Skip to content
SAUTERASAUTERA

Infrastructure Trust Architecture

Zero Trust tells you who.
SAUTERA tells you whether.

A trusted user on a compromised host is still a breach. SAUTERA scores the trust of the infrastructure itself — continuously, from what is observed — with AI agents that reason about each device, and proves it with evidence. Not antivirus.

Identity Trust+Infrastructure Trust=Complete Trust Decision

Detect · Decide · Act · Prove · Improve — the VOUCH loop

01The Zero Trust blind spot

Zero Trust does not see what it stands on.

Zero Trust answers "should this identity access this resource?" It cannot answer "should this resource be trusted at all?"

A fully authenticated, fully authorized user can be running mission-critical work on a host that is unpatched, unencrypted, exposed, or past end-of-life — and the access decision never knew. Risk surfaces only after the incident, the outage, or the audit.

RESULT: trusted users routinely operate on infrastructure whose condition is unknown at decision time.
  • Patch currency has drifted weeks out of date
  • Disk encryption is silently disabled
  • A new listening surface (RDP, SMB) is exposed to the subnet
  • Known CVEs sit unremediated on a critical host
  • Software has passed end-of-life / end-of-support
  • AV/EDR is absent or stale; the host firewall is off
  • Configuration has drifted from last-known-good
02Infrastructure Trust

The environment must earn its trust. Continuously.

SAUTERA reads whether a host is patched, encrypted, supported, and fit for use — right now, from live telemetry — and turns it into a trust decision. It does not replace Zero Trust. It completes it: the infrastructure-trust verdict flows into the access decision as a first-class input.

Where others watch, SAUTERA interprets.

Where others alert, SAUTERA decides.

Where others report, SAUTERA proves.

Who is asking?

Identity Trust

Zero Trust — identity, device posture, session context. Aligned to NIST SP 800-207.

Is the ground safe?

Infrastructure Trust

SAUTERA — is the host running this workload patched, encrypted, supported, and fit for use right now?

Should it proceed?

Complete Trust Decision

Identity combined with infrastructure, evaluated on every request — not once at the door.

03Agentic AI

Real AI agents make the trust call

SAUTERA doesn't score your infrastructure against a static threshold table. Two LLM-reasoning agents do the work. TELESCOPE reads each device's live telemetry against its own history to catch anomalies, drift, config tampering, and breach signals at Detect. PARACLETE weighs the resulting trust state and writes an evidence-backed remediation recommendation at Decide. The agents reason and advocate — a person approves, and SENTINEL enforces. Shipped today, proven in the lab.

TELESCOPE

Step 1 · Detect

The anomaly-detection agent

Reasons about what changed on a device — not just whether a value crossed a line.

Shipped and lab-proven. Its reasoning runs on your configured LLM provider.

PARACLETE

Step 5 · Decide

The remediation-advocate agent

Recommends the fix — with its reasoning and evidence — for a human to approve.

Advocates; does not enforce — SENTINEL enforces the decision once a person approves. Shipped and lab-proven; reasoning runs on your configured LLM provider.

04Programmable trust

For AI systems — design-partner preview

The trust engine, callable over MCP

SAUTERA's infrastructure scoring and trust decisions are exposed as Model Context Protocol (MCP) tools — so an AI system can ask, mid-reasoning, whether a host is fit to act on before it acts. Infrastructure trust becomes a function any model can call, not a dashboard a human reads after the fact.

Design-partner preview: the tools are built and tested against the public evaluation API today. We're onboarding the first partners now — a public endpoint is not yet served.

MCP tools

  • vigil_assess

    Score a device's live telemetry into an infrastructure-trust assertion.

  • arbiter_evaluate

    Compose assertions into a trust decision — allow, degrade, restrict, or deny.

  • trust_status

    Read the current, cached trust state for any entity on demand.

05The VOUCH loop

Find it, fix it, prove it — continuously.

We call it VOUCH because SAUTERA doesn't just claim your infrastructure is trustworthy — it vouches for it, and proves it. Five steps, one closed loop, run on every device: Detect, Decide, Act, Prove, Improve. Trust stays a live signal between audits — not a quarterly scramble.

  1. 01

    Detect

    What's broken?

    Read the vitals and the immune signals of every device — patch currency, encryption, exposed surface, known CVEs — and turn them into a trust score you can act on.

  2. 02

    Decide

    What needs me?

    Surface the sickest infrastructure first and produce the trust decision — allow, degrade, restrict, or remediate — with the sign-off chain a regulated estate requires.

  3. 03

    Act

    What's being done?

    Push the approved fix as a signed, reversible change — then re-collect and check our own work. Closed-loop remediation, human-gated where it must be.

  4. 04

    Prove

    Show me proof.

    Write a tamper-evident record of what was found, decided, and done — audit-grade evidence a third party can trust, mapped to the framework you report against.

  5. 05

    Improve

    Are we getting better?

    Trend each device's recovery over time so you can show the trajectory — not just today's snapshot — to your board, your auditor, and your customers.

See the gap close

The same request — with and without infrastructure trust.

Toggle SAUTERA on and watch a failing host move from an allowed access to a safe, governed one. Same identity, different outcome — because the ground was checked.

Interactive operational view. Toggle between Zero Trust and Zero Trust plus SAUTERA on the same host. With Zero Trust alone the authenticated user reaches a compromised host and it is a breach. With SAUTERA the VOUCH loop runs as the operational activities — Detect (observe the host), Decide (score infrastructure trust), Act (the gate applies the decision), Prove (evidence recorded), Improve (the loop closes and the posture is stronger than the previous cycle) — so access is granted safely and the breach is prevented.

The VOUCH Loop · Operational ViewLive
Operational view: Zero Trust versus Zero Trust plus SAUTERA on one hostThe VOUCH loop runs as the operational activities: SAUTERA detects the host, decides a trust score, the gate acts on it, evidence is proved at the resource, and the loop improves the posture each cycle. The activities form a closed loop and access is granted safely.DetectSAUTERA observes the host.SAUTERA94ITAscore▲ +8 vs last cycleDetectDecideActProveImproveUserALLOWALLOWResourceHOSTPosture trusted

What you get

Trust you can act on — and prove.

Device trust

A continuous, evidence-based score for every server, workstation, and network device — built on what is observed, never assumed. Unknown coverage reads as an honest "Unknown," not a confident guess.

Compliance evidence

Audit-grade, control-mapped, tamper-evident records — SOC 2, NIST CSF, ISO 27001, FedRAMP-aligned. Pull the evidence package on demand instead of running a fire drill before every audit.

Autonomous remediation

The closed loop: detect the problem, decide the fix, push it as a signed and reversible change, then re-verify. Human-gated for anything irreversible.

ZT Completeness Audit — a service

Find where your Zero Trust ends — and infrastructure risk begins.

An expert-led assessment, aligned to NIST SP 800-207 and the Infrastructure Trust Architecture, that maps where your Zero Trust architecture stops seeing — powered by the same engine that scores your estate. You get a scored posture report, a gap analysis, and a prioritized remediation roadmap.

An expert-led assessment — not an accredited certification.

14
Named engines, no phantoms
2
Platforms shipping today
5
Verbs, one closed loop
4
Compliance frameworks mapped

Proof, not promises

We score our own infrastructure with the engine we sell.

SAUTERA dogfoods its own Infrastructure Scoring Index. The portal does not go live until its own score is in the Healthy band — and it is watched continuously after. The trust score we report isn't marketing copy; it's evidence.

The framework

  • ITA — the architecture of how infrastructure earns trust.
  • ITCM — how the live trust verdict is carried to where it's enforced.
  • Authored by Joe Augustine — published openly, here, not on social.

See your infrastructure's trust score.

Install the SAUTERA Witness sensor, or walk through it with us. Either way you'll know — within the hour — what your estate's trust posture actually is.