Back to Home

Security Overview

Launch trust starts with an accurate posture

This page summarizes the current public security story for NeutralAI: what is live, what is suitable for evaluation, and what is still part of the production-hardening path.

Gateway boundary

NeutralAI is positioned as a security boundary between customer applications and external model providers so policy can be applied before data leaves the trusted path.

Operational checks

The live runtime exposes health and readiness endpoints to support smoke tests, deployment checks, and simple launch monitoring.

Data handling posture

The product story emphasizes transient processing and policy-aware handling instead of broad retention claims that would be hard to support operationally.

Production hardening

Immutable compliance storage and stricter enforcement controls remain part of the production readiness path and are called out explicitly in launch messaging.

Technical controls

Mask first, then route the sanitized request

NeutralAI adds a policy gateway before external model providers so sensitive values can be detected, tokenized, and audited before prompt egress.

01
Client app or browser extension
02
NeutralAI policy and masking gateway
03
Sanitized request to external LLM provider

Encryption and token vault

Sensitive values can be replaced with reversible tokens backed by an AES-256-GCM vault, then restored only through governed paths.

Detection pipeline

Detection combines Presidio NER, pattern matching, semantic validation with Qdrant, and configurable confidence thresholds.

Entity coverage

Coverage includes EMAIL, PHONE, PERSON, CREDIT_CARD, IBAN, SSN, TR_ID, UK_NHS, IP_ADDRESS, and tenant-specific rules.

Governed restore path

Reversible masking is separated from normal model traffic so restored values can remain behind explicit authorization and audit controls.

Readiness snapshot

Current public position

  • Public endpoints are live behind TLS on api.neutralai.co.uk.
  • Docker-based deployment and reverse proxy setup are already in place.
  • The current public website describes production controls without implying unsupported certification status.
  • Production go-live discussions should include the immutable storage roadmap and security review scope.

Useful links

Validate or get in touch

Public health endpointPublic readiness endpointPublic security.txtSecurity mailbox
Production discussions should include the immutable storage milestone and any customer-specific evidence requirements.