Trust you can verify, and revoke.
Every security SaaS asks you to trust it with your data. Alyria is built so you can check instead: fleet data and audit records are encrypted under a key in your KMS, keys you hold and can revoke, and enforcement happens on the endpoint. In every pilot you revoke that key and watch our access die in your own CloudTrail. The claim is verifiable, not promised.
- Under your keys
- revoke your KMS key and verify in your own CloudTrail
- One audit chain
- signed, tamper-evident, end to end
- Open-core roadmap
- client crypto published and externally audited as it ships
Fleet data under keys you hold and can revoke.
Trust, verifiable. Fleet data, the audit chain, and brokered secrets are encrypted under a key that lives in your KMS, not ours. You hold it, you can revoke it, and you can watch both in your own CloudTrail. That is a claim you can drill, not one you take on faith.
Umbra — secrets under your keys; the roadmap is keys we never hold. See the module →
BYOK by default
Encryption keys live in your KMS from day one. Alyria operates only with access you grant, every use of the key is logged on your side, and static blobs stored with us are opaque to us at rest.
The kill-switch drill
Every pilot includes the drill: you revoke your KMS key and watch our access die in your own CloudTrail. It is the standing arrangement, not a demo trick, and you can run it any time.
Roadmap: keys we never hold
Umbra moves custody further: client-held keys with a published, externally audited protocol, so the broker only ever moves ciphertext. We make that claim when you can check it, not before.
Trust that’s verifiable, not asserted.
A custody claim is only as good as your ability to check it, which is why every pilot includes the kill-switch drill. The rest is built to the same standard: the audit chain is signed, the endpoint agent is reproducible, and the client crypto carves out to open source as it ships.
Open, auditable client crypto
Umbra's client crypto and protocol carve out to open source (Apache/MPL) so anyone can verify the client-side crypto end to end when it ships, a claim you can read, not take on faith.
Open-core & licensing→One signed audit chain
Every policy decision, detection, and secret lease writes to a single append-only, cryptographically signed log: one source of truth spanning APG and ADR, legible to auditors and adversaries alike.
Tamper-evidence
The audit chain is hash-linked and signed, so any gap, reorder, or edit is detectable after the fact. Stream it to Observatory or straight into your own Elastic/Kibana SIEM.
Signed & reproducible builds
The Beacon daemon is a signed artifact with reproducible builds, so you can confirm the binary on your fleet is the code that was reviewed — supply-chain integrity from source to endpoint.
OWASP ASI for what attackers do. NIST & ISO for how you govern it.
One signed audit chain covers both — the adversarial story and the compliance story from a single source of truth, so the two can never drift.
- ASI02Tool misusebrokered, policy-checked MCP calls
- ASI03Identity & privilegecapabilities scoped to the IdP identity
- ASI04Supply chainMCP posture and tool pinning
- ASI05Unexpected code executionuser-space runtime observation
- ASI07Inter-agent commsactivity recorded under your keys
- NIST AI RMFMap / Measure / Manage / Govern — the risk-management spine US enterprises align to.
- ISO/IEC 42001The AI management-system standard your auditors and procurement teams ask for by number.
- EU AI ActRisk-tiered obligations for AI systems — the regulatory anchor for governance buyers.
One chain, both audiences. The same signed log that proves an ASI05 code-execution block to a red team is the evidence that satisfies a 42001 audit — no second system, no reconciliation.
A paid tier — independent of your license.
The architecture is under-your-keys for everyone. Guarantees are a distinct commercial tier: the signed attestations, SLAs, and response commitments a regulated buyer needs — available whether you run the open-core build or the hosted cloud.
Talk to us about guarantees- Signed & reproducible builds
Verifiable artifacts across the fleet.
- SLA
Contractual uptime and support-response commitments.
- Warranty & indemnity
We stand behind the product commercially.
- SOC 2 + pen-test attestations
Independent attestations, shared under NDA.
- CVE response windows
Committed timelines to triage and patch.
The open-core playbook.
Open where it must be auditable, source-available where it protects the business, closed where it’s the commercial core. Open code later, deliberately — never the reverse.
Umbra client-side crypto & SDK
The parts that must be auditable for the under-your-keys claim to be credible carve out to open source: client crypto, the A2A protocol, and the SDK, published as they ship.
- Verifiable by anyone
- The community on-ramp
- Published under owpz
The platform bulk
Constellation server, Beacon core, Lyra, and Spectra ship source-available — free to run, read, and modify, converting to open source on a time delay.
- The anti-strip-mining weapon
- Free except a competing hosted service
- Auto-converts to OSS over time
Observatory & the broker
The hosted Alyria Cloud console, the Umbra broker service, and enterprise features stay proprietary: the commercial core.
- Observatory / Alyria Cloud
- Umbra broker service
- SSO/SCIM, RBAC, fleet mgmt
Security guarantees — signed builds, SLA, warranty/indemnity, SOC 2 + pen-test attestations, CVE response windows — are a paid tier that sits independent of any license above.
Found something? Tell us.
We welcome coordinated disclosure and will work with you in good faith. Report vulnerabilities to our security team and see our published policy and contact key.
Please do not disclose publicly until we’ve confirmed a fix. We aim to acknowledge reports promptly and keep you updated through remediation.
See the model, then audit the claim.
Walk through the BYOK kill-switch drill and the audit chain with our team, or read how key custody, audit, and enforcement fit together.