The architecture, the human-in-the-loop gate, the airgap package system, and the integrations - everything ATLAS actually does, on one page. For company info, mission, team, and patent, see the About page.
Detect. Propose. Approve or automate. Execute. Audit. Every step is recorded.
Step-by-step: six stages, every one observable in the audit log. The shape of the loop - human or automated - is set by the network, not the AI.
ATLAS is built for federal, defense, and critical infrastructure. The size of the human-in-the-loop gate is a property of the network the hub is deployed in, not a setting anyone can flip from the console.
On SIPR, JWICS, NIPR-R, and any disconnected enclave, no playbook runs without a human reviewer. The playbook is the ticket. The approver signs, the CEI executes, the audit log captures every byte. Period. There is no auto-execute on a classified network, even if the playbook has the automation flag set.
On NIPR, commercial cloud, and DoW-approved connected networks, an admin-approved playbook can be flagged for automation. ATLAS still creates a ticket and still records the run - it just doesn't wait for a human to click approve on every incident. Admins can disable automation on any playbook from the console in one click.
Federal systems have a "propose, don't act" AI policy for a reason. The model proposes; humans and policy decide; the CEI executes. ATLAS makes the proposal structured, evidence-backed, and one-click actionable - and the policy layer decides whether the action is auto or manual. The AI never chooses for itself.
Suggested → Approved (or rejected, or flagged for ISSO review). On classified networks, that's the only path. On unclassified networks, Approved playbooks can be promoted to Automated by an admin, scoped to a role, a host group, an OS, or a time window. Promotion is logged; demotion is one click.
An automated playbook doesn't skip the audit trail - it skips the wait. The ticket is still opened, the approver is still recorded, the run is still logged, the post-execution verification is still run. The only thing that's different is that a human doesn't have to be awake when the playbook fires.
An approved playbook with allow_automation: true. The admin flips this on per-playbook from the Playbooks page. From that point on, the playbook runs unattended whenever a matching event occurs on an unclassified network - but the ticket, approver chain, and audit log are identical to a manual run.
2-second guard. After a match, ATLAS waits 2 seconds. If a human starts a manual approval flow on the same playbook, the auto-execute cancels. 30-minute execute window. If the conditions change in that window, the run aborts. Kill switch. Admins can disable automation on any playbook from the console in one click - takes effect within 30 seconds across the fleet.
Daily ACAS scan triage. Pull ACAS findings, correlate with asset criticality, auto-approve CAT I, generate the daily report. STIG compliance daily check. Run STIG Manager collection, diff against baseline, notify ISSO on regression. Quarantine endpoint by MAC. Single step: move the switchport to the quarantine VLAN. Forescout handles the network side.
Federal incident response baselines around 4.2 hours MTTR for critical findings. ATLAS automated playbooks drive that to under 30 minutes on unclassified networks, with a full audit trail. The metric the demo's reports tab reports on: automated runs / manual runs / total plays / automation %.
The hub ingests from security and IT tools via REST, then writes back through the same APIs. No rip-and-replace. ATLAS becomes the orchestration layer; your existing stack keeps doing what it does best.
ACAS / Nessus - vulnerability scans, 100% DoW-mandated. CISA KEV - Known Exploited Vulnerabilities, daily sync. MDE / Trellix - endpoint detection & response. Active Directory - identity, group policy, account state. Sysmon / SIEM - host-level event log forwarding. STIG Manager - DISA compliance findings.
ConfigOS - automated STIG/CIS hardening, mandatory DoW tool. Forescout - network access control, switchport quarantine, NAC segmentation. SCCM / Intune - patch deployment waves. STIG Manager - close out findings after remediation. ServiceNow / Jira - ticket lifecycle from open to closed.
All integrations go through the same boundary the WebGateway enforces: mTLS with hub-issued client certs, HMAC-SHA256 on every request body, and least-privilege API tokens scoped per integration. The local LLM can never directly touch an external API - the orchestration layer brokers every call, and the WebGateway sanitizes every payload.
Your SIEM still does correlation you trust. Your EDR still owns endpoint containment. Your ticketing system still owns the workflow. ATLAS doesn't try to be the smartest tool in your stack - it tries to be the connector. The AI proposes, the human or the policy decides, the right tool executes, the audit log captures it.
The hub has no internet access. All external content enters through one admin-controlled file share. The air gap is crossed by a cleared courier carrying a signed DVD.
Weekly cadence, aligned to Patch Tuesday. The classified side never opens a port. The unclassified side never reaches the classified network. What crosses is a small, curated, signed, verifiable subset of everything external.
The unclassified hub has no internet access. All external content enters through /share/ - a single admin-controlled directory with seven subdirs: /patches/, /acas/, /stig/, /intel/, /atlas-updates/, /rag-updates/, /gpo/. The admin downloads from vendor portals (Microsoft, Red Hat, DISA STIG library, CISA, NVD, Tenable.io) and drops files in. ATLAS watches the share, indexes what landed, and uses it for ticket creation and airgap package curation. No credentials on the hub. Complete audit trail of what entered and when.
The builder doesn't ship everything - it curates a weekly manifest matching the classified-side inventory. ACAS findings are correlated with available patches, vendor KB articles, and DISA STIG updates; the LLM ranks by mission impact and exploitability; the result is a small, relevant set of files. ACAS data flows twice: once into the unclassified triage pipeline for tickets, and once into the airgap package as /acas/scan.json so the classified LLM can explain why each patch was selected.
RAG learnings are generalized and sanitized by the LLM before they cross the gap. No hostnames, no IP addresses, no usernames, no network-specific identifiers. What crosses is the distilled wisdom - a PowerShell script that fixed an IIS crash, a pattern that distinguished a real APT from a false positive, a policy threshold that proved safe - not the raw data. What does NOT cross: chat history, agent telemetry, raw audit logs, or any entry still containing identifiers.
Each package contains a /manifest.json (file listing with SHA-256 hashes) and a /manifest.sig (RSA-SHA384 signature with the hub's airgap signing cert). The classified ingester verifies the signature, validates every hash, and only then passes the contents to the LLM for review. The signing cert is generated at install time (RSA 4096-bit, 1-year validity), embedded in the install media, and auto-renewed 30 days before expiry via the next package transfer - old and new certs valid during overlap.
When the package is ready, the admin clicks Build Package in the Airgap tab. The hub produces a multi-disk ISO (the size depends on content; a typical weekly package is one DVD, larger monthly bundles can span 2-3). A cleared courier physically carries the media across the gap. There's no network path between the two sides. There can't be.
The classified hub's airgap module runs in Ingester mode: Start session → input mount point → import disk 1, disk 2, etc. → verify signature → validate hashes → LLM review (correlates with the classified-side ACAS, flags conflicts, proposes apply order) → admin approval gate (always - no auto-apply, ever) → CEI executes: patches deploy via agents, STIG profiles update, RAG merges into classified knowledge base, GPO bundles deploy to AD, ATLAS binaries upgrade. Full audit trail logged locally.
Mon-Tue: admin downloads vendor patches. Tue: ACAS scan exported from Tenable. Wed: ATLAS indexes and parses. Thu: LLM curates the weekly package. Fri: admin builds media + next courier run. Monthly bundles include STIG library updates and ATLAS software upgrades. Cert renewal happens automatically on a T-30 day overlap. The classified enclave stays current with federal Patch Tuesday without ever opening a port.
First install uses ./install-atlas.sh --mode both --burn-media /tmp/atlas-classified-media.iso. The installer generates the airgap signing cert, embeds it in the ISO alongside the Windows + Linux agent installers, and produces one DVD. Admin burns, physically carries to classified side, Windows runs the .exe, Linux runs install-atlas.sh --mode class. The cert is already in the bundle - no separate cert disk.
No form. No sales sequence. Just an email that lands in the founder's inbox.
anthony@atlastek.ai