Sovereign security posture. Hospital-owned keys, hardware-rooted attestation, sealed boot, immutable audit chain.

Every LUMEN appliance carries a hardware-rooted device identity issued at the LUMEN Key Ceremony Protocol, sealed to the hospital's HSM at first boot. Sealed-boot chain rooted in TPM 2.0 with measured-boot attestation per LUMEN-H Patent claim 6. The chassis intrusion sensor is wired to invalidate audit-chain credentials on any opening event, propagating across the hospital network within a defined latency budget. Anti-tamper enclosure prevents physical extraction of weights or keys. The deployment requires our hardware to function correctly; the hardware moat compounds the software moat.

Hospital SSO integration via SAML 2.0 or OIDC; Apple Sign In federated for clinical staff devices. Multi-factor authentication enforced for admin access. Role-based access control aligned with the hospital's privilege structure (clinician, resident, nurse, pharmacist, admin, audit). Speaker attestation on bedside dictation: only enrolled clinician voices unlock the capture surface (LUMEN-B Patent claim 11). Agent identities are hardware-rooted and revocable instantly across the entire hospital fleet from the Admin surface.

WireGuard mesh between LUMEN appliances inside the hospital. Isolated subnet for AI inference. Firewall rules: ingress whitelist only, egress deny-by-default. Quarterly penetration testing through a sovereign Canadian or hospital-approved security firm. SBOM (Software Bill of Materials) published per appliance per release. SLSA Level 4 build provenance target. Dependency review at every commit; minimum two qualified suppliers per critical component (NVMe, HSM, mic array).

When the local 1-trillion-parameter brain at LUMEN Core lacks confidence, the encrypted semantic substrate flows through Patent 41 lattice-bound HSE to a sovereign Canadian Anthropic Claude bridge. The cloud sees an encrypted substrate, returns an encrypted result, decryption happens at Core inside the hospital perimeter. Plaintext patient data never crosses the hospital firewall, even when external compute is consulted. The fallback decision itself is logged as an audit-chain entry: timestamp, agent that requested fallback, confidence-score that triggered it, encrypted-payload hash, encrypted-result hash, decryption verification.

Every read, every write, every model inference, every order, every signature is appended to a hospital-owned cryptographic chain. Append-only. Portable. Inspectable by the hospital's own audit team. The hospital exports the chain for regulators on demand. The genesis block of the chain binds to the hospital's legal entity at install via the Key Ceremony. No CLOUD Act subpoena path crosses the chain. No vendor key escrow holds the chain.

CLOUD Act exposure: zero, the inference does not cross the perimeter. Vendor compromise: containable, the model is hospital-owned and offline-capable; even if Lumen Healthcare Inc. or PulsarOS is compromised, the deployment continues to function on the hospital's own server. Side channel: the audit chain is append-only and portable; evidence survives the box. Insider threat: every query, every signature, every reasoning step is on the chain; deviations are auditable. Weight extraction: anti-tamper enclosure plus hardware-bound encryption plus speaker attestation prevent on-device extraction; weight files are encrypted at rest and bound to the hospital HSM. Audit-chain forgery: cryptographic signature chain rooted in the HSM; forgery requires HSM compromise, which requires physical tampering, which invalidates audit credentials.

Detection: continuous monitoring on hospital SIEM with LUMEN-emitted security signals. Notification: hospital DPO contacted within one hour of detected incident; regulator notified per jurisdiction (typically 72 hours for ARDIN, 30 days for Quebec Law 25, 72 hours for GDPR, etc.); patients notified per regulator. Recovery: pre-tested incident-response runbook. Forensic capability: the audit chain produces a forensically-complete reconstruction of the breach window for regulators within their notification timeline (LUMEN-A Patent claim 40).

IEC 81001-5-1 (health software cybersecurity activities throughout the product lifecycle). FDA 2023 premarket cybersecurity guidance. Health Canada cybersecurity for medical devices guidance. EU MDR cybersecurity (Annex I, GSPR 17.2). IEC 62443 for industrial automation security where applicable to the appliance fleet. SBOM per appliance unit per release. Coordinated vulnerability disclosure policy: public, with a dedicated security@pulsaros.ca inbox for researchers. Secure-development training for every engineer; code review with security focus on every PR.

Pre-pilot red team against the entire stack: weight extraction, audit-chain forgery, agent-impersonation, lateral movement from LUMEN Bedside to LUMEN Core, network partition manipulation, HSM tampering, viewing-angle privacy bypass. Red team failure rate is the gate: every category must remain unbroken before any patient interaction. Continuous adversarial review on every fine-tune cycle: the model card published per fine-tune includes adversarial-robustness metrics per agent class.

A medical instrument that loads scripts from a CDN is not a medical instrument. LUMEN ships every animation library, every script, every asset, self-hosted on the hospital's infrastructure. Zero third-party JavaScript. Zero analytics. Zero trackers. Zero social-media SDKs. Zero font CDNs. Strict Content Security Policy with `default-src 'self'`. Subresource integrity hashes on the rare third-party SRI dependency. Penetration testing verifies no resource loads from outside the hospital perimeter.

Security researchers are welcome. Submit responsibly to security@pulsaros.ca with a 90-day standard disclosure window. Critical vulnerabilities affecting patient safety are triaged immediately and a security advisory is issued to all deployed hospitals within the disclosure window. We do not threaten researchers. We thank researchers in a public hall of fame after their disclosure window closes (with their consent).