We document exactly where your data goes, which third parties touch it, what controls you hold, and where every compliance commitment stands — including the ones we haven't finished yet. No marketing varnish.
Only one flow sends alert text to a large language model — and your redaction policy runs first. The rest either stays inside our boundary or performs anonymous, lookup-only queries.
PII-redacted alert text goes to Anthropic Claude for agent reasoning. Contractually never used for training; Zero Data Retention enablement in flight. Sovereign tier routes this through your Anthropic account.
VirusTotal and AbuseIPDB see individual indicators with zero surrounding context — lookup-only, never submission. A per-tenant kill switch disables external intel entirely.
MITRE mapping, your knowledge base, asset registry, block lists, the audit log and final reports live inside the SyberOps boundary. Full stop.
Most agentic SOC vendors offer one deployment model. We offer four — from convenient to fully sovereign.
Our Anthropic workspace with ZDR, our keys, our billing. External intel enabled. The default for most commercial customers.
Available todayStandard plus context-preserving PII redaction: users, emails and internal hosts tokenized before any model sees them. For healthcare, financial services and EU customers.
Available todayBring your own Anthropic key. Every model call routes through your account, your ZDR setting, your billing. For government and large-enterprise CISO requirements.
Phase 2 · Q4 2026No external APIs at all. SyberOps in your VPC with a local LLM. Full sovereignty for classified workloads and defense primes.
Phase 3 · Q1 2027We don't claim certifications we don't hold. Here's the real status of each commitment — the full detail, including subprocessors and customer-side controls, lives in the Trust Center.
Data flows, subprocessors, security controls and customer-side knobs — documented in full at the Trust Center.