0 — Agents overview — sovereign deployment, governed inference, zero-egress architecture.
Layerup AI Agents are not a SaaS product. They are a containerized, tenant-isolated reasoning workload that you deploy, own, and operate entirely inside your existing private cloud infrastructure — whether that is Amazon Web Services, Microsoft Azure, or Google Cloud Platform. The agents drop into your environment the way any enterprise container workload does: procured through a cloud marketplace, delivered into your private registry, executed inside your VPC, and governed by your own native cloud security tooling. At no point does application data, underwriting logic, inference output, or audit telemetry cross the boundary into Layerup-controlled infrastructure during production operation.| attribute | value |
|---|---|
| deployment model | Private VPC / VNet — your cloud account, your network |
| procurement | AWS Marketplace · Azure Marketplace |
| inference | Amazon Bedrock · Azure OpenAI — within your cloud tenant |
| data residency | Zero-egress — no application data leaves your network boundary |
| security posture | No-new-perimeter — operates within the controls you already own |
| configuration | Agent Operating Procedure (AOP) — version-controlled, human-readable |
| audience | Enterprise Architecture · Information Security · Underwriting Governance |
| document version | v1.0 · June 2026 |
0.1 The five sovereign guarantees
Every Layerup AI Agent deployment is built around five structural guarantees that cannot be configured away.Sovereign Tenancy
Your agent runs exclusively within your cloud account. No compute, memory, network space, or data storage is shared with any other Layerup customer — or with Layerup itself. The agent is provisioned inside your VPC on AWS or your VNet on Azure and never leaves it.
Zero-Egress Data Residency
Application packets, medical records, financial statements, LLM inference calls, reasoning chains, confidence scores, and audit logs all stay inside your network boundary. No copy of any production data is transmitted to Layerup’s infrastructure at any time.
No-New-Perimeter
The agent does not introduce a net-new security surface. It operates entirely within the IAM policies, network controls, encryption keys, and compliance tooling your security team has already established. Amazon Inspector, Bedrock Guardrails, CloudWatch, Azure Defender — these are your tools, configured by your team.
Least-Privilege Identity
The agent container is granted only the specific, enumerated permissions required for its defined workflow — nothing more. A dedicated IAM Execution Role (AWS) or User-Assigned Managed Identity (Azure) is scoped to specific S3 buckets, SQS queues, Bedrock model ARNs, and CloudWatch Log Groups. Broad administrative access is architecturally excluded.
Governed Inference
All LLM inference is routed through Amazon Bedrock or Azure OpenAI — managed services operating within your cloud tenant under your data processing agreements. Your team configures and manages the AI safety guardrails (Bedrock Guardrails / Azure AI Content Safety) that govern every inference call. Layerup does not configure, manage, or bypass these controls.
Deterministic Audit
Every agent reasoning step, source citation, model response, guardrail evaluation, and output decision is written to your own observability infrastructure — CloudWatch Logs or Azure Monitor — in structured, queryable format. The audit trail is immutable, append-only, and retained for a minimum of seven years. It belongs to you.
0.2 What this is not
The agent is also not a rules engine or a workflow automation script. It is a reasoning workload — one that reads your documents, applies your underwriting logic as expressed in its Agent Operating Procedure, invokes foundation models under governed constraints, and produces structured, evidence-cited, confidence-scored outputs. The human underwriter retains decision authority at every stage of the rollout.0.3 Architecture at a glance
The following diagram describes the full boundary of the Layerup AI Agent within an AWS deployment. The Azure topology is structurally identical, with equivalent managed services. Fig. A0.1 — Full deployment boundary. Everything inside the outer box is your cloud account. Layerup has no access to any resource inside the boundary after the initial container image delivery.0.4 How this document is organised
This documentation set covers six architectural domains in detail. Each section is intended for the relevant function in your enterprise architecture review:Deployment Architecture
Native VPC deployment paradigm, marketplace procurement, network isolation model, and zero-egress data residency guarantees. For Enterprise Architecture and Network Security.
Infrastructure & Compute
Container image delivery, private registry integration, pre-deployment security scanning, execution environments, and compute scaling model. For Platform Engineering.
Security & Governance
IAM least-privilege model, AI guardrails, encryption standards, vulnerability management, and supply chain security. For Information Security and Compliance.
Data & Integration
End-to-end data flow, event-driven ingestion, document processing, output schema, and write-back integration patterns. For Integration Architecture.
Observability & Resilience
Telemetry architecture, deterministic audit trails, log retention, error handling, and fallback protocols. For IT Operations and Internal Audit.
Configuration & Lifecycle
Agent Operating Procedure onboarding, configuration as code, CI/CD pipeline, and safe deployment strategies. For Platform Engineering and Underwriting Governance.