// Sovereign AI Platform · Melbourne VIC · Australia

AI built for
Australian business.
Your data stays here.

Purpose-built security intelligence and conversational AI — powered by NVIDIA NIM, governed by NeMo Guardrails, hosted on Australian infrastructure. Designed from the ground up for Privacy Act 2026.

Book a Demo → Download Sample Report
100%
Australian Data
5
Compliance Frameworks
APP 2026
Ready
Zero
Data Egress
sentinel.kaitiaki-it.com · KAI-20260503-0646
// BOARD RISK ASSESSMENT · 100,000 RECORDS
0
BOARD RISK SCORE
CALCULATING...
7,891 CRITICAL sessions ALLOWED through security controls — confirmed policy breaches
APP 1.7 TRIGGERED — 20 AI tool events · 53.4 MB to external services
6 attack chains correlated · MITRE T1567.002 · Engineering & Compliance
APP 2026 FAIL E8 FAIL ISO 27001 FAIL NeMo Guardrails ✓ NVIDIA NIM ✓
Compliance frameworks
Privacy Act 2026 Essential Eight ISO 27001:2022 SOC 2 Type II PCI-DSS v4.0 APRA CPS 234
[S] · Sentinel · Security Intelligence
From raw log file
to board-ready report
in under 5 minutes.

Sentinel is a forensic security intelligence platform. Upload firewall logs from any major vendor. The deterministic analysis engine processes every record, identifies every policy breach, and maps every event to regulatory obligations — before any AI touches it.

Live NVIDIA NIM NeMo Guardrails Zero Data Egress Privacy Act 2026
[A]
Vendor-agnostic log parsing
Automatically detects Zscaler, Palo Alto, Netskope, Microsoft Sentinel, CrowdStrike, Splunk, and generic CEF/Syslog formats. No manual column mapping required.
[R]
Deterministic risk classification
Every event is classified CRITICAL / HIGH / MEDIUM / LOW by rules-based logic before AI processing. Board Risk Score is mathematically verified — no hallucination possible.
[C]
Attack chain correlation
Multi-step event sequences per user correlated across time windows. Staging patterns, C2 beacon detection, lateral movement — all mapped to MITRE ATT&CK techniques.
[F]
Per-user forensic profiles
Every high-risk individual gets a complete forensic event timeline, data volume analysis, regulatory implication assessment, and specific interview recommendations.
[P]
Board-ready investigative PDF
Multi-page report with executive summary, findings tables, attack chains, 5-framework compliance analysis, financial exposure estimates, and 90-day remediation roadmap. Download and walk straight into a board meeting.
[5]
5 compliance frameworks in parallel
Every finding is simultaneously mapped to Privacy Act 2026, Essential Eight, ISO 27001:2022, SOC 2 Type II, and PCI-DSS v4.0. Every triggered control ID documented with evidence.
Try Sentinel → Sample Report
High-Risk Users — Forensic Profiles
User_9487EA05
98 CRIT
User_7183FF59
94 CRIT
User_5383ADCB
91 HIGH
User_35895C24
88 HIGH
AI Tools Detected — Jurisdiction Analysis
ChatGPTOpenAI · US OperationsCLOUD Act ⚠
DeepSeekHangzhou DeepSeek AIPRC Intel Law ✗
CopilotMicrosoft Corp · USCLOUD Act ⚠
PerplexityPerplexity AI · USCLOUD Act ⚠
Compliance Frameworks
Privacy Act 2026
17 controls FAIL
Essential Eight
13 controls FAIL
ISO 27001:2022
16 controls FAIL
SOC 2 Type II
11 controls FAIL
[C] · Cortex · Sovereign AI Assistant
Your organisation's AI.
Knows your business.
Isolated. Sovereign.

Cortex is not a generic chatbot. It's a purpose-built AI assistant that knows your organisation's policies, procedures, people, and context — from your own documents. Every client gets their own completely isolated instance with their own AI name, branding, and knowledge base.

Live NVIDIA NIM NeMo Guardrails Per-Org Isolation Custom Branding
[I]
Complete tenant isolation
Every organisation gets a cryptographically isolated memory space. Org ID is derived from the subdomain — not from user identity. An admin from another company can never see your data, no matter who is logged in.
[K]
Knowledge base import
Paste in any text — IT policies, HR procedures, onboarding guides, compliance documents, product manuals. NVIDIA Kimi-K2 extracts discrete, structured facts. Your AI learns your business in minutes.
[B]
Custom name and branding
Your AI has your name and your colours. "Aria" for IO Check. "Atlas" for another client. The AI never mentions Kaitiaki IT — it introduces itself as your organisation's assistant and stays in that role.
[G]
Configurable NeMo Guardrails
Every conversation is governed by configurable NeMo Guardrails — input sanitisation to prevent prompt injection, output validation, topic restrictions, and a full immutable audit trail of every interaction.
[M]
Persistent memory
Cortex remembers context across sessions. The AI builds a structured understanding of your organisation over time. The more you use it, the smarter it gets about your specific context.
[S]
Sentinel integration
Cortex can access your Sentinel scan findings. Ask "what are our biggest security risks right now?" and the AI answers from your actual audit data — not generic security advice.
Get Cortex for Your Organisation →
I
Aria
Online · NeMo Guardrails Active
IO CHECK
You
What are our IT security policies around AI tools?
Searching knowledge base...
Aria · IO Check AI
Based on IO Check's IT security policy, staff are not permitted to use unapproved AI tools for work purposes. Approved tools are listed in the IT Asset Register. Any AI tool that processes client data must have a signed Data Processing Agreement on file. Violations should be reported to the IT Manager within 24 hours.

Would you like me to find the DPA template or the approved tools list?
Knowledge Base — IO Check
policyAI tools require approved status before use on company systems
peopleIT Manager is Sarah Chen — escalate security incidents to her directly
procedureNew staff onboarding includes mandatory IT security induction within first week
// AI Engine

Powered by NVIDIA NIM.
Smart routing. Maximum intelligence.

Kaitiaki uses NVIDIA's NIM inference microservices — the most capable open AI models available. Our smart routing engine selects the optimal model for each task automatically, balancing speed, reasoning depth, and cost.

Fast · Classification
LLaMA-4 Maverick
Quick event classification, severity triage, initial log parsing. Sub-second response for high-volume analysis tasks.
Used for: initial log classification · event triage · quick Q&A responses
Reasoning · Analysis
Kimi-K2 Instruct
Deep attack chain correlation, knowledge base analysis, complex multi-step reasoning. Moonshot AI's best reasoning model.
Used for: attack chain analysis · KB import · compliance reasoning
Narrative · Reports
Nemotron Super 49B
Executive narrative generation. Converts deterministic findings into board-ready language. NVIDIA's flagship enterprise model.
Used for: executive summaries · board reports · regulatory narratives
Structured · Output
Qwen3 Coder 480B
Structured JSON output, data extraction, precise formatted analysis. 480B parameters for maximum accuracy on complex structured tasks.
Used for: JSON report generation · structured data extraction
DATA SOVEREIGNTY
Only anonymised analysis prompts are sent to NVIDIA NIM — never raw log data, never personal information, never client data. All findings remain within the Kaitiaki network boundary in Melbourne VIC.
Zero PII to NVIDIA
// AI Governance

NeMo Guardrails.
Every decision. Logged. Verified.

NVIDIA NeMo Guardrails enforce deterministic output integrity across every AI interaction on the platform. This isn't optional — it's baked into the architecture. Required for APRA CPS 230 AI governance compliance.

Input Rails
Sanitise and validate all input before it reaches the AI. Prevent prompt injection. Enforce topic boundaries. Block attempts to extract system information.
Prompt injection prevention — detects and blocks adversarial inputs
Topic boundary enforcement — AI stays within configured scope
PII detection — flags personal information before processing
Log sanitisation — removes sensitive fields before AI analysis
Rate limiting — prevents abuse and cost exposure
Output Rails
Validate every AI output before it reaches the user. Ensure grounding. Prevent hallucination. Enforce compliance control library accuracy.
Grounding rails — every finding must exist in source log data
Control library validation — every compliance ID verified against known-good library
Hallucination detection — flags unsupported claims
Tone and professionalism enforcement for all outputs
Immutable audit trail — every guardrail decision logged
Dialogue Rails
Control the flow and scope of AI conversations. Define what Cortex will and won't discuss. Configurable per organisation.
Organisation scope enforcement — AI stays within your business context
Cross-tenant isolation — AI cannot access other organisations' data
Custom topic restrictions configurable per organisation
Escalation paths — configurable for sensitive topics
Session boundary management
Audit & Compliance
Every guardrail decision creates an immutable log entry. Required for APRA CPS 230, ISO 27001 A.8.16, and Privacy Act 2026 APP 1.7 transparency obligations.
Immutable audit log — tamper-evident guardrail decision trail
APRA CPS 230 AI governance evidence
ISO 27001 A.8.16 monitoring activities documentation
Privacy Act 2026 APP 1.7 automated decision transparency
Exportable for regulatory submission
// Analysis Pipeline

Two-stage deterministic pipeline.
No finding is invented.

Every Sentinel finding is mathematically certain before AI touches it. Stage 1 is pure Python — deterministic, verifiable, explainable. Stage 2 is AI narrative generation grounded in Stage 1 facts.

STAGE 1 · PYTHON
Log Ingestion
Auto-detect vendor format. Normalise column schemas. Parse 100K+ records.
STAGE 1 · PYTHON
Risk Classification
Rules-based CRITICAL / HIGH / MEDIUM / LOW. Zero AI involvement. Mathematically certain.
STAGE 1 · PYTHON
User Anonymisation
SHA-256 hash all usernames. No PII reaches AI processing stage.
STAGE 1 · PYTHON
Attack Chain Detection
Deterministic correlation. Time windows. Staging patterns. C2 beacons. MITRE mapping.
STAGE 2 · NVIDIA NIM
AI Narrative Generation
Kimi-K2 for reasoning. Nemotron for narrative. Grounding rails enforce no hallucination.
OUTPUT
Board Report
Multi-page investigative PDF. Executive summary. Forensic profiles. Remediation roadmap.
// Data Sovereignty

Your data stays in Australia. Full stop.

Every log file, every AI conversation, every security finding processed and stored on Australian infrastructure. We don't route your data through US cloud services. We don't use PRC AI providers. We don't need to.

On-shore processing — Melbourne VIC
All analysis runs on Kaitiaki infrastructure in Melbourne. Your log data, your conversations, your findings — never leave Australia.
Cryptographic tenant isolation
Your data is isolated by org_id derived from your subdomain. No shared databases. No namespace collisions. No admin from another org can see your data.
Privacy Act 2026 — APP 8.1 compliant
APP 8.1 restricts disclosure of personal information to overseas AI services. Using ChatGPT, Copilot, or DeepSeek for work without a Data Processing Agreement may breach the Act. We're the compliant alternative.
Zero PII to NVIDIA
Only anonymised analysis prompts sent to NVIDIA NIM — never raw logs, never personal information. SHA-256 hashing of all user identifiers before any AI processing.
AI Service Jurisdiction APP 8.1 Risk
Kaitiaki CortexAustralia ✓None ✓
ChatGPT / OpenAIUS — CLOUD ActHIGH ⚠
Microsoft CopilotUS — CLOUD ActHIGH ⚠
Google GeminiUS — CLOUD ActHIGH ⚠
DeepSeekPRC — Intel LawCRITICAL ✗
Perplexity AIUS — CLOUD ActHIGH ⚠
APP 8.1 obligation: Transmitting personal information to overseas AI services without a Data Processing Agreement may constitute an unauthorised cross-border disclosure under the Privacy Act 2026. Penalty: up to $50,000,000.
CLOUD ACT — WHAT IT MEANS FOR AUSTRALIA
The US CLOUD Act (2018) requires US-based companies to provide access to stored data — including data stored overseas — when requested by US law enforcement. Any data you send to ChatGPT, Copilot, or Google may be accessible to US federal agencies regardless of where it's stored.
// How It Works

Live in under 60 seconds.

No hardware. No installation. We provision your entire platform automatically — DNS, SSL, AI, everything.

01
[O]
Organisation created
Your subdomain, branded AI name, and isolated data environment provisioned in seconds. DNS A records created. SSL certificates requested. NPM proxy hosts configured. Welcome email with credentials sent automatically.
02
[K]
Knowledge base built
Paste in your policies, runbooks, HR guides, and procedures. NVIDIA Kimi-K2 extracts discrete structured facts. Your AI knows your business in minutes. Add more anytime.
03
[S]
First Sentinel scan
Upload a firewall log export. 100,000 records analysed in under 5 minutes. Board risk score, forensic user profiles, 5-framework compliance analysis, downloadable PDF report.
04
[~]
Continuous intelligence
Regular scans, an AI that knows your business and your security posture, and a knowledge base that grows with your organisation. The platform gets smarter over time.
// Sample Report

See what your board will see.

Download our sample Sentinel investigative report — based on a real 100,000-record analysis with anonymised data. This is the document that walks into board meetings and triggers emergency security committees.

Board Risk Score 83/100 — Critical
Financial exposure up to $19.5M AUD across three regulatory scenarios
8 High-Risk User Forensic Profiles
Complete event timelines, attack chains, data volumes, regulatory implications per individual
6 Confirmed Attack Chains
MITRE ATT&CK mapped sequences showing data staging and exfiltration behaviour
5 Compliance Frameworks — All FAIL
63 total control failures across Privacy Act 2026, Essential Eight, ISO 27001, SOC 2, PCI-DSS
90-Day Remediation Roadmap
Prioritised actions with owners, effort estimates, deadlines, and regulatory context
↓ Download Sample Report Book a Full Audit →
KAITIAKI IT · SENTINEL v3.0
Threat Intelligence & Compliance
83
CRITICAL RISK
7,891 CRITICAL sessions ALLOWED through controls · 149.9 MB confirmed transmitted · Pi AI, Poe AI, Grok/xAI
APP 1.7 TRIGGERED — 20 AI tool events · 53.4 MB to external AI · replicate.com, perplexity.ai, character.ai
6 attack chains · MITRE T1567.002 · Engineering & Compliance highest risk
APP 2026
FAIL · 17
Essential Eight
FAIL · 13
ISO 27001
FAIL · 16
SOC 2 Type II
FAIL · 11
↓ Download Full Sample Report (PDF)
// Pricing

Simple, transparent pricing.

All plans include your dedicated subdomain, branded AI assistant, and isolated data environment. No per-seat fees for Cortex.

Starter
Essential
For small teams getting started with AI governance and security compliance.
$2,500/audit
or $18,000/year · 10 audits included
  • Sentinel — 5 audits/month
  • All 5 compliance frameworks
  • Board-ready PDF reports
  • NVIDIA NIM analysis engine
  • NeMo Guardrails included
  • Cortex AI — 500 messages/month
  • 200 knowledge base facts
  • Custom AI name/branding
  • Document import pipeline
Get Started
Professional
Business Suite
For organisations serious about Privacy Act 2026 compliance and AI governance.
POA
Annual contract · scoped to your organisation
  • Sentinel — 20 audits/month
  • All 5 compliance frameworks
  • Email report delivery
  • Full NVIDIA NIM model suite
  • Configurable NeMo Guardrails
  • Cortex AI — unlimited messages
  • 2,000 knowledge base facts
  • Custom AI name and branding
  • Document import pipeline
Book a Demo
Enterprise
Full Platform
For enterprises requiring unlimited access, custom integration, and dedicated support.
POA
Enterprise agreement · SLA included
  • Sentinel — unlimited audits
  • SIEM JSON export / API access
  • Full NVIDIA NIM model suite
  • Custom NeMo Guardrails config
  • Cortex AI — unlimited + API
  • Unlimited knowledge base
  • Academy — all courses + seats
  • Dedicated support SLA
  • Custom integration development
Contact Us
// Get In Touch

See it working on your data.

Book a 30-minute demo. We'll run a live Sentinel scan on your log data, show you Cortex answering questions from your own documentation, and walk through your Privacy Act 2026 obligations in plain English.

[M]
[L]
Location
Melbourne VIC, Australia
[S]
[P]
WHAT TO EXPECT IN YOUR DEMO
01Live Sentinel scan on a sample log file — watch the board risk score calculate in real time
02Cortex demo — AI answering questions from your own documentation
03Privacy Act 2026 gap analysis — where your organisation stands right now
04Platform provisioning demo — watch your subdomain go live in 60 seconds
Book a Demo / Get in Touch
✓ Message sent. We'll be in touch within 24 hours.
// Get Started Today

Ready to see your risk score?

Upload a log file to Sentinel right now. See your board risk score, compliance gaps, and user profiles in under 5 minutes.

Book a Demo → Open Sentinel

No commitment · Melbourne VIC · hello@kaitiaki-it.com