UNOFFICIAL PLATFORM: Not affiliated with or endorsed by the Department of Defense or VA. OPSEC: Never upload Classified, CUI, or Sensitive PII/PHI.

Trust & Security

Transparency about what we do, what we don't do, and what requires further authorization.

Important Disclaimers

  • This platform is NOT affiliated with, endorsed by, or connected to the Department of Defense, any military branch, or the Department of Veterans Affairs.
  • Do NOT enter classified information, Controlled Unclassified Information (CUI), Protected Health Information (PHI), or Sensitive Personally Identifiable Information (SPII) into this platform.
  • This is a commercial demo environment. Enterprise deployments for authorized environments are available separately after security review.
  • Agent outputs are AI-generated and may contain errors. Always verify outputs against current doctrine, regulations, and official sources before use.
  • This platform does NOT provide legal, medical, financial, or benefits advice. Agent outputs are informational templates only.

Compliance Posture

CapabilityStatusDetails
PII/SPII RedactionIMPLEMENTEDSSN, DoD ID, MRN, VA file numbers, credit cards, phone, email, addresses, IP addresses
Zero-Retention PHI PipelineDESIGNEDArchitecture enforces zero prompt/response persistence for veteran and healthcare agents
AuthenticationIMPLEMENTEDEmail/password with bcrypt, Google OAuth, GitHub OAuth, role-based admin access
FedRAMP HighARCHITECTURE-READYDesigned for FedRAMP High. Not yet authorized. Enterprise deployments available after security review.
HIPAAARCHITECTURE-READYZero-retention design. No BAA in place for the commercial demo. Enterprise BAAs available.
DoD IL2-IL6ARCHITECTURE-READYSupports deployment patterns for IL2-IL6 environments. Requires ATO for classified use.
CAC/SSO/SAMLPLANNEDPlanned for enterprise tier. Not currently implemented.
Iron Bank ContainersPLANNEDContainers designed for Iron Bank submission. Not yet listed in Iron Bank registry.

Data Handling

  • Prompts & responses: Not stored in full. Only SHA-256 hashes of inputs/outputs are logged for audit purposes.
  • PII redaction: Active middleware scrubs sensitive data before it reaches inference backends.
  • Invocation logs: Agent ID, branch, compliance flag, timestamp, input/output hashes, and user ID.
  • Veteran agents: All Category VII agents enforce ZERO_RETENTION_PHI compliance flag.
  • Encryption: All data in transit is encrypted via TLS. Database connections use SSL.

Security Contact

To report a security vulnerability or request an enterprise security review, contact us at security@militaryaiagents.com.