The runtime is designed without telemetry that reports to external services.
Updates and Change Control
Updates are intended to be explicit, verified, and reviewable. Offline environments need controlled distribution rather than background downloads.
Adapter Integrity Verification
Integrity checks use deterministic hashing of model artifacts to detect tampering before runtime execution.
For a more concrete view, the proof bundle page summarizes architecture and a deployment-oriented threat model.