Skip to content
Request a demo
PlatformModulesIndustriesSecurityPricingInsights Request a demo

Security & AI governance

Enterprise security.
Governed AI.

Every AI request flows through a 7-stage governance pipeline. Every user action is logged. Every data access is traceable. Cortrova was built so that intelligence on your floor stays bounded, auditable, and under your control - with zero bypass paths.

Request a security demo Explore the platform
ITAR-awareCMMC 2.0 Level 2TLS 1.2+AES-256SSO + MFA100% audit
7
Stage AI governance pipeline
0
Bypass paths
100%
Audit coverage
12
Built-in RBAC roles

The AI governance pipeline

Seven gates. Zero bypass paths.

Every request an AI agent makes passes through the same non-bypassable pipeline, in order. No model is called until each gate has cleared, and the final stage logs the request with full context - so 100% of AI activity is accounted for.

01

Team Guard

Confirms the requester belongs to a team that is permitted to invoke the agent at all.

02

Kill Switch

Checks global, division, and team-level shutoffs from a hot cache so a stop takes effect in milliseconds.

03

Rate Limit

Enforces per-user and per-team request ceilings - 60 requests per minute by default, configurable per tenant.

04

Budget Check

Verifies the daily token budget. A soft warning fires at 80%; a hard stop blocks the call at 100%.

05

Scope Validate

Confirms the request stays inside the agent’s declared data boundaries before any model sees the data.

06

LLM Call

Invokes the underlying Claude or GPT model only after every gate above has passed.

07

Audit Log

Records the request with actor, timestamp, and full context. Logging is non-blocking, so it can never be skipped to save time.

Six AI controls

The levers that keep agents in bounds.

Kill switches

Three levels of instant shutdown - global, division, and team - backed by a hot cache so a stop propagates in milliseconds across every agent.

Scope registry

Declarative, reviewable data boundaries between agents. Each agent can only ever reach the records its scope explicitly permits.

Rate limiting

Per-user and per-team request ceilings enforced in Redis, defaulting to 60 RPM and tunable to match your throughput and risk tolerance.

Token budgets

Daily token limits per team with an 80% soft warning and a 100% hard stop - predictable AI spend with no runaway calls.

API key management

Provider keys are stored encrypted with rotation and host allowlists, so credentials are never exposed in code, logs, or config.

Security monitoring

Every request is validated and logged with full context, giving security teams a continuous, traceable record of agent activity.

Identity & access

Who gets in, and what they can do.

Single sign-on

SAML 2.0 and OIDC integration so Cortrova logs in through your existing identity provider - no separate password store to manage.

Multi-factor authentication

TOTP-based MFA with step-up authentication required for admin and executive roles before sensitive actions.

Role-based access control

12 built-in roles with per-department permissions, plus custom roles to mirror exactly how your floor is organized.

Login protection

Brute-force defense limits attempts to 5 per 60 seconds and locks accounts after repeated failures.

Encryption & data protection

Encrypted in transit, at rest, and in backup.

TLS 1.2+ in transit

Modern TLS is enforced site-wide; every connection between your floor, the platform, and its services is encrypted end to end.

AES-256 at rest

Disk encryption with AES-256, with per-tenant key isolation so one customer’s keys can never decrypt another’s data.

Hardened credentials

Passwords are hashed with bcrypt at 12 rounds - slow by design to resist offline cracking.

Daily encrypted snapshots

Encrypted backups run daily with point-in-time recovery, so a bad day never becomes a lost week.

Audit & privacy

A trail your auditors can query.

Cortrova logs every change and every AI decision to one immutable record, then gives your team the privacy workflows regulated buyers expect.

  • Every mutation is logged with actor, timestamp, and before-and-after state - 100% coverage, not a sampled subset.
  • AI requests and user actions share one immutable audit trail your auditors can query directly.
  • Configurable session timeout, idle timeout, and concurrent-session limits keep stale sessions from lingering.
  • GDPR data export, right-to-erasure, and anonymization workflows are built in, alongside CCPA do-not-sell handling.

Deployment

Run it where your data has to live.

The same governance pipeline, RBAC, encryption, and audit guarantees apply no matter how you deploy - so your data-boundary constraints never force a security trade-off.

Cloud

A managed, single-tenant-isolated deployment with the full governance pipeline and daily encrypted backups handled for you.

On-premises

Run Cortrova inside your own network and data boundary while keeping every control, role, and audit guarantee intact.

Air-gapped

Fully disconnected installs for ITAR and classified environments - no outbound calls, no exceptions, same security posture.

Standards & compliance

Built in, not bolted on.

ISO 9001:2015ISO 14001:2015AS9100 Rev DIATF 16949FDA 21 CFR Part 11ITAR (22 CFR 120-130)CMMC 2.0 Level 2OSHAEPAFAR / DFARSDCAA cost accounting

FAQ

Questions, answered.

How does Cortrova govern its AI agents?

Every AI request passes through a non-bypassable 7-stage pipeline: team guard, kill switch, rate limit, budget check, scope validation, the model call, and an audit log. There are zero bypass paths, so no agent can reach data or run a model without clearing every gate, and 100% of requests are logged.

Can we stop the AI instantly if something looks wrong?

Yes. Kill switches operate at three levels - global, division, and team - backed by a hot cache so a shutoff takes effect in milliseconds. You can pause a single team’s agents or halt all AI across the platform at once, without a deploy.

How do users authenticate, and how is access controlled?

Cortrova supports SSO via SAML 2.0 and OIDC, TOTP-based MFA with step-up authentication for admin and executive roles, and role-based access control with 12 built-in roles plus custom roles and per-department permissions. Login attempts are rate-limited and accounts lock after repeated failures.

How is our data encrypted and isolated?

TLS 1.2+ is enforced for all data in transit and AES-256 disk encryption protects data at rest, with per-tenant key isolation so one tenant’s keys can never decrypt another’s data. Passwords are hashed with bcrypt at 12 rounds, and encrypted snapshots run daily with point-in-time recovery.

What does your audit coverage actually capture?

Every mutation is logged with the actor, a timestamp, and the before-and-after state - 100% coverage rather than a sampled subset. AI requests and user actions share one immutable trail, so an auditor can trace any change or any agent decision end to end.

Can Cortrova run in an air-gapped or ITAR environment?

Yes. Cortrova deploys in the cloud, on-premises, or fully air-gapped to match your data-boundary constraints, and is ITAR-aware and CMMC 2.0 Level 2 ready. An air-gapped install makes no outbound calls while keeping the full governance pipeline, RBAC, encryption, and audit guarantees intact.

Review the architecture

Walk the security model with your team.

Book a security demo and review the governance pipeline, controls, and audit trail with your IT leadership or auditors - cloud, on-prem, or air-gapped.

Request a security demo Explore the platform