Customer-controlled execution for every environment
Zof generates governed test intelligence, packages signed capsules, and executes through customer-controlled runners, without requiring protected applications to call external AI services.
No inbound access required
No external model calls from protected networks
Signed immutable test capsules
Human approval for governed remediation
Execution near your environment, governance by design
Cloud is one path—not the only path. Zof is designed for enterprises that require customer-controlled execution, segmented networks, and regulated operating models.
- Cloud-managed and dedicated private cloud control planes
- Customer VPC/VNet execution with outbound-only connectivity patterns
- Hybrid architectures combining public cloud orchestration with local execution
- Edge runners and endpoint agents for branch, factory, and desktop validation
- Enclave-style execution with signed capsules and controlled telemetry egress
- Private Kubernetes-compatible execution in customer-managed clusters
Three planes. One governed execution model.
Intelligence and control stay where policy allows; execution stays inside your boundary. Sensitive data remains in the execution plane unless you approve egress.
Intelligence Plane
Governed test intelligence
Planning, generation, and prioritization run where policy permits, Zof Cloud, private cloud, or on-prem.
- -System Graph and workflow understanding
- -Risk prioritization and test generation
- -Signed capsule assembly
- -Remediation planning where permitted
- -No direct execution against protected apps from external SaaS
Control Plane
Approvals and policy
Customer-governed layer for signing, scheduling, audit trails, and evidence routing.
- -Human approval workflows
- -Cryptographic signing and policy enforcement
- -Capsule versioning and promotion
- -Role-based access and SSO integration
- -Audit-ready records for every action
Execution Plane
Customer-controlled execution
Tests run inside your infrastructure. Sensitive data stays inside unless you approve egress.
- -Local edge runner execution
- -Browser, API, and desktop validation
- -Local evidence capture and redaction
- -Optional sanitized or metadata-only egress
- -No external model calls from protected networks at runtime
Secure enclave architecture
Intelligence and control operate outside the protected segment; execution and evidence stay inside via signed capsules and customer-controlled runners.
Approved planning zone
Intelligence Plane
Cloud, private cloud, or on-prem
Control Plane
Signed Test Capsule
Customer Transfer Boundary
Customer-controlled segment
Execution Plane
Enclave Gateway
Edge Runner
Target Applications
Local Evidence Store
Optional Sanitized Egress
Approved planning zone
Intelligence Plane
Cloud, private cloud, or on-prem
Control Plane
Signed Test Capsule
Customer Transfer Boundary
Customer-controlled segment
Execution Plane
Enclave Gateway
Edge Runner
Target Applications
Local Evidence Store
Optional Sanitized Egress
Compare deployment models
Compare where planning runs, where tests execute, and how evidence may leave your boundary. Models can be combined in hybrid topologies.
| Deployment model | Where AI planning runs | Where execution runs | Internet requirement | Data egress model | Ideal use case | Sales motion | Pricing |
|---|---|---|---|---|---|---|---|
| Zof Cloud | Zof Cloud | Zof-managed or customer runners | Standard outbound | Customer-configured | Cloud-native teams, lower-friction pilots | Self-serve to enterprise | Published tiers + enterprise |
| Zof Private Cloud | Dedicated private cloud | Customer-controlled runners | Policy-controlled outbound | Local-first; optional approved egress | Regulated industries, residency requirements | Enterprise sales | Custom, contact sales |
| Zof Hybrid Enclave | Cloud or private cloud | Enclave gateway + edge runners | Not required in protected segment | Local-only default; optional sanitized | Banks, insurance, internal-only apps | Secure deployment briefing | Custom, contact sales |
| Zof On-Prem Control Plane | Customer data center | Customer-managed runners | Optional / air-gapped supported | Local-only typical | No internet, strict residency, internal governance | Architecture review required | Custom, contact sales |
| Zof Local Edge Runner | Paired control plane | Branch, factory, edge site | Not required for execution | Local evidence; optional sync | Distributed sites, segmented networks | Add-on to enterprise deployment | Custom, contact sales |
| Customer VPC / VNet | Cloud or private cloud | Customer VPC runners | Outbound-only typical | Local-first; policy-controlled | Enterprise SaaS in your cloud account | Architecture review | Custom, contact sales |
| Private Kubernetes execution | Customer-approved control plane | Customer-managed cluster agents | Policy-controlled | Namespace-scoped evidence | Platform teams with existing K8s estates | Architecture review | Custom, contact sales |
| Endpoint agents | Paired control plane | Desktop / VDI / legacy UI | Outbound registration typical | Local capture; optional sanitized | ERP, Citrix, internal desktop apps | Enterprise deployment | Custom, contact sales |
Secure deployment pricing depends on model, footprint, and implementation scope. View enterprise deployment pricing
Control planes, approval workflows, and audit evidence
Deployment flexibility is paired with governed autonomy: human approval, least-privilege access, and evidence routing you define.
Remediation approval workflow
Governed path from detection to verified fix.
- Role-based access, SSO, and separation of duties for capsule promotion
- Human approval before governed remediation in production paths
- Configurable evidence modes: local-only, sanitized, or metadata-only
- Audit trails for planning, execution, approvals, and administrative actions
Explore deployment options
Secure enclave
Signed capsules, enclave gateway, and local edge runners for segmented and restricted networks.
Private cloud
Dedicated Zof environment in a customer-approved region with stronger isolation and residency controls.
Hybrid cloud
Combine cloud or private cloud orchestration with VPC, edge, and endpoint execution in one governed model.
Private Kubernetes
Run execution-compatible agents in customer-managed clusters with separated control and execution planes.
On-prem control plane
Customer-managed infrastructure for strict residency, air-gapped, or limited-connectivity requirements.
Local edge runner
Distributed validation at branch, factory, or edge sites, without exposing local systems to the internet.
Banking secure enclave
Governed validation for core banking workflows through customer-controlled execution and audit-ready evidence.
Regulated environments
Patterns for healthcare, financial services, and public-sector segmentation without overclaiming certifications.
How regulated enterprises deploy Zof
Anonymized industry models illustrating deployment approaches in similar environments. Not endorsements or customer identifications.
This representative scenario is an anonymized industry model used to explain how Zof AI can be deployed in similar enterprise environments. It does not identify or imply a specific customer relationship.
Regulated advisory environment
Client data and internal advisory systems cannot be exposed to public SaaS execution.
- Infrastructure constraints
- Strict residency, no unmanaged external AI calls from advisory networks.
- Network segmentation
- Separate VLANs for client-facing apps, research tools, and admin systems.
- Deployment architecture
- Private cloud control plane with enclave gateway and local runners.
- Endpoint / edge execution
- Edge runners validate internal portals; endpoint agents for desktop workflows.
- Governance controls
- Capsule signing, dual approval for production remediation, full audit export.
- Telemetry boundaries
- Metadata-only egress to central dashboards; raw evidence stays local.
- Remediation governance
- PR-based fixes with human authorization; no silent production changes.
Payment processing environment
Cardholder data environments require segmented execution and controlled egress.
- Infrastructure constraints
- PCI-aligned segmentation; least-privilege runner placement.
- Network segmentation
- CDE-isolated segments with dedicated gateways per zone.
- Deployment architecture
- Hybrid: cloud planning in approved region, execution in customer VPC.
- Endpoint / edge execution
- Kubernetes-compatible agents in customer clusters; API validation in VPC.
- Governance controls
- PAM-brokered credentials, signed runners, change-control integration.
- Telemetry boundaries
- Sanitized egress with field masking; retention per compliance program.
- Remediation governance
- Staging-first remediation with verification suites before promotion.
Manufacturing operations environment
Plant-floor and MES systems need local validation without internet exposure.
- Infrastructure constraints
- OT/IT boundaries, intermittent connectivity, latency-sensitive checks.
- Network segmentation
- Factory networks isolated from corporate cloud control planes.
- Deployment architecture
- Central orchestration with distributed edge runner fleet per site.
- Endpoint / edge execution
- Edge runners at plants; optional outbound-only sync for capsule updates.
- Governance controls
- Site-level policies, fleet inventory, and local evidence bundles.
- Telemetry boundaries
- Local-only reporting default; optional aggregated health metadata.
- Remediation governance
- Human approval for changes affecting production lines.
Identity and trust environment
Identity platforms require high-assurance testing inside trust boundaries.
- Infrastructure constraints
- Secrets and tokens must not leave execution plane unredacted.
- Network segmentation
- DMZ, internal service mesh, and admin tooling on separate paths.
- Deployment architecture
- Customer VPC execution with secure enclave patterns for privileged flows.
- Endpoint / edge execution
- API and browser validation in VPC; endpoint agents for admin consoles.
- Governance controls
- Short-lived credentials, execution allowlists, continuous audit.
- Telemetry boundaries
- Evidence sanitization before any cross-zone transfer.
- Remediation governance
- Governed remediation with rollback verification in staging.
Enterprise systems integration environment
SI programs connect ERP, CRM, and custom middleware across hybrid estates.
- Infrastructure constraints
- Multi-region customers, mixed cloud and on-prem endpoints.
- Network segmentation
- Per-tenant or per-project network boundaries for validation workloads.
- Deployment architecture
- Hybrid cloud reliability: cloud control plane + VPC and on-prem runners.
- Endpoint / edge execution
- Distributed testing fleets targeted via System Graph change impact.
- Governance controls
- Project-scoped policies and evidence routing per engagement.
- Telemetry boundaries
- Configurable per environment; central analytics where approved.
- Remediation governance
- Approval workflows aligned to customer CAB processes.
Healthcare administration environment
Administrative systems handling PHI require residency-aware execution.
- Infrastructure constraints
- HIPAA-aligned handling; minimize data movement outside boundary.
- Network segmentation
- Clinical vs administrative network separation.
- Deployment architecture
- Private cloud or on-prem control plane with local execution workers.
- Endpoint / edge execution
- Internal-only application testing; desktop agents for legacy admin UIs.
- Governance controls
- Retention policies, access reviews, and breach-ready audit exports.
- Telemetry boundaries
- Local-first evidence; metadata summaries for enterprise dashboards.
- Remediation governance
- Human-in-the-loop for changes touching PHI workflows.
Security operations environment
Security tooling and SOAR-adjacent workflows demand isolated validation.
- Infrastructure constraints
- High sensitivity logs and configs; no inbound access to SOC segments.
- Network segmentation
- SOC VLAN, tool integrations, and staging mirrors of production.
- Deployment architecture
- Enclave-style execution with signed packages and restricted outbound.
- Endpoint / edge execution
- Runners in SOC segment; API validation for integrations and playbooks.
- Governance controls
- Immutable capsules, approval chains, integration with GRC tooling.
- Telemetry boundaries
- Controlled telemetry egress with evidence sanitization.
- Remediation governance
- Verified fix workflows with security sign-off gates.
This representative scenario is an anonymized industry model used to explain deployment approaches in similar enterprise environments. It does not identify a specific customer.
Enterprise deployment topologies
Representative diagrams for common buyer review scenarios. Your architecture review will define the exact placement of each plane.
Cloud-managed architecture
Zof-managed control plane with configurable execution placement.
Customer VPC execution
Planning in approved cloud; execution inside your VPC boundary.
Hybrid execution architecture
Cloud orchestration with distributed local execution fleets.
Edge runner topology
Local execution with centralized orchestration.
Endpoint agent topology
Desktop and legacy application validation via customer-deployed agents.
Secure enclave execution
Segmented execution with signed capsule transfer.
Private Kubernetes execution
Execution-compatible agents in customer-managed clusters—not a full platform install.
Distributed testing fleets
Multiple fleets orchestrated from a central control plane.
Remediation approval workflow
Governed path from detection to verified fix.
Telemetry flow
Runner capture through optional controlled egress.
Evidence routing
How validation artifacts may leave the execution boundary.
Plan your deployment with Zof
Walk through architecture, evidence controls, and a conservative pilot path with our deployment specialists.
Continue exploring
Architecture, industry solutions, pricing, and security review resources.
Secure Enclave
Signed capsules and customer-controlled runners for restricted networks
Banking Secure Enclave
Governed validation for core banking workflows
Enterprise Deployment Pricing
Private cloud, on-prem, enclave, and edge pricing
Security Review Checklist
Procurement-ready deployment review checklist
