Vaikora for Defense

When an AI agent supports an intelligence-analyst workflow, what proves to your AO that the agent only operated within its authorized classification? When a logistics AI runs across IL4 and IL5 boundaries, who certifies that no IL5 data ever flowed to an IL4 process? When a contracting officer’s AI assistant accesses CUI, what evidence holds up in a DCSA audit?

Vaikora is the rule-based runtime control layer for AI agents operating in DoD and defense industrial base environments. Deterministic policy, full audit trail, no model-in-the-loop for decision-making. Designed to fit inside accreditation boundaries from IL2 through IL5, with deployment patterns for IL6 air-gapped use cases.

The defense AI agent problem

The DoD AI Adoption Strategy and Section 836 of NDAA FY2024 set expectations for AI use across the department. Operationalizing those expectations requires a control layer that produces evidence that ATO authorities and DCSA assessors can verify. Existing AI safety solutions, mostly built for commercial use cases, do not meet the requirements.

Specific challenges:

• Cross-classification data flows when an agent operates near a boundary
• CUI handling in defense industrial base AI deployments
• ATO documentation requirements for AI components
• Air-gapped deployments where remote inference for “safety LLMs” is not an option

Compliance frameworks Vaikora addresses

• DoD CC SRG (Cloud Computing Security Requirements Guide): IL2 through IL5 deployment patterns
• NIST SP 800-53 Rev 5: AC, AU, SI control families
• CMMC 2.0 Level 2: CUI handling controls for defense contractors
• NIST AI RMF 1.0: GOVERN, MAP, MEASURE, MANAGE functions
• DCSA NISPOM for cleared contractor environments

Sample policy rules

- name: classification_boundary_enforcement
  match: { tool: "*", caller.clearance: "IL4", arg.data_classification: "IL5_OR_HIGHER" }
  decision: deny

- name: cui_egress_to_uncleared_target
  match: { tool: ["network.send", "storage.write"], payload.contains_cui: true, target.cui_authorized: false }
  decision: deny

- name: air_gap_no_internet_calls
  match: { tool: "external_api.*", deployment.air_gapped: true }
  decision: deny

- name: weapons_systems_no_autonomous_action
  match: { tool: "weapons_system.*", decision.autonomous: true }
  decision: require_approval

Resources

• Vaikora flagship product page
• Deterministic policy primer
• Book a demo

FAQs for Defense

• Is Vaikora deployable in IL5 and IL6 environments? Yes. The policy engine runs in-process with no required external network calls. Air-gapped deployment patterns are documented.
• Does Vaikora support ATO documentation? Yes. The product ships with control-mapping artifacts for NIST SP 800-53 Rev 5 and NIST AI RMF 1.0. Customers use these as the AI-component documentation in their SSPs.
• Can rules reference classification labels? Yes. Rules match on classification metadata attached to data, caller, and target. Multiple classification schemes can co-exist (DoD IL levels, IC TS/SCI compartments, NATO releasability markings).
• Is the open-source vaikora-llm-gateway suitable for classified environments? The OSS gateway is MIT-licensed and air-gap deployable. Some classified environments will additionally require source code review before deployment, and Data443 supports that process.