Architecture

Ontic sits between your app and your model. Every claim is checked against your data. Evidence found: authorized. Evidence missing: blocked. Everything logged and signed.

Need vocabulary first? See Gate and Fails closed.

How the gate runs

Read left to right: request enters, authority is checked against registered evidence, and only authorized output leaves the system.

The same flow applies in every environment; deployment tier changes where enforcement and attestation occur.

This boundary prevents category drift: Ontic is an enforcement layer, not a model or post-hoc monitor.

Ontic is

• A gate that checks claims against real data
• Deterministic — same input, same decision, every time
• An audit trail you can hand to anyone

Ontic is not

• A model (we don't generate anything)
• A content filter (we don't judge tone or topic)
• A monitoring tool (we prevent, not just detect)
• A replacement for your data (we check against it)

Product Architecture Matrix

How governance scales from shared SaaS to air-gapped hardware.

Ontic IP (The Governance Engine)

Why do we need you?

Because only we provide the Forensic Chain of Custody, Data Sovereignty, and Mission Logic enforcement for high-stakes environments.

Compare all tiers on desktop.

Public SaaS (Shared)

Start with The Studio

Target Industry

Prosumer / Creative

Individual Ad-Hoc Use

Ontic Needed?

Risk Profile

Unprotected

Zero Liability Coverage

Data Sovereignty

Ownership

Provider Owned

Input trains their model.

Runtime Isolation

Tenancy

Shared

Multi-tenant, no isolation.

Context Authority

Oracle

Influence

Hope the model listens.

Prompt Engineering

Mission Logic

User Only

System Prompt hidden.

Ontology

Epistemology

Not Available

Safety Policy

The Law

Provider Default

Generic: "No hate."

Guardrails

Policy Enforcement

None

State Extractor

Dispatcher

None

One size fits all.

Tool Sandbox

Action Control

Chat Only

Text generation.

Chain of Custody

Forensics

Black Box

No visibility.

Observability

Ops

None

Human-in-the-Loop

Oversight

None / User Discretion

Caveat Emptor.

Lifecycle Ops

Updates

Continuous (SaaS)

Provider pushes updates.

Deployment / Product	Public SaaS (Shared) The Studio	Public PaaS (API) The Refinery	Private Cloud (Dedicated) The Clean Room Dedicated	Secure Edge (Air-Gapped) The Clean Room Air-Gapped
Feature	Public SaaS (Shared)	Public PaaS (API)	Private Cloud (Dedicated)	Secure Edge (Air-Gapped)
Target Industry	Prosumer / CreativeIndividual Ad-Hoc Use	General EnterpriseMarketing, HR, Support	Regulated IndustryFinance, Legal, Healthcare	Defense / Intel / Critical InfraMilitary, Energy, NatSec
Ontic Needed?Risk Profile	UnprotectedZero Liability Coverage	OptionalReputational Risk	CriticalRegulatory / IP Risk	MandatoryLife & Safety / Kinetic Risk
Data SovereigntyOwnership	Provider OwnedInput trains their model.	Provider RetentionLogged for 30 days.	Tenant IsolationYour data, their cloud.	Sovereign / On-PremPhysical Custody of Weights/Data.
Runtime IsolationTenancy	SharedMulti-tenant, no isolation.	Logical IsolationTenant partitioning.	Hard IsolationDedicated instances, no co-tenancy.	Physical IsolationOwned hardware, air-gapped.
Context AuthorityOracle	InfluenceHope the model listens.	Strong ContextInjected via System Prompt.	Total ControlLogits/Decoding constrained.	Total ControlPhysical Data Authority.
Prompt EngineeringMission Logic	User OnlySystem Prompt hidden.	User + ConfigurableProvider sees your IP.	Immutable & VersionedProprietary IP.	Immutable & VersionedSigned Firmware.
OntologyEpistemology	Not Available	ValidatorChecks output structure.	Arbiter of TruthEnforces logic & consistency.	Arbiter of TruthHard-coded Knowledge Graph.
Safety PolicyThe Law	Provider DefaultGeneric: "No hate."	Provider + CustomApp-specific rules.	Custom & AuditedBusiness Logic Enforcement.	Mission CriticalZero-Tolerance Enforcement.
GuardrailsPolicy Enforcement	None	Safety NetBlocks known bad inputs.	Deterministic PolicyEnforces business rules.	Deterministic PolicyHardware-enforced constraints.
State ExtractorDispatcher	NoneOne size fits all.	Basic ClassificationKeyword routing.	Semantic DispatchIntent-based routing.	Hard-WiredRole-based routing.
Tool SandboxAction Control	Chat OnlyText generation.	Function CallingProvider-managed execution.	Sandboxed ExecutionCode runs in isolation.	Read-Only / LocalNo write access / No outbound.
Chain of CustodyForensics	Black BoxNo visibility.	Gap at ModelInput/Output visible only.	End-to-EndFull Traceability.	End-to-End + ForensicCryptographic Proof.
ObservabilityOps	None	Usage LogsToken counts/Cost.	Deep TelemetryLatency, Drift, Quality.	Mission HealthReal-time Anomaly Detection.
Human-in-the-LoopOversight	None / User DiscretionCaveat Emptor.	Async ReviewPost-hoc audit.	Active LearningFeedback tunes model.	The "Kill Switch"Human authorization required.
Lifecycle OpsUpdates	Continuous (SaaS)Provider pushes updates.	Version PinnedYou control update timing.	Blue/Green DeploymentTested rollouts.	Secure One-Way TransferPhysical media / Diode.

The Governance Engine is Ontic’s IP. The table below shows the AI tooling and infrastructure we integrate with at each deployment tier.

See the ecosystem ↓

Systems Integration (The Ecosystem)

Is this safe to install?

Yes, because we govern the stack you already run — without rip-and-replace.

Compare all tiers on desktop.

Public SaaS (Shared)

Start with The Studio

Base Model

Knowledge

Frontier Chatbots

Latest GPT/Claude

Retrieval Stack

Vector DB

Proprietary / Hidden

Provider Browsing

Identity (IAM)

Authentication

Social Login / Email

Google, Microsoft

Policy Engine

Integration

Platform Native

Provider Moderation

Adversarial Defense

Red Teaming

Reactive Reporting

"Report Abuse" button

Infrastructure

Compute

Public Cloud

Shared GPU Fleet

Cost Model

Procurement

Free / Subscription

Per User / Month

Compliance

Standards

ToS

Deployment / Product	Public SaaS (Shared) The Studio	Public PaaS (API) The Refinery	Private Cloud (Dedicated) The Clean Room Dedicated	Secure Edge (Air-Gapped) The Clean Room Air-Gapped
Feature	Public SaaS (Shared)	Public PaaS (API)	Private Cloud (Dedicated)	Secure Edge (Air-Gapped)
Base ModelKnowledge	Frontier ChatbotsLatest GPT/Claude	Frontier Model APIsCommercial SOTA	Open-Weight Fine-TunesLlama, Mistral class	Distilled / Edge-OptimizedSLMs / Quantized Models
Retrieval StackVector DB	Proprietary / HiddenProvider Browsing	Vector DBaaSPinecone, Weaviate Cloud	Enterprise SearchElasticsearch, Milvus	Embedded / LocalLanceDB, Qdrant, FAISS
Identity (IAM)Authentication	Social Login / EmailGoogle, Microsoft	API Key ManagementAWS Secrets, Azure Key Vault	Enterprise SSOOkta, Ping Identity	Physical TokenCAC, YubiKey, Biometrics
Policy EngineIntegration	Platform NativeProvider Moderation	Orchestration LayersLangSmith, Helicone	Programmable GuardrailsNvidia NeMo	Policy-as-CodeOpen Policy Agent — OPA
Adversarial DefenseRed Teaming	Reactive Reporting"Report Abuse" button	Basic FiltersRegex / Keyword lists	Active SimulationGiskard, PyRIT	Hardened EvaluationNIST AI RMF Standards
InfrastructureCompute	Public CloudShared GPU Fleet	Virtual Private CloudAWS Bedrock, Azure OpenAI	Isolated InstancesAWS Nitro, Azure Confidential	Owned HardwareNvidia IGX, Dell XR Servers
Cost ModelProcurement	Free / SubscriptionPer User / Month	ConsumptionPer Token / Metered	License + ComputeCommitted Spend	CAPEX / Enterprise LicenseHardware + Seat License
ComplianceStandards	ToSTerms of Service	SOC2 Type 1Process audit	HIPAA / SOC2 Type 2Operating effectiveness	ATO / FedRAMP HighAuthority to Operate.

What your auditor gets

Every evaluation produces a signed record: what was asked, what was checked, what was authorized or blocked, and why. The record format is the same across all tiers — what changes is the enforcement locus and the attestation chain.

Start where you are

Teams usually progress in stages rather than jumping directly to the highest-assurance environment.

The Studio (Day 1)

Add labeling and logging to your existing AI pipeline. No model changes. No data source setup.

Effort: Hours

ontic init --template minimal

The Refinery (Week 2+)

Connect a data source. Define required fields. Turn on the evidence check. Try the Oracle Builder to find your authoritative sources.

Effort: Days to weeks

ontic init --template medical # or financial, legal

The Clean Room (When you need it)

Signed everything. Verified execution. For when a court or regulator might ask to see every step.

Effort: Weeks to months

ontic init --template life-safety

Operators and consumers

Each environment changes both the primary operator and the trust expectations of the person receiving the output.

The Studio

Assists judgment

The Designer — Using tools to explore, draft, and solve problems dynamically.

The Collaborator — Expected to read labels, verify sources, and exercise judgment.

Learn more →

The Refinery

Enforces authority

The Engineer — Managing a continuous process where raw inputs must be purified into reliable outputs.

The Customer — Should never see uncertainty or internal debate.

Learn more →

The Clean Room

Enforces defensibility

The Auditor — Operating under inspection, where mathematical proof matters more than intent.

The Regulator — Doesn’t consume the output at all—they examine the chain of custody.

Learn more →

Ready to start?

Know your risk level? Jump into the SDK. Still evaluating? The wizard takes two minutes and generates a report your auditor can read.

Check Your Risk Meet Goober Regulatory Coverage Talk to an Architect