A fourth path for regulated AI: productized private AI, operated under audited break-glass.
Public AI APIs send your prompts somewhere you don't control. A DIY platform is a year of security-critical plumbing you then have to defend. A consulting build leaves you a bespoke system no one else can support. Iftah is the fourth path: a single-tenant install inside your own cluster, account, and region — operated for you remotely under a time-boxed, audited break-glass key, never with standing access to your content. One governance core ships to every client; only your signed policy differs. We give you the controls and evidence regulators ask for — we do not certify your compliance; that stays the data controller's obligation.
Why the shape wins
- Single-tenant in your cloud and region — residency by topology, no external callback can carry content out
- Default-deny, fail-closed on every call — nothing runs without a signed, approved policy rule
- Operated, not hosted — a logged, time-boxed break-glass key, never standing access to your content
- Six products, one governed platform — built on Dynamo + LiteLLM Enterprise plus a purpose-built assurance core
Faster than DIY. More repeatable than consulting. More controllable than a public API.
Each alternative forces a trade you can't afford in a regulated environment. Iftah keeps the productized spine — but the value is integration of mostly-production components plus a built governance layer, not a from-scratch rebuild.
A public AI API
Answers by default and sends your prompts off-region to be served and moderated elsewhere — the exfiltration you're trying to prevent.
In-region, single-tenant, default-deny. Guardrails run in your cluster and the audit trail is yours — a hosted API cannot offer this by definition.
A DIY platform build
A year of security-critical plumbing — identity, policy, guardrails, audit — that you then own and have to defend.
Reuse the proven serving and request path (Dynamo, LiteLLM Enterprise) and wrap your existing stack; Iftah builds only the missing assurance core — no new attack surface for you to own.
A consulting / SI build
Leaves you a bespoke system tied to the people who built it, different at every site.
One productized platform with the same default-deny baseline everywhere; only your signed overlay differs, and every change flows as signed GitOps — reproducible and attributable.
One continuous, fail-closed control path — identity to audit.
The differentiator isn't a feature list; it's a single path where every stage refuses to weaken the next. This is the layer DIY teams get wrong and a public API can't offer.
Identity
Signed claims onlyYour Entra ID or Okta is the source of truth; apps and agents get the same treatment. No raw keys, and context comes only from signed tokens — never a header a caller can set.
Policy
Default-denyOPA allows only on an explicit, approved rule. Unknown or newly discovered models deny by default; if policy or audit is down, the request denies.
Guardrails
In-clusterPresidio and NeMo run as pods in your region — never a SaaS moderation API — tuned for Arabic and Gulf identifiers. PHI buffers before a token can escape.
Routing
Digest-pinnedApproval is pinned to the model's content hash, not its name. The hook pins one approved digest, disables fallback, and records what was actually served.
Audit
WORM, fail-closedEvery request writes to immutable, hash-chained, in-region storage you control — and if audit can't be guaranteed, new requests deny.
Fail-closed at every stage — deny on timeout, unknown, or unavailable audit. No degraded “allow” mode.
Operated, not hosted — your house, your boundary, our audited key.
The boundary is yours: your cloud account, cluster, region, registry, and IdP. Iftah operates the install inside it — never as a managed service that holds your data.
Single-tenant, in your region
A dedicated install in your own cluster and account — no shared SaaS. With models self-hosted via Dynamo and no external callbacks, no code path can carry content across a boundary.
Break-glass, no standing access
Iftah operates the install remotely but holds no standing access to prompts, responses, or pods. Any content access is client-approved, time-boxed, and logged in your own trail — a hard go-live gate.
Fleet plane: metrics only
Signed artifacts go in — Helm charts and OPA bundles; only health, latency, and version come out. They land in your own registry, so there's no outbound dependency — air-gap friendly.
Single-cluster default, multi-cloud optional
Local-OPA single-cluster keeps authorization fast and fail-closed. Multi-cloud and hybrid is a supported, content-free-metadata option — shipped only behind a residency assessment, never silently.
What Iftah AI is — and what it is not.
Precision matters more than marketing for regulated buyers. The honest boundary, matched to the architecture.
Not a public AI API
In-region single-tenant residency, default-deny governance, and an immutable WORM audit you control — not merely that it runs inside your infrastructure.
Operated — not deploy-and-handoff
Not a managed cloud that hosts your data, and not a hand-off where you run it alone. Operated for you under audited, break-glass-only access.
Not a model lab — but we attest
We don't train your models. We do produce a signed provenance attestation binding what was approved to what's running, plus measured guardrail gates before PHI go-live. Evidence, not a compliance certificate.
Not a from-scratch year of work
Most of the platform is integration of production components — Dynamo, LiteLLM Enterprise, your existing repos; the new part is the built governance core: OPA, the enforcement hook, WORM audit, provenance, guardrails.
Next step