UK-sovereign AI for sensitive engineering

Sovereign coding agents for controlled engineering environments.

Modern developer AI for teams that cannot send code, tickets, logs, or architecture into foreign SaaS.

Early-stage product. This site describes our direction, roadmap, and design goals.

Discuss a pilotView platform
Secure agent runPolicy gated

$ bastion review --repo internal-controls

context: 14 files retrieved locally

model: UK-hosted open-weight endpoint

egress: blocked unless approved

diff ready: 3 findings, 2 test updates

01

Repo-scoped context

02

Approval-gated tools

03

Audit-ready output

For teams where ordinary copilots are off the table.

The platform

Agentic engineering. Inside your perimeter.

Private coding agents

CLI and IDE workflows for review, tests, refactors, migrations, and docs inside controlled environments.

Secure execution

Sandboxed test runs, repo-scoped permissions, egress controls, signed containers, SBOMs, and retention controls.

Sovereign deployment

Built for UK infrastructure, private cloud, on-prem clusters, and future higher-assurance appliances.

Operating model

No sensitive code to foreign AI APIs.

The roadmap centres on open-weight models, reproducible containers, customer-owned keys, tenant isolation, and approval-gated actions. Final controls depend on each deployment.

+

UK-hosted inference for sensitive workloads.

+

Single-tenant deployments for high-trust teams.

+

Audit trails for prompts, context, diffs, and tool use.

+

Human approval before writes, commands, or egress.

Assurance path

Evidence first. Claims later.

We are designing the product around the artefacts serious buyers ask for: controls, audit, deployment evidence, and reviewable security posture.

Initial target: OFFICIAL and OFFICIAL-SENSITIVE workflows
Control mapping to NCSC Cloud Security Principles
Cyber Essentials Plus and ISO 27001 roadmap
MOD Cyber Security Model evidence planning
Longer-term higher-assurance deployment path

Pilot programme

Start with one sensitive repo.

Good first pilots: code review, legacy migration, test generation, documentation, and controlled refactoring.

founders@bastionworks.aiMeet the founders