usp · how it works

Security Model Selection

One platform. Four security classes. Automatic AI model choice per context — not a setting but architecture.

section b

The principle in one paragraph

No cloud provider is right for everything. And no self-hosted model is powerful enough for every task. Our architecture acknowledges that: we choose the AI model per task and per data sensitivity. A router decides, before every AI call, which provider may respond — based on the data class of the item at hand.

section c

The four data classes (L0–L3)

What belongs where, and who may see it?

Class Label What belongs here Who may see it
L0 Public News articles, parliamentary papers, public reports, social posts Anyone with an account
always logged
L1 Confidential Internal files, preliminary policy notes, draft documents Organisation + designated partners
always logged
L2 Secret PII, medical info, complaint files with personal data Strict need-to-know
always logged
L3 Special category Special-category personal data (ethnicity, religion, orientation, health) Authorised roles only
always logged

section d

The model mapping

Which model may touch which class, and where does it run?

Data class AI provider Hosting Data relocation
L0PublicFrontier cloud (Claude, Mistral)EU-region or NLEU / NL
L1ConfidentialEU-hosted cloud or self-hosted open modelEU-region or NLEU / NL
L2SecretSelf-hosted open model (Llama, Qwen, Mistral) via OllamaClient infrastructure or
MurmurWorks OnPremise
Never leaves client
L3SpecialSelf-hosted, air-gappedOffline, no outbound connectionsNever leaves network segment

Concretely: a complaint file with ethnic characteristics (L3) physically cannot reach a commercial cloud. A public news article (L0) may reach a frontier model. The choice is not a setting — it is architecture.

L2Geheim

PII, klacht- en meldingsdata

Persoonsgegevens, klachtdossiers, medische info. Draait op een zelf-gehost open model (Llama, Qwen, Mistral) via Ollama, binnen klant-infrastructuur of een MurmurWorks OnPremise-omgeving. Data verlaat de klantomgeving fysiek niet — ook niet voor embeddings of indexering. Strikt need-to-know toegang, altijd gelogd.

AI-provider
Zelf-gehost open model (Ollama)
Hosting
Klant-infrastructuur of MurmurWorks OnPremise

Eén platform. Vier veiligheidsklassen. De classificatie bepaalt automatisch welk AI-model de data mag raken. Geen instelling — architectuur.

section e

How it works technically

Harness engineering: the platform manages the models, not the other way round.

  1. 01

    Model router

    Every AI call passes a router that inspects data class before the call is executed.

  2. 02

    Provider-agnostic

    The orchestration platform is independent of which LLM sits beneath. LLMs are interchangeable; the harness is not.

  3. 03

    Output validation

    Every AI response is checked for schema, hallucinations and source attribution.

  4. 04

    Fallback ladder

    Provider outage → automatic degradation to next option within the same class.

  5. 05

    Audit log

    Every call recorded: which document, which model, which prompt, which response, which classification.

section f

Why it looks the way it does

Other vendors pick one cloud provider for everything. That works in commercial contexts, but not for the public sector — where security requirements vary per file.

Other vendors pick one self-hosted model for everything. That gives full sovereignty, but frontier models interpret public texts better than a local Llama model.

Our choice: the strength of both worlds, driven by data classes.

section g

Boundaries & honesty

  • L0/L1 claims-where-possible: if data is ambiguous to classify, we pick the heavier class. Safer than faster.
  • Provider mix can be expensive: cloud calls at L0 are cheap, but self-hosting at L2/L3 requires hardware at the client site.
  • Models change: each quarter we evaluate which models per class are best. See the transparency report.

section h

Request the security dossier

Want the full technical underpinning? We provide a security dossier with router architecture, audit schemas and provider contracts.

Request security dossier