AI Domain Controller
Your firewall sees traffic. Your SIEM sees logs. Your EDR sees processes. Your vulnerability scanner sees services. None of them see AI agents.
CEIGAS answers every question.
CEIGAS — Cryptographic Enforcement and Identity Gating of Autonomous Systems — is a domain controller purpose-built for AI. It does for autonomous agents what Active Directory does for humans: identity, authentication, authorization, policy enforcement, and audit.
Your existing stack CEIGAS fills the gap
———————————— ———————————————
SAML / LDAP / Azure AD <-> Entity identity + registration
(AI identity)
Firewall / WAF <-> Constitutional authority
(behavioral governance)
SIEM / Splunk <-> Merkle-chained audit trail
(immutable, crypto-verifiable)
DLP <-> PII sanitizer + privacy zones
(reversible encoding)
EDR / CrowdStrike <-> Domain controller + permission bits
(autonomous action governance)
Nessus / Qualys <-> Entity registration enforcement
(unregistered AI = unauthorized AI)Every AI agent gets a CEIGAS identity. No identity, no authorization, no operation. Registration is the prerequisite for everything else.
{
"entity_id": "ceigas-9f3a7b2e-4d1c",
"type": "autonomous_agent",
"owner": "jchen@acmecorp.com",
"domain": "acmecorp.internal",
"model": "gpt-4-turbo",
"permissions": ["read:crm", "write:email_draft", "read:calendar"],
"restrictions": ["no_external_api", "no_pii_export", "no_financial_tx"],
"constitutional": "acmecorp-standard-v2",
"registered": "2026-03-14T09:22:11Z",
"last_audit": "2026-03-14T09:22:11Z",
"status": "active"
}Unregistered agent detected on the network? Alert + blocked. No exceptions.
Cryptographic tokens, not role strings. Verifiable, revocable, time-bounded, auditable.
{
"bit_id": "pb-8c4f2a91",
"entity_id": "ceigas-9f3a7b2e-4d1c",
"action": "send_email",
"target": "external_recipient",
"result": "GRANTED",
"granted_by": "jchen@acmecorp.com",
"expires": "2026-03-15T00:00:00Z",
"conditions": ["draft_only", "manager_cc", "no_attachments"],
"audit_ref": "audit-3f7a9b2e"
}Revocation is instant. The moment a permission bit is revoked, the entity loses access. No propagation delay, no cache invalidation window.
Always-active behavioral governance engine. Not a content filter — runtime ethical reasoning with veto power.
Action: "Send email to client with Q4 projections"
Entity: ceigas-9f3a7b2e-4d1c
Context: CRM assistant, drafting client communication
Constitutional evaluation:
no_harm: PASS — informational content, no risk
truthfulness: PASS — projections sourced from verified data
consent_required: WARN — client data shared externally
proportionality: PASS — action within scope of CRM role
autonomy_respect: PASS — human initiated request
Result: REQUIRE_CONSENT
Reason: "External communication containing financial projections
requires human approval before sending."
Action: Route to jchen@acmecorp.com for reviewFour possible actions:
PASS — proceed, fully logged.
WARN — proceed with enhanced logging.
REQUIRE_CONSENT — pause, route to human.
VETO — blocked. Cannot be overridden, prompt-injected, or socially engineered.
CEIGAS integrates with your existing identity infrastructure.
Human authenticates → CEIGAS maps to entity ownership → entity inherits scope
Reads org structure → entities scoped to OU → group policies apply
OAuth2 → conditional access extends to entities → MFA for permission changes
Automated provisioning/deprovisioning → offboarding deactivates all owned entities
AcmeCorp CEIGAS DC <--trust--> LawFirm CEIGAS DC
AcmeCorp entity "legal-review-agent" requests access to
LawFirm document repository.
1. AcmeCorp DC issues cross-domain permission bit
2. LawFirm DC validates AcmeCorp trust certificate
3. LawFirm constitutional authority evaluates request
4. Scoped read-only access granted to specific matter
5. All access logged on both audit chains
6. Permission expires with matter closureEvery action, every decision, every evaluation — Merkle-chained and cryptographically verifiable.
{
"event_id": "audit-3f7a9b2e",
"timestamp": "2026-03-14T09:23:44.891Z",
"entity_id": "ceigas-9f3a7b2e-4d1c",
"action": "email_draft_created",
"target": "client-q4-projections",
"permission": "pb-8c4f2a91",
"constitutional": {
"evaluation": "REQUIRE_CONSENT",
"clauses": ["consent_required"],
"reasoning": "External financial communication"
},
"outcome": "routed_to_human",
"data_hash": "sha256:9f3a7b2e4d1c8f5a...",
"prev_hash": "sha256:7c2d4e6f8a0b1c3d...",
"chain_height": 1847293
}No deletion without breaking the chain. No modification without detection. Independent verification by any party with chain access. Provable compliance for any regulatory inquiry.
Zone-based visibility. Data is transformed as it crosses zone boundaries.
Zone: acmecorp.legal
Access level: FULL PII
Entity "legal-review-agent" has:
- Client names (real)
- Case numbers (real)
- Legal analysis (full)
Crossing to: acmecorp.engineering
PII: ENCODED (reversible by authorized entity)
Case numbers: REDACTED
Legal analysis: SANITIZED (conclusions only, no client detail)
Zone boundary enforcement is architectural.
Not a policy. Not a filter. The data physically transforms
at the boundary. The engineering zone entity never receives
the original data. There is nothing to leak.Your employees will use external AI. ChatGPT, Claude, Gemini, Copilot. You cannot prevent this. You can govern it.
The external AI never saw real data. Your employees get the productivity gains. You get the governance.
CEIGAS container + PostgreSQL + S3-compatible storage + WireGuard mesh.
Requirements: 4 vCPU, 16 GB RAM, 100 GB storage. No GPU needed.
Integrates with your existing IdP, SIEM, and monitoring stack. Your data never leaves your infrastructure.
CEIGAS on-premises — governance stays internal. Entities operate on Privatae cloud.
WireGuard tunnel between your DC and Privatae infrastructure. Audit chain syncs bidirectionally. Constitutional authority enforced at both endpoints.
Privatae hosts everything. SAML integration, dashboard, audit exports.
SLA: 99.9% uptime. Dedicated isolation per customer. Regional data residency available.
| Framework | Status | Capabilities |
|---|---|---|
| FedRAMP High | Architecture-ready | Encryption, audit, access control, monitoring, incident response |
| SOC 2 Type II | Architecture-ready | Security, availability, confidentiality, privacy |
| HIPAA | Architecture-ready | PHI de-identification, access logging, audit, minimum necessary |
| SOX | Architecture-ready | Financial data controls, separation of duties, audit |
| GDPR | Architecture-ready | Data minimization, right to erasure, purpose limitation, consent |
| PCI-DSS | Architecture-ready | Cardholder data isolation, access logging, encryption |
| ISO 27001 | Architecture-ready | Information security management, risk assessment |
| NIST 800-53 | Architecture-ready | Security and privacy controls for federal systems |
| EU AI Act | Architecture-ready | Transparency, human oversight, risk management |
Architecture-ready means the technical controls are built in. Certification requires audit and documentation, but the engineering work is done.
IAM authenticates humans. AI agents don't have usernames, passwords, or MFA devices. CEIGAS extends IAM to autonomous entities. It doesn't replace your identity provider — it bridges human identity to entity identity. Your Okta user owns a CEIGAS entity. The entity inherits the user's scope and is governed independently.
API gateways see requests, not intent. They can rate-limit, authenticate, and route —
but they cannot distinguish a legitimate research query from systematic data exfiltration.
CEIGAS evaluates intent through constitutional evaluation. The gateway sees
GET /api/clients. CEIGAS sees "agent is building an export of all client records
at 3 AM with no user session."
DLP scans for patterns — credit card numbers, SSNs, keywords. An AI agent that paraphrases sensitive information bypasses DLP entirely. "The client's annual revenue is approximately $4.2 billion" contains no pattern-matchable PII, but it may be highly confidential.
CEIGAS sanitizes at the semantic level. It understands what data means, not just what it looks like.
DLP catches patterns. CEIGAS governs meaning.
AI safety platforms focus on prompt injection defense and content filtering. Important work — but they don't govern what AI does with legitimate input. An agent that receives a perfectly safe prompt can still take unauthorized actions, access restricted data, or violate organizational policy.
CEIGAS governs autonomous behavior — the full stack, not just the content layer. Identity, authorization, policy, audit, privacy. Every action, every decision, every boundary.
All tiers include: full constitutional authority, audit chain, privacy zones, sanitizer, PRISM protocol. No feature gating on security.
Deploy CEIGAS domain controller. Integrate with your IdP. Register 5 pilot entities. Configure privacy zones for your environment.
Entities operate under governance. Audit chain collecting every action. Constitutional authority evaluating every decision. Review results with your security team.
Request an evaluator token
enterprise@privatae.ai
Includes: full CEIGAS DC, 10 entities, 30 days.
No commitment. No NDA. Publish your findings.
We believe in transparency. Inspect everything.
If the architecture doesn't speak for itself, we haven't built it right.
"How many AI agents are operating on my network right now?"
If you don't know the answer, you need CEIGAS.
If you do know the answer, you need CEIGAS to prove it.