Critical for AI vendors: which models we use, how customer data stays out of training sets, what risks we own, and how we govern agent autonomy.
This is contractually enforced with every LLM provider in our stack: Anthropic (Commercial Terms §3, zero retention), OpenAI (Enterprise Compliance API zero retention), Google Cloud Vertex AI (GCP Platform Terms — no training on customer data), and Microsoft Azure OpenAI (Products and Services DPA). Claresia itself trains no models on customer content; we are an orchestration layer.
| Provider | Model | Purpose | Training data isolation | Residency |
|---|---|---|---|---|
| Anthropic | Claude Sonnet 4.7 | Default reasoning model for most skills | No customer data ever used for training. Per Anthropic Commercial Terms §3. | eu-south-1 / eu-central-1 |
| Anthropic | Claude Haiku 4.5 | High-throughput, low-latency tasks (classification, extraction) | Same zero-retention contract as Sonnet. | eu-south-1 / eu-central-1 |
| OpenAI | GPT-5 / GPT-5 mini | OpenAI-tenant customers (ChatGPT Enterprise) | Zero retention via Enterprise Compliance API. 30-day max abuse-monitoring with opt-out. | us / eu region pinned |
| Gemini 2.5 Pro | Google Workspace customers via Vertex AI | No training on Vertex AI customer data per GCP Platform Terms. | us / eu region pinned | |
| Microsoft | Azure OpenAI (GPT-5) | Microsoft Copilot M365 customers | Microsoft Products and Services DPA. Abuse-monitoring opt-out for sensitive workloads. | eu-italy / eu-west / eu-north region pinned |
The risks an AI orchestration platform is responsible for, and the controls Claresia ships against each. This is the basis for the Claresia Agent Governance Framework (planned formal release Q3 2026).
Adversarial input that attempts to override system instructions or exfiltrate data.
Skill IR enforces parameter typing + structured tool calls. Output handlers sanitise before persist. Sensitive-data detector scans outputs for credentials, PHI, PCI markers. Outputs flagged through governance_event.
Model produces plausible but factually incorrect output.
Skills are grounded in retrieved context with citation provenance. Hub records every source used; Hub viewer shows the citation chain. Tier-1 skills require human-in-the-loop confirmation for irreversible actions.
Model returns data the user is not authorised to see.
Permission inheritance applied before retrieval — model only sees data the user has access to per the customer ACL. Connectors enforce ACLs at fetch time, not render time.
Agentic skill takes destructive or irreversible action without human consent.
Alignment-model layer pre-scans every write action against a restricted-topics policy. Tier-1 actions (sending external email, modifying source code, posting publicly) always require explicit user approval. Audit trail in Hub.
Skill output contains credentials, PHI, PCI, or other sensitive content.
Sensitive-data detector runs on every output, applies redaction templates (one-click admin policies), surfaces matches as governance_event for SecOps review.
Every agentic action is pre-scanned by an alignment model against tenant-configured restricted-topics policies. Blocked actions surface as governance_event for review.
Tier-3 (read-only): autonomous. Tier-2 (reversible writes): autonomous with audit. Tier-1 (irreversible / external impact): human approval required, captured in Hub.
All governance events stream to customer SIEM / SOAR (Splunk, Sentinel, Tines) via the Audit Stream API. SOC analysts can triage from existing tools — Claresia does not require a new pane of glass.