Security Telemetry Model

Principles

  • Data minimization: default to metadata only (hashes, counts, timings). Payload capture is opt-in and scoped.

  • Selective retention: rolling windows (e.g., 7–30 days) locally; proofs live on-chain, not content.

  • Zero-trust transport: mTLS between agent↔engine; all records signed at source; replay-proof envelopes.

  • Workspace isolation: per-tenant keys; strict boundary enforcement for multi-org deployments.

PII handling

  • No credential contents, messages, or file bodies by default.

  • User identifiers can be tokenized (e.g., reversible inside tenant, irreversible externally).

  • Support for DLP guardrails to block exfil of sensitive classes outright.

2.5 Consensus & Event Ledger (how proofs live)

Lifecycle

  1. Emit: AI Engine signs event_hash.

  2. Batch: micro-batch proofs for efficiency; attach Merkle root.

  3. Anchor: submit to L1; receive tx/slot reference.

  4. Expose: Dashboard & API show verifiable link; auditors can check independently.

  5. Evolve: subsequent actions (quarantine released, creds rotated) can append follow-up proofs forming an immutable incident chain.

Verifier API (read-only)

External SIEM/SOAR

  • Webhooks push incident + proof.

  • Splunk/Sentinel apps can verify inclusion with Merkle proofs client-side.

PreviousThe Validation Layer (PoV Protocol)NextGovernance Layer ($LATT Token)

Last updated