Back to security
Security & Governance

The security architecture.

Governance isn't bolted on top of NURA AI. It is the architecture. Every AI Colleague runs inside hard boundaries you can inspect and audit, and every consequential action is gated by a person. This is how an AI Colleague becomes safe to trust with real operational work.

The human decision gate

AI owns execution; humans own decisions. Every consequential action stops at a person for approval before it happens. The gate is enforced by the platform, not by a prompt the model could talk its way around.

Six hard-blocks

A fixed set of actions an AI Colleague can never take on its own, enforced in the platform layer. No instruction, jailbreak, or edge case moves a hard-blocked action past the boundary.

Tenant isolation

Row-level security keeps every customer's data, knowledge, and actions strictly their own. Isolation is attached to each customer-owned table at creation, no bleed between tenants, ever.

Inspectable audit ledger

Every request, answer, citation, and approval is recorded to a complete, searchable ledger. The audit record can't be edited or deleted, a faithful account of exactly what happened, who saw it, and who approved it.

Approval ledger

Who approved what, and when. Human decisions are first-class records bound to a verified person, never buried in a log file, never a placeholder.

Grounded, cited answers

An AI Colleague answers from your knowledge, with the source cited line by line, and when it doesn't know, it says so and surfaces the gap for your team to close, rather than guessing.

PDPL-aware by design

Data handling is built around regional privacy law (UAE PDPL) from the ground up, not localized after the fact. Data residency for the GCC is a first-class consideration, not an afterthought.

Verifiable before approval

Outputs can be programmatically checked before a human ever sees them. Reliability, retries, and edge cases are engineered, so what reaches the decision gate is already validated.

The principle

Trust is engineered, not promised.

Each of these controls is justified against our 7 Design Systems for AI, in particular Discipline 05, Security & Safety with human-in-the-loop, and Discipline 06, Evaluation, Observability & Verifiability. We publish the engineering discipline so you can read exactly how an AI Colleague is built before any sales conversation.