Infrastructure Trust Architecture
Zero Trust tells you who.
SAUTERA tells you whether.
A trusted user on a compromised host is still a breach. SAUTERA scores the trust of the infrastructure itself — continuously, from what is observed — with AI agents that reason about each device, and proves it with evidence. Not antivirus.
Detect · Decide · Act · Prove · Improve — the VOUCH loop
Zero Trust does not see what it stands on.
Zero Trust answers "should this identity access this resource?" It cannot answer "should this resource be trusted at all?"
A fully authenticated, fully authorized user can be running mission-critical work on a host that is unpatched, unencrypted, exposed, or past end-of-life — and the access decision never knew. Risk surfaces only after the incident, the outage, or the audit.
- Patch currency has drifted weeks out of date
- Disk encryption is silently disabled
- A new listening surface (RDP, SMB) is exposed to the subnet
- Known CVEs sit unremediated on a critical host
- Software has passed end-of-life / end-of-support
- AV/EDR is absent or stale; the host firewall is off
- Configuration has drifted from last-known-good
The environment must earn its trust. Continuously.
SAUTERA reads whether a host is patched, encrypted, supported, and fit for use — right now, from live telemetry — and turns it into a trust decision. It does not replace Zero Trust. It completes it: the infrastructure-trust verdict flows into the access decision as a first-class input.
Where others watch, SAUTERA interprets.
Where others alert, SAUTERA decides.
Where others report, SAUTERA proves.
Who is asking?
Identity Trust
Zero Trust — identity, device posture, session context. Aligned to NIST SP 800-207.
Is the ground safe?
Infrastructure Trust
SAUTERA — is the host running this workload patched, encrypted, supported, and fit for use right now?
Should it proceed?
Complete Trust Decision
Identity combined with infrastructure, evaluated on every request — not once at the door.
Real AI agents make the trust call
SAUTERA doesn't score your infrastructure against a static threshold table. Two LLM-reasoning agents do the work. TELESCOPE reads each device's live telemetry against its own history to catch anomalies, drift, config tampering, and breach signals at Detect. PARACLETE weighs the resulting trust state and writes an evidence-backed remediation recommendation at Decide. The agents reason and advocate — a person approves, and SENTINEL enforces. Shipped today, proven in the lab.
TELESCOPE
Step 1 · DetectThe anomaly-detection agent
Reasons about what changed on a device — not just whether a value crossed a line.
Shipped and lab-proven. Its reasoning runs on your configured LLM provider.
PARACLETE
Step 5 · DecideThe remediation-advocate agent
Recommends the fix — with its reasoning and evidence — for a human to approve.
Advocates; does not enforce — SENTINEL enforces the decision once a person approves. Shipped and lab-proven; reasoning runs on your configured LLM provider.
For AI systems — design-partner preview
The trust engine, callable over MCP
SAUTERA's infrastructure scoring and trust decisions are exposed as Model Context Protocol (MCP) tools — so an AI system can ask, mid-reasoning, whether a host is fit to act on before it acts. Infrastructure trust becomes a function any model can call, not a dashboard a human reads after the fact.
Design-partner preview: the tools are built and tested against the public evaluation API today. We're onboarding the first partners now — a public endpoint is not yet served.
MCP tools
vigil_assessScore a device's live telemetry into an infrastructure-trust assertion.
arbiter_evaluateCompose assertions into a trust decision — allow, degrade, restrict, or deny.
trust_statusRead the current, cached trust state for any entity on demand.
Find it, fix it, prove it — continuously.
We call it VOUCH because SAUTERA doesn't just claim your infrastructure is trustworthy — it vouches for it, and proves it. Five steps, one closed loop, run on every device: Detect, Decide, Act, Prove, Improve. Trust stays a live signal between audits — not a quarterly scramble.
- 01
Detect
What's broken?
Read the vitals and the immune signals of every device — patch currency, encryption, exposed surface, known CVEs — and turn them into a trust score you can act on.
- 02
Decide
What needs me?
Surface the sickest infrastructure first and produce the trust decision — allow, degrade, restrict, or remediate — with the sign-off chain a regulated estate requires.
- 03
Act
What's being done?
Push the approved fix as a signed, reversible change — then re-collect and check our own work. Closed-loop remediation, human-gated where it must be.
- 04
Prove
Show me proof.
Write a tamper-evident record of what was found, decided, and done — audit-grade evidence a third party can trust, mapped to the framework you report against.
- 05
Improve
Are we getting better?
Trend each device's recovery over time so you can show the trajectory — not just today's snapshot — to your board, your auditor, and your customers.
See the gap close
The same request — with and without infrastructure trust.
Toggle SAUTERA on and watch a failing host move from an allowed access to a safe, governed one. Same identity, different outcome — because the ground was checked.
Interactive operational view. Toggle between Zero Trust and Zero Trust plus SAUTERA on the same host. With Zero Trust alone the authenticated user reaches a compromised host and it is a breach. With SAUTERA the VOUCH loop runs as the operational activities — Detect (observe the host), Decide (score infrastructure trust), Act (the gate applies the decision), Prove (evidence recorded), Improve (the loop closes and the posture is stronger than the previous cycle) — so access is granted safely and the breach is prevented.
What you get
Trust you can act on — and prove.
Device trust
A continuous, evidence-based score for every server, workstation, and network device — built on what is observed, never assumed. Unknown coverage reads as an honest "Unknown," not a confident guess.
Compliance evidence
Audit-grade, control-mapped, tamper-evident records — SOC 2, NIST CSF, ISO 27001, FedRAMP-aligned. Pull the evidence package on demand instead of running a fire drill before every audit.
Autonomous remediation
The closed loop: detect the problem, decide the fix, push it as a signed and reversible change, then re-verify. Human-gated for anything irreversible.
ZT Completeness Audit — a service
Find where your Zero Trust ends — and infrastructure risk begins.
An expert-led assessment, aligned to NIST SP 800-207 and the Infrastructure Trust Architecture, that maps where your Zero Trust architecture stops seeing — powered by the same engine that scores your estate. You get a scored posture report, a gap analysis, and a prioritized remediation roadmap.
An expert-led assessment — not an accredited certification.
Proof, not promises
We score our own infrastructure with the engine we sell.
SAUTERA dogfoods its own Infrastructure Scoring Index. The portal does not go live until its own score is in the Healthy band — and it is watched continuously after. The trust score we report isn't marketing copy; it's evidence.
The framework
- ▪ ITA — the architecture of how infrastructure earns trust.
- ▪ ITCM — how the live trust verdict is carried to where it's enforced.
- ▪ Authored by Joe Augustine — published openly, here, not on social.
See your infrastructure's trust score.
Install the SAUTERA Witness sensor, or walk through it with us. Either way you'll know — within the hour — what your estate's trust posture actually is.