Your AI pilot is stalled on one thing: the data can’t leave

Your AI stops at the data it can’t touch. Capsule gets it through.

The log that would close the ticket can’t leave the building, so your model never sees it. Mask it and node=████ tells the AI nothing. Capsule sends a protected working version through your approved model, and the real answer comes back in the workflow.

Proven on operational data that can’t leave, in telecom, industrial / OT, healthcare, finance and public sector
Deutsche Telekom
SK Telecom
Claroty
IBK
DB Insurance
Shin & Kim
EUMC
Ministry of National Defense
AWS Marketplace
Deutsche Telekom
SK Telecom
Claroty
IBK
DB Insurance
Shin & Kim
EUMC
Ministry of National Defense
AWS Marketplace
How it works

Raw values stay inside.
A protected version does the round trip.

The model can be external. The raw values are not. LLM Capsule is the context-preserving data layer between your operational data and AI execution — approved models, agents and MCP tools — so only a protected working version ever crosses, and the real values are reconstructed inside your workflow.

Try the round trip
Your environment — on-prem / VPC / air-gapped
Front · what the operator sees
NOC Assistant
online
circuit_id=CKT-77-AB12 on node edge-04 is flapping. Why, and how do I fix it?
09:42
⟨capsule:circuit_1⟩CKT-77-AB12 is flapping; link errors on ⟨capsule:node_1⟩edge-04. Reset the interface and check the optics.
09:42 · on the protected versionreconstructed locally
Message NOC Assistant…
LLM Capsule
substitutereconstruct · hold mapping
protected stand-inoriginal (stays local)
⟨capsule:circuit_1⟩CKT-77-AB12
⟨capsule:node_1⟩edge-04
Sent to the model: stand-ins only. Originals are held in this local mapping — they never cross the boundary.Reconstruct: resolved the ⟨capsule:…⟩ stand-ins back to real values using the local mapping. Nothing crossed the boundary.
⟨capsule:circuit_1⟩protected working version⟨capsule:circuit_1⟩model output · still protected⟨capsule:…⟩ outmodel output
Approved model
GPT-4ClaudeLlama
or your in-house model
external · VPC · on-prem
Only the ⟨capsule:…⟩ form crosses the boundary — real values are reconstructed inside your environment.
The reveal does not fetch anything from the model. It is a local mapping lookup inside your environment — the original values and the mapping never left.
Where it sits

One layer between your operational data and the model.

Operational data goes in. Only a protected working version reaches approved models, agents and MCP tools. The reconstructed result lands back in your workflow — the raw values and the internal mapping never move.

AI executionapproved models · agents · MCP toolsprotected working versionmodel outputLLM Capsulecontext-preserving data layer for AIDetect markersSubstitute in contextPreserve structureReconstruct locallyPolicy + auditOriginal values and the internal mapping never leave · runs on-prem, in your VPC, or air-gappedReconstructed outputin your workflowoperational data inOperational datalogs · tickets · configs · topology · runbooks · PDFsraw values never leave
Fits your AI stack

It plugs into the systems you already run.

Agents, MCP servers and RAG pipelines call Capsule; it returns a protected working version, the approved model runs, and the real result is reconstructed into ServiceNow, Jira, OSS/NOC, EHR or your OT historian.

Operational systemsServiceNowJiraOSS / NOCOT historianEHRLLM Capsulecreates a protectedworking versioninternal mapping stays localAI executionAgentMCP serverRAG pipelinedata inprotected ver.model outputreconstructed outputAgents, MCP tools and RAG pipelines receive only a protected working version — never the raw operational values.
How it compares

Not masking. Not a cloud vault.

Where other approaches stop the workflow or move your data out, Capsule keeps the values inside and still returns a usable result.

ApproachWhat it doesThe limitWith LLM Capsule
Masking & redactionRemoves the valuesDestroys the context AI needs; the workflow can't finishKeeps raw values inside and reconstructs usable results to the workflow
PII detectorsDetect names and numbersCan't see non-PII operational markers you actually need protectedYou define the markers; structure stays usable
Synthetic dataGenerates artificial dataFor training and testing, not live operational workflowsRuns on the real records in production
Block AI entirelyManual approval gatePilots never reach productionThe workflow runs under your existing governance
Six capabilities

What makes the workflow keep running, and keep running for years

Can't send it raw. Can't just mask it. Capsule creates a protected working version, lets AI do the work, and reconstructs a usable result inside your workflow. These three capabilities are why the workflow finishes — plus three more that keep it running inside real systems over time.

01 · The difference

Get the real answer back

When the model returns its answer, Capsule rebuilds the real business values inside your environment, automatically. No one masks the input and reassembles the output by hand. The workflow finishes with real circuit IDs, ticket IDs and figures.

If a person has to rebuild the answer, it was never automation.
Internal: Reconstruction
MaskingCKT-77███can't act on it CapsuleCKT-77⟨capsule:circuit_1⟩RCA resultRCA for CKT-77 reconstructed output
02

Protect what PII tools can't even see

Standard PII categories aren't enough. Define project codes, deal terms, internal IDs, network identifiers, asset references, mission references — any business-specific marker. Context-aware control adapts to document type, department and workflow.

Your secrets aren't names and card numbers. They're AS4766, edge-ring-a, Project Halo — and no PII tool is even looking for them.
Internal: Enterprise Context
A PII detector catchesnameemailphonecard no.You define what Capsule protectscircuit IDAS4766topology nodeOT asset IDM&A codename
03

Keep the record usable

Tables, cross-references, configurations, topology graphs, ticket fields, runbook steps and document hierarchies survive intact. AI receives the full operational structure, not broken fragments that produce useless output.

Redaction protects the field. Capsule protects the workflow.
Internal: Structure-Preserving
Redaction — AI can't parsecircuit_id=█████ node=██████loss=████Capsule — AI can still reasoncircuit_id=⟨capsule:circuit_1⟩node=⟨capsule:node_1⟩ loss=4.7%
04

You keep control of your own data

Sensitive data stays inside your environment. The model only ever works on the protected version, and the map that reconstructs real values never leaves the organization. Differential-privacy-based protection makes original values practically non-recoverable from outside your boundary. The model can be external; the raw values don't have to be.

You don't have to choose between AI and control.
Internal: Zero Exposure
Customer environmentraw values · CKT-77-AB12reconstruction map (stays here)results rebuilt locallyapprovedmodel pathprotected versionraw values do not cross
05

Fit into the workflow they already run

Air-gapped networks, on-premise servers, telecom-grade platforms, ServiceNow / SharePoint / Jira / OT historians and RAG pipelines — Capsule deploys inside your enterprise as-is, as a single API-call addition. No migration. Your existing workflows and policies stay intact.

No copy-paste masking. No manual cleanup. It runs inside the flow.
Internal: Enterprise Env Execution
NOC / OSSServiceNow / JiraOT historian / RAGCapsuleapprovedmodel pathreconstructed output back in the ticket / workflow
06

Change what's protected tomorrow

Yesterday it was circuit IDs and topology nodes. Today add M&A codenames and deal terms. Next quarter add a new regulator's markers. Define, version and time-shift what's protected as your business and regulations evolve, with a full audit trail of which marker was protected when.

What you protect will change. Your pipeline shouldn't break.
Internal: Time-Shifting Policy
Yesterdaycircuit IDs,topologyToday+ M&A codename,deal termsTomorrow+ new regulatedmarkerspipeline unchanged · old policy archived & auditable
What it's built for

Not just PII. The operational records your work actually runs on.

A generic PII detector looks for names and numbers. The data that stops your AI is logs, configs, topology and contracts. Capsule keeps each of these usable for AI while the real values stay inside.

System logs

BGP logs, alarm streams, NOC notes

PDF reports

incident reports, filings, contracts

Topology graphs

network graphs, asset relationships

Tickets

INC-24091, ticket fields, history

Runbooks

response steps, escalation paths

Code & config

snippets, device configs, paths

Tables

structured fields, cross-references

Images & diagrams

schematics, scans, annotations

Unstructured notes

clinical notes, mission briefs
Proof

Measured on real operational documents

0.12sper page
Processing (2,200 chars)
Exact
Reconstruction
98%
Output similarity
99.14%
Workflow accuracy

Reconstruction is deterministic: substituted markers are rebuilt inside your environment through the internal mapping, not by inverting any differential-privacy step. Similarity measured on structured operational documents; figures vary by data type and workflow. We validate on your own payload during evaluation.

Where it runs

Built for operations putting AI on data that can't leave

The same round trip across regulated operations: the real record stays inside, AI works on a protected version, and the answer comes back in the ticket or workflow.

01

Network Operations & Incident Analysis

Operational data
circuit ID · topology node · BGP log · device ID · alarm stream · NOC note · incident ticket
NOC log · circuit IDCapsuleAI · RCAreconstructed ticket
SK Telecom · Deutsche Telekom T Challenge 2026 — Top 12, Data Security & Governance
02

Industrial Asset & Vulnerability Operations (OT)

Operational data
OT asset ID · PLC / ICS alert · vulnerability record · patch constraint · vendor / device info
asset ID · ICS alertCapsuleAI · fixsecurity ops workflow
Partner: Claroty (industrial cybersecurity)
03

Healthcare Clinical & Hospital Operations

Operational data
clinical note · lab result · prescription flow · medical record ID · diagnosis · claim review context
MRN · clinical noteCapsuleAI · notereconstructed into EHR
Deployed at Ewha Womans University Medical Center (EUMC)
04

Public Sector / Defense — Mission Workflow

Operational data
mission log · classified operation detail · security-grade document · operation brief · command workflow
mission log · localCapsuleAI · briefcommand · audit trail
Deployed at Ministry of National Defense (South Korea) — on-prem / local execution

Deutsche Telekom and Claroty validate Capsule in critical-infrastructure and telecom-grade operational context — the hardest places for operational data to move at all.

Once the data path is open

Capsule opens the blocked path. Syntitan takes it to production.

Capsule gets blocked operational data into the AI workflow on-prem. Syntitan, the cloud operating layer, then evaluates, validates and operates that workflow in production. Capsule and Syntitan stay separate products for separate audiences; this is how they connect.

CAPSULE · ON-PREM

Opens the blocked path

Operational data that can't go raw into SaaS reaches the AI workflow inside your environment.

SYNTITAN · CLOUD

Takes it to production

Validates and operates the workflow so it's production-ready and reproducible at scale.

Straight answers

The questions people ask before they trust this

Can you run AI on operational data that can't leave your environment?

Yes. LLM Capsule turns sensitive operational values into a protected working version inside your environment, lets an approved model work on that version, and reconstructs the usable result in your workflow. The original values and the mapping that reconstructs them never leave. It runs on-prem, in your VPC, or fully air-gapped.

What is a context-preserving data layer for AI?

It is a layer that sits between your operational data and the model. Instead of redacting values to ████ and destroying the record, it substitutes them with context-preserving stand-ins so the structure the AI needs stays intact, then reconstructs the real values after the model runs.

How is this different from a cloud privacy vault or a PII masking tool?

A masking tool hides values and stops, which breaks the workflow. A cloud privacy vault stores your values and the mapping in someone else's cloud. Capsule keeps the original values and the reconstruction mapping inside your own environment, protects non-PII operational markers you define, and reconstructs a usable result. Nothing is sent to an external vault.

Can it run in an air-gapped or regulated environment?

Yes. Capsule deploys inside on-prem, VPC and air-gapped environments and embeds into the systems you already run, such as ServiceNow, Jira, OSS/NOC and RAG. It is already deployed on operational data in telecom, industrial / OT and the public sector.

FAQ

Frequently asked questions

Is LLM Capsule a PII masking tool?
No. Masking hides values and stops, which breaks the workflow. Capsule keeps raw values inside your environment, creates a protected working version AI can use, preserves the structure of the record, and reconstructs usable results. It also protects the non-PII operational markers you define, which PII tools don't catch.
Does Capsule replace my approved LLM?
No. Capsule sits in front of the model path you already approved — external or on-prem. You keep the LLM you chose. Capsule lets the data that was blocked reach it as a protected working version.
Can I still use external LLMs like ChatGPT, Claude or Gemini?
Yes. The model can be external. Capsule sends only a protected working version through the approved model path, so the external model never sees the raw values. External, in-house, VPC-hosted and on-prem models all work — you choose under your own governance.
Can it work on logs, PDFs, graphs, tickets, code and images?
Yes. Structure is preserved across formats, so the model receives a usable record instead of broken fragments. Logs stay logs, tables stay tables, topology graphs stay relationships.
Where do the raw values stay?
Inside your environment. Only the protected working version crosses to the model path, and the map that reconstructs the real values never leaves the organization.
How does reconstruction work?
After the model returns its answer on the protected version, Capsule rebuilds the real business values inside your environment so the output is usable in the originating workflow — the real circuit ID, ticket ID, figures and references come back.
Do humans have to manually reconstruct the values?
No. Reconstruction happens automatically inside the workflow. No one masks the input or reassembles the output by hand, so production AI doesn't wait for a person.
Can the policy change over time?
Yes. Define and version what's protected, and update the markers as your business or regulators change — without rebuilding the pipeline. Yesterday's policy stays archived and auditable.
How does this connect to Syntitan?
Capsule opens the blocked data path so the workflow can run on-prem. Syntitan (cloud) then validates and operates that workflow in production. They're separate products for separate audiences.

Bring one workflow that can't send its data raw.

A log, PDF, topology graph, ticket, runbook or config that can't go raw into an LLM. We'll show what stays inside, what the model works on, and how the result comes back usable.

Email : contact@cubig.ai

CUBIG LTD (United Kingdom)

Company Number: NI735459
Address: 21 Arthur Street, Belfast, Antrim, United Kingdom, BT1 4GA


CUBIG CORP (Republic of Korea)

Business Registration Number : 133-81-45679

E-Commerce Registration : 2023-Seoul-Seocho-2822

Address: 4F, NAVER 1784, 95, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

©️ 2026 CUBIG Corp. All rights Reserved.

Consent Preferences

Email : contact@cubig.ai

CUBIG LTD (United Kingdom)

Company Number: NI735459
Address: 21 Arthur Street, Belfast, Antrim, United Kingdom, BT1 4GA


CUBIG CORP (Republic of Korea)

Business Registration Number : 133-81-45679

E-Commerce Registration : 2023-Seoul-Seocho-2822

Address: 4F, NAVER 1784, 95, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

©️ 2026 CUBIG Corp. All rights Reserved.

Consent Preferences

Email : contact@cubig.ai

CUBIG LTD (United Kingdom)

Company Number: NI735459
Address: 21 Arthur Street, Belfast, Antrim, United Kingdom, BT1 4GA


CUBIG CORP (Republic of Korea)

Business Registration Number : 133-81-45679

E-Commerce Registration : 2023-Seoul-Seocho-2822

Address: 4F, NAVER 1784, 95, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

©️ 2026 CUBIG Corp. All rights Reserved.

Consent Preferences

Email : contact@cubig.ai

CUBIG LTD (United Kingdom)

Company Number: NI735459
Address: 21 Arthur Street, Belfast, Antrim, United Kingdom, BT1 4GA


CUBIG CORP (Republic of Korea)

Business Registration Number : 133-81-45679

E-Commerce Registration : 2023-Seoul-Seocho-2822

Address: 4F, NAVER 1784, 95, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

©️ 2026 CUBIG Corp. All rights Reserved.

Consent Preferences

Email : contact@cubig.ai

CUBIG LTD (United Kingdom)

Company Number: NI735459
Address: 21 Arthur Street, Belfast, Antrim, United Kingdom, BT1 4GA


CUBIG CORP (Republic of Korea)

Business Registration Number : 133-81-45679

E-Commerce Registration : 2023-Seoul-Seocho-2822

Address: 4F, NAVER 1784, 95, Jeongjail-ro, Bundang-gu, Seongnam-si, Gyeonggi-do, Republic of Korea

©️ 2026 CUBIG Corp. All rights Reserved.

Consent Preferences