Sectum AI documentation
Sectum AI is a multi-tenant AI verification platform: it provisions synthetic tenants on your AI stack, plants cryptographic canary markers, runs a catalog of cross-tenant probes across 13 surfaces, and produces tamper-evident, control-mapped evidence an auditor or DPO accepts — and can re-verify independently, without trusting us.
This is the high-level documentation. The technical reference (CLI usage, adapter SDK, Pydantic models, JSON Schema) lives in the OSS repo alongside the code; this site covers the concepts a buyer or integrator needs before they read code.
Start here
Threat model
What Sectum AI protects against, trust boundaries, what is explicitly out of scope, and how the ground-truth manifest is handled.
Attack catalog
The 11 implemented cross-tenant probe classes — what each targets, the surfaces it touches, and the OWASP / ATLAS / NIST AI RMF mappings.
Evidence chain
How a probe run becomes an attestation: canonicalization, SHA-256 digest, RFC 3161 timestamp, Sigstore Rekor inclusion proof, in-toto envelope, control-mapped audit PDF.
Compliance mappings
Findings map to controls in SOC 2 (TSC), ISO/IEC 27001:2022, GDPR, EU AI Act, HIPAA, NIST AI RMF, and OWASP LLM Top 10.
The three anchors
Everything in this documentation resolves to one of three product commitments. When something seems ambiguous, refer back to these:
- Category. Sectum AI does multi-tenant AI verification. Not LLM red-team generalism, not a runtime firewall, not a guardrail, not GRC. Every feature must serve verifying that one tenant's data cannot reach another through an AI system's surfaces.
- Output. The deliverable is auditor-acceptable, tamper-evident evidence. Findings without a signed, control-mapped evidence artifact are incomplete.
- Method. Detection uses a marker substrate (synthetic tenants seeded with canary entities), not a naive single-prompt LLM-as-judge. The substrate is the technical contribution.
Reference research
- OWASP LLM08:2025 — Vector and Embedding Weaknesses: multi-tenant context leakage as a top-10 LLM risk.
- Retrieval Pivot Attacks in Hybrid RAG (arXiv, Feb 2026): 95.4% of benign queries triggered cross-tenant leakage via shared organic entities. Stronger embedding models leaked more.
- Silent Leaks (arXiv 2505.15420, May 2025): 91% extraction efficiency via benign queries with no prompt injection.
- Asana MCP cross-tenant flaw (Coalition for Secure AI, May 2025): up to ~1,000 enterprises affected; root cause was MCP token passthrough.