Three zones. Four steps. Five components. Two execution paths. One governance framework. The AI enablement data layer for regulated operations — at the architectural level.
LLM Capsule sits inside your environment, reads from existing systems, preserves operational structure, and restores AI output back into the originating workflow. The architecture maps to four zones — Corporate Internal Network, DMZ, In-House Team, and Local Auto Reconstruction — and the trust boundary holds: raw operational data stays inside the corporate environment; only the protected capsule traverses zones; restored output is reconstructed locally inside the in-house team's environment.
Where the operational systems and the data they hold already live. LLM Capsule reads from these systems where they already are — without modification, with a single API-call addition.
Where the Enhanced Encapsulation Layer operates. Detection identifies sensitive elements, encapsulation replaces them with safe tokens using structure-preserving, differential-privacy-based protection, and only the capsule leaves this zone toward an external AI.
Where governance, policy, and the AI workflow itself are operated. Organizational policy, permissions, and domain context drive how the encapsulated request is routed — to an approved external LLM or to an on-prem local model — with full audit retained inside the organization.
Where the AI response is automatically reconstructed back into Business-Ready output. Tokens are restored to original values inside the organization only — data that left the boundary cannot be reconstructed externally.
For architects and security reviewers — the full zone-based view of how operational data, encapsulation, and how any LLM interacts.
Existing enterprise systems — ERP, CRM, Ticketing, DMS / ECM, Legacy DB, RAG Pipeline — stay in place. Nothing migrates. Capsule reads from them via REST, gRPC, JDBC, or Graph API depending on the source.
The Enhanced Encapsulation Layer detects sensitive elements, replaces them with safe tokens using structure-preserving, differential-privacy-based protection, and hands the capsule to the routing decision. Original values stay behind, retained in the local token map.
Organizational policy, permissions, and domain context decide where the capsule is processed — an approved external LLM (Path A) or an on-prem local model (Path B). The decision is policy-driven per workflow, with full audit retained inside the organization.
The AI response is automatically reconstructed from token to original value inside the organization only. Data that left the trust boundary cannot be reconstructed externally. The restored output is delivered back into the originating workflow.
The pillars below are the technical commitments encoded into the four-zone architecture above. Each maps to a specific failure mode of conventional approaches.
Even inside the same enterprise, free-text fields like a CS ticket Details column mix customer names, contact information, and claim narrative in unstructured form. Simple PII guardrails cannot safely process this. Detection in Capsule operates on free-text and structured fields together — semantic and context-aware, not pattern-matching alone.
Existing enterprise systems are not refactored. Connection is a single API-call addition (REST / gRPC) — the operations team continues using their existing tools, the Capsule layer handles encapsulation and restoration alongside.
The Enhanced Encapsulation Layer goes beyond simple tokenization. Differential privacy (epsilon-DP, Laplace noise, k-anonymity, NER masking) is applied to minimize re-identification risk on the capsule itself, providing stronger protection than tokenization alone.
External AI services see only the capsule. Original operational data does not cross the trust boundary. Tokenization combined with DP processing means a leak from the external AI side does not yield reconstructable original values.
AI response tokens are automatically restored to their original values inside the organization only. Data that left the trust boundary cannot be reconstructed externally — only the in-house token vault can perform restoration.
Organizational policy, permissions, and domain context drive the entire AI processing path — what gets encapsulated, where it is routed (Path A external or Path B on-prem), and how restoration is audited. Governance stays inside the organization end-to-end.
These pillars are derived from the diagram_v8 architecture reference. Each pillar maps to a specific failure mode of conventional approaches — masking and redaction, prompt security gateways, and synthetic data platforms — that the four-zone architecture is designed to address.
The five architectural components that implement the data layer. Each is independently configurable and audit-loggable.
Detects PII + customer-defined markers across structured fields and free text. Beyond regex — semantic + context-aware. 98.1% detection accuracy.
Differential-privacy-based replacement (epsilon-DP, Laplace noise, k-anonymity, NER masking). Structure-preserving — tables, hierarchies, references survive.
Versioned, scoped, RBAC'd policies. Time-shifting markers — yesterday's policy archived, today's enforced. Per-team, per-workflow scope.
Local token vault lookup + context re-binding + output validation. 100% restoration rate. AI output comes back business-ready, in the originating tool.
Every detection, encapsulation, processing, and restoration logged with policy version, model, latency, and outcome. GDPR / HIPAA / SOX-aligned.
The same LLM Capsule instance can route different workflows through different paths — under one governance framework.
For workflows where the regulatory profile permits transmission of differentially-private capsules with appropriate contractual safeguards (DPA, SCCs).
For workflows where any external endpoint is unacceptable — classified data, lawful intercept segments, OT operations, regulated mental health / pediatric data.
LLM Capsule is not a SaaS API you call from outside. It runs inside your environment and reads from the operational systems already in place. Existing systems are not modified — a single API-call addition is what connects them to the encapsulation layer.
These six are the source-system identities mapped in the diagram_v8 reference. Existing enterprise systems are not modified — connection is a single API-call addition. Raw operational data does not leave the environment to reach Capsule; the Capsule sits next to these systems, on-prem or in your VPC.
Once Capsule is deployed inside the environment, existing enterprise systems invoke it through whichever interface fits their stack. All interfaces stay inside the customer network — none of them route raw operational data through an external SaaS endpoint.
Capsule runs inside the customer environment in every mode. Path A and Path B execution choices apply across all six.
Fully internal. No external network. Path B only. Defense, classified, OT.
Internal Capsule + approved external LLM. Path A for most workflows, Path B for sensitive subset.
Customer's cloud VPC. Capsule + token vault stay in tenant; LLM call to in-region endpoint.
Listed and procurable through AWS Marketplace. VPC deployment, AWS billing integration.
For ISVs and platform vendors building Capsule into their own product. Library-level integration that ships inside the host application.
For teams using Slack as the operations UI. Capsule runtime stays in the customer environment; the Slack App is the surface that invokes it.
Note: a separate "Telecom-grade" topology (NFV / container / multi-region) is offered as a deployment variant for operator infrastructure — validated at SK Telecom, recognized at Deutsche Telekom T Challenge 2026. It composes with the modes above rather than replacing them.
Bring your deployment constraints, regulatory profile, and one real workflow. We demonstrate the data layer in your environment within 30 minutes.
![](data:image/svg+xml,<svg display="block" role="presentation" viewBox="0 0 148 16" xmlns="http://www.w3.org/2000/svg"><path d="M 11.102 15.765 L 0 15.765 L 0 0.225 L 3.59 0.225 L 3.59 12.61 L 11.102 12.61 L 11.102 15.766 Z M 24.19 15.765 L 13.086 15.765 L 13.086 0.225 L 16.676 0.225 L 16.676 12.61 L 24.188 12.61 L 24.188 15.766 Z M 26.177 0.226 L 29.85 0.226 L 34.324 10.366 L 38.798 0.226 L 42.472 0.226 L 42.472 15.765 L 38.882 15.765 L 38.882 7.361 L 35.526 14.844 L 33.13 14.844 L 29.774 7.36 L 29.774 15.764 L 26.184 15.764 L 26.184 0.225 L 26.177 0.225 Z M 57.981 0 C 60.649 0 62.947 1.352 64.375 3.556 L 63.362 4.334 C 62.01 2.341 60.09 1.27 57.99 1.27 C 54.4 1.27 51.785 4.139 51.785 8.012 C 51.785 11.886 54.453 14.74 58.058 14.74 C 60.219 14.74 62.138 13.698 63.499 11.674 L 64.467 12.452 C 63.068 14.626 60.694 16 58.056 16 C 53.741 16 50.469 12.565 50.469 8.011 C 50.469 3.458 53.696 0 57.996 0 Z M 65.483 15.765 L 71.62 0.225 L 73.335 0.225 L 79.472 15.765 L 78.142 15.765 L 76.562 11.793 L 68.392 11.793 L 66.812 15.765 L 65.482 15.765 Z M 76.079 10.57 L 72.466 1.456 L 68.869 10.57 Z M 81.833 15.765 L 81.833 0.225 L 87.872 0.225 C 90.706 0.225 92.55 2.008 92.55 4.711 C 92.55 7.414 90.706 9.151 87.872 9.151 L 83.14 9.151 L 83.14 15.765 L 81.832 15.765 Z M 83.141 7.92 L 87.811 7.92 C 90.048 7.92 91.212 6.651 91.212 4.718 C 91.212 2.785 90.049 1.464 87.812 1.464 L 83.14 1.464 L 83.14 7.92 Z M 95.465 12.028 C 96.553 13.81 98.299 14.739 100.196 14.739 C 102.093 14.739 103.891 13.697 103.891 11.96 C 103.891 10.224 102.607 9.499 99.757 8.495 C 96.583 7.37 94.973 6.275 94.973 4.077 C 94.973 1.389 97.467 0 99.773 0 C 102.304 0 103.99 1.314 104.821 2.71 L 103.808 3.488 C 102.924 2.008 101.496 1.268 99.772 1.268 C 98.049 1.268 96.296 2.243 96.296 4.048 C 96.296 5.489 97.528 6.328 100.158 7.218 C 103.952 8.51 105.214 9.71 105.214 11.938 C 105.214 14.573 102.818 16 100.196 16 C 97.785 16 95.54 14.784 94.49 12.806 L 95.457 12.028 Z M 108.278 0.226 L 109.578 0.226 L 109.578 10.102 C 109.578 12.835 111.475 14.715 114.528 14.715 C 117.581 14.715 119.478 12.85 119.478 10.102 L 119.478 0.226 L 120.778 0.226 L 120.778 10.102 C 120.778 13.636 118.398 15.999 114.528 15.999 C 110.659 15.999 108.278 13.629 108.278 10.102 Z M 124.785 15.765 L 124.785 0.225 L 126.092 0.225 L 126.092 14.512 L 135.056 14.512 L 135.056 15.772 L 124.785 15.772 Z M 137.67 0.226 L 147.329 0.226 L 147.329 1.464 L 138.978 1.464 L 138.978 7.097 L 146.188 7.097 L 146.188 8.343 L 138.978 8.343 L 138.978 14.534 L 147.571 14.534 L 147.571 15.773 L 137.67 15.773 Z" fill="rgb(35, 31, 32)" height="16px" id="o43yy6bJZ" width="147.57099816894532px"/></svg>)