Corral
Back to News
EngineeringSecurity

Building Zero-Trust AI: Our Architecture Philosophy

December 5, 2024 Engineering Team

When we set out to build Corral, we asked ourselves a fundamental question: How do you build AI infrastructure that an enterprise can trust?

The answer wasn’t better security policies or more compliance certifications. It was architecture — designing a system where data protection isn’t a feature but a mathematical certainty.

The Problem with Traditional AI Security

Most AI platforms approach security as a layer on top of functionality:

[Your Data] → [AI Platform] → [Security Controls] → [Results]

The problem? Your data still passes through their infrastructure. Security depends on:

  • Their employees following policies
  • Their systems remaining uncompromised
  • Their business interests aligning with yours

One breach, one rogue employee, one subpoena — and your data is exposed.

Our Approach: Security by Architecture

Corral inverts this model entirely:

[Your Data] → [Your Infrastructure + Corral] → [Results]
                        ↑
              [Our Management Plane]
              (No data access)

We designed Corral so that we physically cannot access your data. Not “won’t” — can’t.

How It Works

1. Deployment Isolation

When you deploy Corral, everything runs in your Azure tenant:

  • Compute resources in your subscription
  • Storage in your storage accounts
  • Networking within your virtual networks

We don’t have credentials to your Azure subscription. We can’t SSH into your VMs. We can’t query your databases.

2. Encryption Key Control

All data at rest is encrypted with keys stored in your Azure Key Vault:

  • We never see the keys
  • We can’t decrypt your data
  • You can rotate keys at any time

Even our update mechanisms work with encrypted blobs that only your deployment can decrypt.

3. Management Plane Separation

Our management plane handles:

  • Deployment orchestration
  • Update distribution
  • Health monitoring (metadata only)
  • License validation

What it doesn’t handle:

  • Any user data
  • Document contents
  • Conversation history
  • Query results

The management plane sees that your deployment is healthy and running version X.Y.Z. It never sees what you’re doing with it.

Technical Deep Dive

For the security engineers reading this, here’s how we achieve true isolation:

Identity Federation

// Your Azure AD remains authoritative
// Corral validates tokens, never stores credentials
const validateToken = async (token: string) => {
  const decoded = await verifyAzureADToken(token, {
    tenant: customerTenantId,
    audience: corralAppId
  });
  return decoded; // No token storage, no credential caching
};

Encrypted Configuration

Updates are distributed as encrypted packages:

  1. We publish encrypted update blobs to Azure Blob Storage
  2. Your deployment downloads and decrypts using your Key Vault keys
  3. Updates apply atomically with automatic rollback on failure

We can push updates without ever seeing what’s running or what data exists.

Audit Everything

Every action is logged to your Azure Monitor:

  • API calls with full request/response metadata
  • Authentication events
  • Configuration changes
  • Error conditions

We can’t see these logs. You can export them to your SIEM, apply retention policies, and run forensics — all within your security tooling.

Why This Matters

Zero-trust architecture isn’t about paranoia. It’s about removing uncertainty.

When your CISO asks “Can they see our data?”, you don’t have to say “They promise not to.” You can say “Architecturally impossible.”

When your legal team reviews vendor agreements, data processing addendums become simpler — we’re not a data processor because we never process your data.

When a breach happens (not if — when), your AI system isn’t in scope because the data never left your perimeter.

The Trade-offs

We won’t pretend this architecture is without cost:

  • Deployment complexity — We’ve minimized this with Azure Marketplace, but it’s still more than a SaaS signup
  • Support limitations — We can’t “just look at your data” to debug issues; we’ve built better observability tools instead
  • Feature velocity — Some SaaS-style features (cross-customer analytics, etc.) are architecturally impossible

We believe these trade-offs are worth it for enterprises where data security isn’t optional.

Want to learn more about our architecture? Contact our engineering team or explore our technical documentation.

Want to learn more?

Read more articles