Security at the boundary.
11/11 is an enforcement system, not an observability tool. Security is not a feature bolted on after the fact, it is the entire premise: nothing executes without a verifiable authorization, and every decision leaves cryptographic evidence.
Security posture
Designed for environments that cannot trust by default.
Named cryptography
Ed25519 authorization signatures, SHA3-512 and BLAKE2b-512 audit chaining. The primitives are published, not implied.
Fail-closed by default
The runtime boundary denies when authorization, identity, or policy is absent. There is no implicit allow.
Multi-tenant isolation
Every request binds to a tenant. Policy, artifact, audit chain, and decision hash are tenant-scoped, with no cross-tenant leakage or replay.
Immutable lineage
Decisions are chained and persisted. Tampering breaks the chain and is detectable. Logs are not treated as evidence.
Public, reproducible proof
Health and proof endpoints are public. Independent reviewers can reproduce any published claim against the live control plane.
Post-quantum aware
The cryptographic enforcement model is designed with post-quantum readiness as an explicit forward requirement.
Source-code hygiene
Source repositories enforce automated secret scanning and push protection. Signing keys never leave the control plane; only public verification keys (JWKS) are published.
Tested and reviewed
Internal penetration testing and security due diligence have been completed, with ongoing review.
Regulated and sovereign environments
Built to support the controls these missions require.
Execution governance is designed to align with the control expectations of defense, healthcare, and financial operators, including HIPAA-aligned decision boundaries for clinical AI and an Execution Governance Profile mapped to the NIST AI Risk Management Framework.
- ✓ Deterministic, auditable authorization on every action
- ✓ Tenant isolation suitable for regulated and mission-critical compute
- ✓ Evidence chain for post-incident reconstruction and audit
11/11 designs toward these frameworks; specific certifications and accreditations are pursued and disclosed independently. Nothing on this page asserts a certification not held.
Responsible disclosure
Report a vulnerability
Security researchers are welcome. Report suspected vulnerabilities directly to the team. We will acknowledge and coordinate remediation.