Skip to main content
    iTmethods

    FORGE · FORGE AI SUBSTRATE

    Forge AI Substrate.

    Sovereign operations of the AI stack, inside your envelope, to audit-grade. Four sub-components. One governed runtime, producing continuous regulator-grade evidence into Reign's Audit Ledger (CAVR).

    Hybrid Status · See sub-components below

    Agent Runtime Operations and MCP and Tool Operations are Available Now. Governed Foundation Model Access and Governed Sovereign Control Plane are advancing through a closed Design Partner Phase.

    THE FOUR SUB-COMPONENTS

    Four sub-components. One sovereign envelope.

    Agent runtimes ride on governed model access. Governed model access rides on MCP and tool operations. All three ride on the sovereign control plane. Every layer feeds evidence into Reign.

    Forge AI Substrate sits at the intersection of the compliance cycle and the AI substrate rebuild cycle. For the structural context across all three Forge components, see Forge.

    Agent Runtime Operations

    Available Now

    The operational discipline of running agent runtimes in production under audit-grade controls. NemoClaw with OpenShell sandboxes, Cursor Self-Hosted, Claude Code, and LangGraph, all Docker-orchestrated and sandboxed at the process and network boundary. iTmethods manages runtime image lifecycle, sandbox policy, agent identity, capacity, and incident response. Every tool call is hashed into the Audit Ledger (CAVR) at the moment of execution.

    Read more on Agent Infrastructure

    Governed Foundation Model Access

    Design Partner Phase

    iTmethods does not host or serve foundation models at scale. The gateway, policy, and evidence layer sits between the customer's agent runtime and the model providers (Amazon Bedrock, Azure AI Foundry, Google Vertex AI, OpenAI, Anthropic). Model version pinning, fail-over routing, and credential rotation run as managed infrastructure. Prompt hash, tool list, model identity, and response hash all write into the Audit Ledger (CAVR) in-line, not in batch.

    Read the deep dive

    MCP and Tool Operations

    Available Now

    iTmethods runs the MCP and tool layer as a governed supply chain. Managed MCP servers, tool registries, third-party MCP integrations, and in-house tool servers, with sandboxing at the tool-call boundary and provenance tracking on every tool definition. Tool-call governance is enforced before any agent can bind a tool. Every tool call is hashed and written to the Audit Ledger (CAVR).

    Read more on Managed MCP Servers

    Governed Sovereign Control Plane

    Design Partner Phase

    The substrate beneath the substrate. Identity, network boundary, secret store, compute scheduler, vector and RAG layer, audit log pipeline. In a regulated environment, this is where audits are won or lost. iTmethods operates the control plane on customer-owned infrastructure across SaaS, Dedicated Cloud, Customer Cloud, and Air-Gapped topologies. Identity events, key rotations, RAG retrievals, and scheduling decisions stream continuously into the Audit Ledger (CAVR).

    Read the deep dive

    The Practice Underneath

    Twenty-one years of operating foundational infrastructure (data, compute, model, agent runtime) under customer ownership, to audit-grade. iTmethods runs the substrate inside the customer envelope.

    Read the practice

    Deployment

    SaaS
    Dedicated Cloud
    Customer Cloud
    Air-Gapped

    Same architecture across all four topologies.

    See deployment options

    Reign · Governance Layer

    Forge runs the substrate. Reign governs every decision it makes. Every Forge AI Substrate sub-component writes into Reign's Audit Ledger (CAVR), pre-mapped to 13-plus frameworks via Assurance Packs.

    How Reign integrates

    DEEP DIVE

    Design Partner Phase

    Governed Foundation Model Access.

    Sovereign access and observability for foundation models. iTmethods provides the gateway, the guardrails, and the evidence layer between your agent runtime and the major model providers (Amazon Bedrock, Azure AI Foundry, Google Vertex AI, OpenAI, Anthropic). We do not host or serve foundation models. We make their use auditable and sovereign.

    Foundation models are the most regulated dependency in a modern AI system. The model is a third-party black box. Prompts carry sensitive material. Outputs drive decisions. The auditor's question (what did your AI ask, what did it say back, who authorized it, on what data) needs a structural answer, not a screenshot.

    WHAT iTMETHODS MANAGES

    • Gateway routing (single egress for all foundation model traffic)
    • Prompt-side and tool-side guardrail policy
    • Model provider credentials and rotation
    • Model version pinning per regulated workload
    • Fail-over routing across providers
    • Cost and rate metering with per-workload budget enforcement

    DELIVERABLES

    • Model access gateway, deployed inside the customer envelope
    • Guardrail policy bundle (prompt-side and tool-side)
    • Model selection runbook per regulated workload
    • Immutable per-call evidence stream into the Audit Ledger (CAVR)
    • Quarterly model usage and drift report

    REIGN INTEGRATION

    Every call writes a structured evidence record into Reign's Audit Ledger (CAVR): timestamp, requesting identity, model identity and version, prompt hash, tool list, response hash, latency, cost, and policy decisions. Records are hash-chained, immutable, and pre-mapped to EU AI Act Article 9, NIST AI RMF, FINOS AIGF v2.0, and OWASP LLM Top 10 via Reign's Assurance Packs.

    SPECIFIC RISKS ADDRESSED

    • Prompt and output exfiltration through model provider logs
    • Cross-tenant data leakage in model provider infrastructure
    • Unauthorized model version drift
    • Credential leakage to model providers
    • Tool definition supply chain attacks
    • Cost runaway without per-workload budget enforcement

    DEEP DIVE

    Design Partner Phase

    Governed Sovereign Control Plane.

    The substrate beneath the substrate. Identity, network, keys, compute, vector and RAG, audit logging. The audit-grade foundation that every other component in Forge AI Substrate depends on, operated by iTmethods against primitives the customer owns and can revoke.

    In an unregulated environment, the control plane is plumbing. In a regulated environment, it is where audits are won or lost. Identity drift, orphaned admin accounts, key rotation gaps, scheduling decisions that violate workload isolation, RAG retrievals that pull unauthorized data: these are the findings that take a year to remediate.

    Identity and federation

    Enterprise SSO for humans, machine identity for agents and tools, lifecycle-bound to the workloads that depend on them. No orphaned credentials when an agent or tool is deprovisioned.

    Network and keys

    Zero-trust defaults, explicit egress, per-workload boundary enforcement. HSM-backed key rotation aligned to the customer's compliance baseline.

    Compute and RAG

    GPU and CPU pools with per-workload isolation across shared infrastructure. Governed retrieval, prompt isolation, output filtering, retrieval scoped to the requesting identity's authorization envelope.

    Audit log retention

    Hash-chained, immutable, customer-resident. The evidence producer of last resort for every other component in Forge AI Substrate.

    THE SOVEREIGN PROMISE

    Customer-owned identity providers, keys, audit log pipelines, and network boundaries. iTmethods operates the plane against the customer's primitives. The customer's regulator, the customer's auditor, and the customer's CISO all inspect the customer's own infrastructure. There is no iTmethods cloud-side dependency the customer cannot revoke. Sovereign by default as a structural property, not a contractual claim.

    SPECIFIC RISKS ADDRESSED

    • Identity drift across the AI tool estate
    • Orphaned credentials for deprovisioned agents or tools
    • Key compromise via shared HSM tenancy
    • Cross-workload compute leakage on shared GPU pools
    • Unauthorized RAG retrievals exposing protected data
    • Audit log tampering or retention gaps

    STATUS · DESIGN PARTNER PROGRAM

    Co-build Foundation Model Access and Sovereign Control Plane.

    Agent Runtime Operations and MCP and Tool Operations are Available Now. Governed Foundation Model Access and Governed Sovereign Control Plane are in Design Partner Phase, co-developed with the Design Partner Cohort across banking, capital markets, life sciences, and defense.

    Partners receive named iTmethods principals, an embedded expert-led pod, direct influence over the gateway and guardrail roadmap, GA-pricing protection, and reference customer status.

    EXPLORE FORGE

    More from Forge.

    Umbrella

    Forge.

    Governed AI Infrastructure for regulated enterprises. Three components.

    Back to Forge

    Forge Secure AI

    FSAI.

    Continuous assurance across Assess, Harden, Sustain. FSAI Assess available now.

    Explore FSAI

    Sub-component

    Agent Infrastructure.

    Hardened runtimes, sandboxes, identity, audit. Available now.

    Explore Agent Infrastructure

    Sub-component

    Managed MCP Servers.

    MCP fleet, tool registry, supply-chain controls. Available now.

    Explore MCP Servers