HAOS lets AI agents work with your most sensitive data — enforcing who sees what at the data itself, not the app. One governed copy, every interface your stack already speaks.
Every request runs a four-layer gauntlet at the storage layer. Both role and attribute checks must pass, an explicit deny always wins, and restricted fields are redacted on the way out.
| Capability | HAOS | Plain object storage MinIO · S3 |
App-layer governance add-on tools |
|---|---|---|---|
| Governance enforced in the data (block level) | ✓ | ○ | ◐ |
| One governed copy across many interfaces | ✓ | ○ | ○ |
| Automatic row & column redaction | ✓ | ○ | ◐ |
| Built for AI — vector-level ACLs | ✓ | ○ | ○ |
| Confidential-compute AI inference | ✓ | ○ | ○ |
| FIPS 140-3 + post-quantum crypto | ✓ | ◐ | ○ |
| Sovereign · self-hosted · air-gap capable | ✓ | ◐ | ◐ |
| Erasure coding + disk-to-client audit | ✓ | ◐ | ○ |
✓ built-in · ◐ partial or bolt-on · ○ not addressed
Analysts and AI agents query classified data at their clearance — never a row above it.
Citizen data lives on your own hardware, encrypted and audited end to end.
PHI is usable by models with restricted fields redacted; six-year audit is built in.
Customer records feed AI with SSNs and account numbers auto-redacted per user.
Write-once storage for operational and incident data, fully isolated.
Give RAG and agents governed data — no ungoverned copies, no leaks.
The organisations that can safely feed sensitive data to AI will move faster than everyone else. The ones that can't will stall — or breach. HAOS is how they do it safely: one governed copy, every interface, full audit, sovereign control.
Maturity, if pressed: core storage, governance, S3, analytics and vector interfaces are built; hardening toward general availability. Say "built and being hardened," never "finished." FIPS module validation is in process — don't claim a finished certificate.
| RBAC / ABAC | Access by role, plus by attributes. "Access follows your role — then attribute rules add conditions like clearance level, where you're connecting from, and the time of day." |
| ACL | Per-item permissions. "Permissions right down to individual files and folders — like Windows file permissions, but enforced inside the storage." |
| Block-level control | Enforced at the data, not the app. "The access rules live in the storage layer itself — so they can't be bypassed by copying the data or swapping the application." |
| Erasure coding (Reed-Solomon) | Failure-proof with less overhead. "We shard the data with erasure coding — it survives a whole rack failing, using far less space than making three full copies." |
| Redaction / row-column governance | Hides what you're not cleared for. "If you're not cleared for a column, it comes back redacted — blacked out — automatically, at the moment of access." |
| Single pane of glass | One unified view. "One view of security and audit across every layer — from the physical disk to the client." |
| FIPS 140-3 | The US government crypto standard. "The encryption is FIPS 140-3 — the standard governments require. Every byte is encrypted at rest." (If pushed: validation is in process.) |
| Post-quantum (ML-KEM) | Safe against quantum computers. "It's post-quantum ready — it stays secure even against future quantum attacks." |
| Apache Iceberg | Open analytics tables. "The same data is queryable as analytics tables via Apache Iceberg — Trino, Spark, DuckDB." |
| Vector DB / RAG | How AI retrieves relevant data. "It speaks the vector-database protocols AI uses to retrieve information — Qdrant and Milvus — so RAG pipelines get governed data." |
| Vector-level ACLs | Permissions baked into the AI search index. "The access rules go all the way into the vector index — so an AI search only ever returns results the user is cleared to see." |
| Confidential computing | The AI runs on proven-secure hardware. "Sensitive prompts only run on confidential-compute GPUs — HAOS cryptographically checks the hardware is genuine and sealed before any classified data reaches the model." |
| Governed SQL | Query the data lake, safely. "Analysts run normal SQL, but each person only sees their permitted rows and columns — restricted fields are blanked out automatically, even inside totals and averages." |
| WORM / Object Lock | Write once, can't be changed or deleted. "Records can be locked write-once for retention and legal hold — they can't be tampered with or deleted, which auditors require." |