When an organization builds AI systems that operate on sensitive infrastructure — systems that scan for vulnerabilities, analyze network traffic, and make decisions about security posture — the infrastructure those systems run on cannot be an afterthought. It must be at least as secure as the environments it is designed to protect.
This is why Neuraphic has built its entire platform on a zero-trust architecture with no public IP addresses, full service isolation, and sovereign data controls. This post describes the reasoning behind those decisions.
No public surface area
None of Neuraphic's production services expose a public IP address. Every service runs behind Cloudflare Tunnels, which establish outbound-only connections from our infrastructure to the edge network. Inbound traffic is authenticated and filtered before it reaches any compute resource. Administrative access is gated through Identity-Aware Proxy (IAP), which enforces device trust, user identity, and context-aware access policies on every request.
The result is an infrastructure with effectively zero public attack surface. There is no port to scan, no endpoint to probe, no IP to target. This is not security through obscurity — it is security through the elimination of exposure.
Project-level isolation
Every Neuraphic service runs in its own dedicated cloud project. Authentication, inference, worker orchestration, model storage, and logging each occupy separate environments with independent access policies, network configurations, and billing boundaries. There is no shared network, no common service account, no lateral path between services that is not explicitly defined and monitored.
This design imposes real operational cost. Deploying a new service requires provisioning an entire project, configuring its network, establishing trust relationships, and setting up independent monitoring. We accept that cost because the alternative — multi-tenant environments where a compromise in one service can propagate to others — is incompatible with the threat models our customers face.
Why not multi-tenant SaaS
For non-critical systems, multi-tenant SaaS platforms are efficient and appropriate. For the systems that manage authentication tokens, store model weights, process customer infrastructure data, and orchestrate security-critical AI agents, they are not. The shared-responsibility model of most SaaS platforms creates ambiguity about who controls what, and that ambiguity becomes a liability when the data in question is a map of your customer's vulnerabilities.
We run our own databases, our own message queues, and our own secret management infrastructure. Where we use managed services, we use them within our own projects, under our own encryption keys, with our own audit logs.
Data residency and compliance readiness
Neuraphic's infrastructure is designed for compliance from the ground up, not as a retrofit. All customer data is encrypted at rest and in transit using customer-managed encryption keys where required. Data residency controls ensure that customer information does not leave designated geographic regions. Audit logs are immutable and retained according to policies that meet SOC 2 Type II and ISO 27001 requirements.
We are currently in the process of completing SOC 2 Type II certification and ISO 27001 audit preparation. These are not marketing milestones — they are the minimum standard for an organization that asks its customers to trust it with access to their most sensitive systems.
Infrastructure as commitment
The decisions described here are expensive. Isolated projects cost more than shared ones. Zero-trust networking is harder to operate than traditional perimeters. Running your own infrastructure is more work than using managed multi-tenant services. We made these choices because the organizations that deploy Neuraphic's systems need to know that the infrastructure handling their data meets the same standard they hold themselves to. Infrastructure is not a detail. It is the foundation on which trust is built.