kolm compiles your task into a signed local artifact: model, adapter, recipes, recall index, evals. Deploys to a desk, a laptop, or a private cluster behind your egress proxy. kolm serve --mcp exposes it to the agents your analysts already use. The frontier you bring is the teacher; the artifact is the binary; the customer record never moves.
Every prompt is potentially examinable by SEC, FINRA, OCC, FCA, BaFin. Every cross-border call is a residency event. Every vendor deprecation is a quarter-cycle re-review at the model risk committee. The risk isn't theoretical.
is examinable by SEC, FINRA, OCC. kolm receipts are HMAC-chained and reproducible offline.
cloud round trip per query. kolm runs locally, answers in 80 ms.
on every frontier model upgrade. kolm pins the model into the artifact for the life of the deployment.
The compile bridge runs inside your boundary. Customer records never leave. The artifact is a single signed file. The signature is verifiable offline against the manifest hash chain, the same way you sign released code today.
Compile region selectable EU, UK, US, APAC. Frontier teacher reachable through your existing egress proxy. The compile pipeline never persists customer data.
Every output is reproducible. Every layer is content-addressed. Tampering breaks the chain. Defensible at FINRA exam, useful at deposition, useful at internal audit.
K-score breakdown, eval set, lineage, base-model hash, adapter delta, recipe pack, recall index. Your MRM dossier is the artifact's manifest.
A 42 MB artifact running on the credit officer's laptop. Indexes the borrower file locally, drafts the memo in the desk's house style, defers anything the verifier rejects to a senior. Receipts mirror to your audit log on demand. No cloud calls during the workup.
Compile happens once per quarter against the desk's redacted gold set. The artifact is signed, K-scored, and pushed to the MDM. Deployment is a single signed file, not a service to monitor.
Redacted memo pairs from approved deals. Held-out evaluation drawn separately and never seen at training.
Verifier synthesized from examples, k-sample teacher, LoRA distill, recipe extract, recall index, sign. K-score gate enforces ship floor.
Hold-out evaluation report goes to the model risk committee. K-score breakdown is part of the artifact, defensible at exam.
Single signed file deploys via MDM. Runtime is offline. Receipts mirror to the audit log via Splunk or webhook on demand.
Same matrix we publish on /security: one source of truth, no marketing edits.
Type I attestation tracking Q4 2026, Type II Q2 2027. Controls, evidence checklist, and audit calendar available under NDA.
K-score, eval set, lineage, base hash, adapter delta. Designed to drop into your model risk inventory.
Artifact logs, verifier gates, and receipts support technical documentation. Risk tier remains use-case-specific.
EU and UK compile region options are planned for Pro and Enterprise. DPA templates and GLBA safeguards mapping are prepared for review.
Provision the Enterprise tier, install the CLI, compile your first artifact against your own examples. The customer-hosted compile bridge, SAML/SCIM, BAA path, and signed audit log are all wired to the same dashboard. No scoping call required to start.