Trust & Security

Transparency about what we do, what we don't do, and what requires further authorization.

Important Disclaimers

This platform is NOT affiliated with, endorsed by, or connected to the Department of Defense, any military branch, or the Department of Veterans Affairs.
Do NOT enter classified information, Controlled Unclassified Information (CUI), Protected Health Information (PHI), or Sensitive Personally Identifiable Information (SPII) into this platform.
This is a commercial demo environment. Enterprise deployments for authorized environments are available separately after security review.
Agent outputs are AI-generated and may contain errors. Always verify outputs against current doctrine, regulations, and official sources before use.
This platform does NOT provide legal, medical, financial, or benefits advice. Agent outputs are informational templates only.

Compliance Posture

Capability	Status	Details
PII/SPII Redaction	IMPLEMENTED	SSN, DoD ID, MRN, VA file numbers, credit cards, phone, email, addresses, IP addresses
Zero-Retention PHI Pipeline	DESIGNED	Architecture enforces zero prompt/response persistence for veteran and healthcare agents
Authentication	IMPLEMENTED	Email/password with bcrypt, Google OAuth, GitHub OAuth, role-based admin access
FedRAMP High	ARCHITECTURE-READY	Designed for FedRAMP High. Not yet authorized. Enterprise deployments available after security review.
HIPAA	ARCHITECTURE-READY	Zero-retention design. No BAA in place for the commercial demo. Enterprise BAAs available.
DoD IL2-IL6	ARCHITECTURE-READY	Supports deployment patterns for IL2-IL6 environments. Requires ATO for classified use.
CAC/SSO/SAML	PLANNED	Planned for enterprise tier. Not currently implemented.
Iron Bank Containers	PLANNED	Containers designed for Iron Bank submission. Not yet listed in Iron Bank registry.

Data Handling

Prompts & responses: Not stored in full. Only SHA-256 hashes of inputs/outputs are logged for audit purposes.
PII redaction: Active middleware scrubs sensitive data before it reaches inference backends.
Invocation logs: Agent ID, branch, compliance flag, timestamp, input/output hashes, and user ID.
Veteran agents: All Category VII agents enforce ZERO_RETENTION_PHI compliance flag.
Encryption: All data in transit is encrypted via TLS. Database connections use SSL.

Security Contact

To report a security vulnerability or request an enterprise security review, contact us at security@militaryaiagents.com.

Important Disclaimers

This platform is NOT affiliated with, endorsed by, or connected to the Department of Defense, any military branch, or the Department of Veterans Affairs.

Do NOT enter classified information, Controlled Unclassified Information (CUI), Protected Health Information (PHI), or Sensitive Personally Identifiable Information (SPII) into this platform.

This is a commercial demo environment. Enterprise deployments for authorized environments are available separately after security review.

Agent outputs are AI-generated and may contain errors. Always verify outputs against current doctrine, regulations, and official sources before use.

This platform does NOT provide legal, medical, financial, or benefits advice. Agent outputs are informational templates only.

Compliance Posture

Capability	Status	Details
PII/SPII Redaction	IMPLEMENTED	SSN, DoD ID, MRN, VA file numbers, credit cards, phone, email, addresses, IP addresses
Zero-Retention PHI Pipeline	DESIGNED	Architecture enforces zero prompt/response persistence for veteran and healthcare agents
Authentication	IMPLEMENTED	Email/password with bcrypt, Google OAuth, GitHub OAuth, role-based admin access
FedRAMP High	ARCHITECTURE-READY	Designed for FedRAMP High. Not yet authorized. Enterprise deployments available after security review.
HIPAA	ARCHITECTURE-READY	Zero-retention design. No BAA in place for the commercial demo. Enterprise BAAs available.
DoD IL2-IL6	ARCHITECTURE-READY	Supports deployment patterns for IL2-IL6 environments. Requires ATO for classified use.
CAC/SSO/SAML	PLANNED	Planned for enterprise tier. Not currently implemented.
Iron Bank Containers	PLANNED	Containers designed for Iron Bank submission. Not yet listed in Iron Bank registry.

Data Handling

Prompts & responses: Not stored in full. Only SHA-256 hashes of inputs/outputs are logged for audit purposes.

PII redaction: Active middleware scrubs sensitive data before it reaches inference backends.

Invocation logs: Agent ID, branch, compliance flag, timestamp, input/output hashes, and user ID.

Veteran agents: All Category VII agents enforce ZERO_RETENTION_PHI compliance flag.

Encryption: All data in transit is encrypted via TLS. Database connections use SSL.