Skip to content
@sectum-ai

sectum-ai

Sectum AI

Multi-tenant AI verification. Sectum AI provisions synthetic tenants on an AI stack, seeds them with cryptographic canary markers, runs benign and adversarial probes from each tenant's session, and detects cross-tenant data leakage across every surface — producing tamper-evident, control-mapped evidence that an auditor accepts.

Sectum AI is multi-tenant AI verification. It is not a runtime guardrail, not a GRC platform, and not a generalist LLM red-team framework. See the positioning and comparisons below.

Status

v0.1.0 tagged; release in flight. The OSS core is feature-complete for the v1 catalog (Attack Classes 1–11 plus the Class 12 evidence chain) and ships as a five-package uv workspace under the Apache-2.0 licence. PyPI publication is in flight via a Sigstore-signed Trusted Publisher pipeline; until that completes, install from source per the flagship quickstart.

Repositories

Where to start

Open Sectum vs Sectum Cloud

Open Sectum Sectum Cloud
License Apache-2.0 Commercial
Marker substrate, attack catalog, adapters yes yes
Evidence chain + independent sectum verify yes yes
sectum CLI (init / seed / probe / report / verify / erasure / baseline / adapters) yes yes
Continuous scheduled runs against a customer stack yes
Attestation hosting and managed audit-pack delivery yes
Dashboard, alerting, and regression baselines across runs yes
Auditor / DPO channel: pre-curated evidence packages yes

Both share the same evidence format. An evidence pack produced by Sectum Cloud verifies under the open-source sectum verify — there is no proprietary verification path.

What Sectum AI is not

Sectum AI verifies and attests; it does not remediate findings or provide runtime protection. In particular, Sectum AI is not:

  • A runtime guardrail or AI firewall (Lakera, NeMo Guardrails, Cisco AI Defense, Protect AI sit in front of inference; Sectum tests across surfaces and produces evidence after the fact).
  • A GRC platform (Vanta, Drata automate the controls layer; Sectum produces the evidence those controls can point to for the AI tenant-isolation testing they don't perform).
  • A generalist LLM red-team framework (DeepTeam, garak, PyRIT, promptfoo, Rebuff cover broad single-prompt categories; Sectum is narrow and deep on the tenant boundary across surfaces).
  • A privacy / DSR workflow (Securiti coordinates erasure requests; Sectum proves erasure actually happened across the AI surfaces that DSR tools don't reach into).

Sectum AI vs the alternatives

The 12 products buyers most often evaluate alongside Sectum AI, grouped by the layer they actually operate on.

Direct overlap

LLM red-team frameworks

Runtime AI security platforms

GRC platforms

Privacy / DSR workflow

References

The work motivating this category:

  • OWASP LLM08:2025 — Vector and Embedding Weaknesses. Names multi-tenant context leakage a top-10 LLM risk. https://genai.owasp.org/llmrisk/llm082025-vector-and-embedding-weaknesses/
  • Retrieval Pivot Attacks in Hybrid RAG (arXiv, Feb 2026). 334/350 benign queries (95.4%) triggered cross-tenant leakage via shared organic entities; stronger embedding models leak more. Basis of the flagship Class 2 probe.
  • Silent Leaks: Implicit Knowledge Extraction Attack on RAG Systems through Benign Queries (arXiv 2505.15420). 91% extraction efficiency, 96% attack success via benign queries; no prompt injection required. https://arxiv.org/abs/2505.15420
  • Asana MCP cross-tenant flaw (Coalition for Secure AI, May 2025). ~1,000 enterprises affected by an MCP token-passthrough root cause; motivation for the Class 7 MCP probes.

License and security disclosure

Open Sectum is Apache-2.0. See LICENSE in the flagship repo.

Security issues: please follow the coordinated-disclosure process in SECURITY.md. Email security@sectum.ai; do not file a public issue for a suspected vulnerability.

Pinned Loading

  1. sectum-ai sectum-ai Public

    Multi-tenant AI verification — provision synthetic tenants, detect cross-tenant data leakage across every AI surface, and produce tamper-evident evidence.

    Python 4

Repositories

Showing 3 of 3 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…