Skip to content

Sovereign AI without the trust-us clause

Bee Enclave Sovereign deploys air-gapped, with customer-controlled HSMs and NIST-finalized post-quantum transport on by default — designed for environments where assurances must be verifiable.

Sovereignty means your perimeter, your keys

Bee Enclave Sovereign (from $50,000/mo) deploys with no outbound network from the orchestration plane, HSM-backed roots under customer control, and ITAR / IL5 / FedRAMP High alignment. The model runs where your data lives — not the other way around.

Below full sovereign, Enclave Regulated adds customer-managed key hierarchies and immutable audit logs, and Enclave Private Cloud runs single-tenant in your VPC. The ladder lets programmes phase deployment against accreditation timelines.

Post-quantum by default, not by roadmap

Sovereign customer transport runs the NIST-finalized post-quantum stack — FIPS 203 ML-KEM key exchange, FIPS 204 ML-DSA and FIPS 205 SLH-DSA signatures — from the first request, with no classical-fallback handshake. SLH-DSA's stateless hash-based signatures support long-lived attestation chains for offline and air-gapped verification.

For government data with multi-decade classification horizons, harvest-now-decrypt-later is a present-tense threat; PQC transport addresses it at the layer where it exists.

Capability inside the perimeter

  • Hive- and Swarm-class models in your environment — 256K native context, with vision and video input and tool calling on the Hive class.
  • Document intelligence with cited answers over internal corpora, indexes fully inside your boundary.
  • JSON mode for structured extraction into accredited downstream systems.
  • Opt-in quantum reasoning integration on IBM quantum hardware for research workloads, with a contracted dedicated tier.

Gating and jurisdiction, stated plainly

Defense and government are restricted (Tier-3) domains on Bee's public platform, gated behind explicit acknowledgement and jurisdictional controls; sovereign work is contracted through the Enclave programme rather than self-served. Export-control and sanctions compliance obligations are written into the Terms.

HEOSSI (Pte.) Ltd. is a Singapore-incorporated company (UEN 202532790K) — a neutral, verifiable jurisdiction anchor for procurement.

Frequently asked questions

Can Bee run fully air-gapped?
Yes — Bee Enclave Sovereign deploys with no outbound network from the orchestration plane and customer-controlled HSM integration. It is a contracted deployment, scoped with your security architects.
Is the post-quantum cryptography optional on Sovereign?
No — it is the default. Sovereign customer transport runs FIPS 203/204/205 from the first request with no classical-fallback handshake.
What accreditation frameworks does Enclave align to?
Enclave Sovereign is built for ITAR, IL5, and FedRAMP High alignment, with SOC 2 and ISO 27001 compliance postures contracted on Enclave plans. Alignment and evidence are scoped per engagement — we state alignment, not certifications we don't hold.
Who controls the cryptographic keys?
On Enclave Regulated and Sovereign, the customer does — customer-managed key hierarchies with HSM-backed roots under customer control on Sovereign.
How does procurement start?
Through sales, with counter-signed legal documents, the published DPA and sub-processor list, and procurement-grade security evidence available under NDA.

Related

Start on the free tier

Bee Cell is free — no card. Scale to paid tiers, the API, or sovereign deployment when you are ready.