BlueUPZero Trust infrastructure for agentic AI in regulated industries
Identity, governance and compliance so banks and insurers can deploy AI agents without regulatory risk. No VPN. No network rebuild. Identity-first.
Skip to content
Skip to resources
AI GovernanceLayer 3 · MCP/LLM gateways
Compliance & GovernanceLayer 2 · DORA, AML, AI Act
Zero Trust AccessibilityLayer 1 · OpenZiti / NetFoundry
- 162,951journals/sec · BlueUP Core
- 96compliance controls · ComplianceView
- 9integrated AML modules · BlueUPALM
- Zeropublic IPs · services invisible by default
Connectivity substrate
NetFoundryOpenZiti
Official partner of NetFoundry, which is backed by Cisco Investments
The Problem
Agentic AI has changed the rules. Autonomous agents don't just answer questions: they act at machine speed, invoke tools, move data, and make decisions. But the infrastructure connecting them was designed for humans.
AI multiplies attack velocity
A compromised agent exfiltrates data before a human can react
Network perimeters no longer contain
VPNs and firewalls grant access to the entire network, not just what's needed
Regulation demands more controls
DORA, AI Act, AML require governance that traditional infra can't deliver
The "connectivity tax" slows innovation
Each new agent requires coordinating NAT, firewalls, VLANs, and approvals
The solution: identity before connectivity
In BlueUP's architecture, without a valid cryptographic identity, no data path exists. Services are dark by default. Identity and policy decide whether a connection can exist.
Three-layer platform
BlueUP isn't standalone products: it's an integrated platform where each layer reinforces the others.
Zero Trust reachability
Connectivity starts with identity, not the network.
Services have no public IP, don't respond to port scans and don't appear on Shodan: they only exist for authenticated identities whose policy matches. Every agent, service and person carries a verifiable Ed25519 cryptographic identity, and a data path is granted only when policy agrees; without that identity, there is no path. The substrate is OpenZiti, the open-source platform with encrypted tunnels and dark services, on which BlueUP, an official NetFoundry partner, offers self-hosted deployment or managed connectivity. Users work through BlueUP Connect, the desktop client that surfaces only their authorized services. See the technical architecture.
Compliance and governance
Regulatory compliance is built into the architecture by design, not bolted on afterwards.
BlueUPALM delivers banking-grade AML/DORA compliance across nine integrated modules: a screening engine with fuzzy matching against EU, OFAC and UN lists, a ten-state SEPBLAC legal workflow with automatic F19 generation, and DORA incident management with regulatory timers. ComplianceView adds continuous monitoring with 96 controls aligned to NIST, ISO 27001, DORA and FINOS, gathered by automated collectors. For a platform like this, DORA, AML, the AI Act and GDPR are architectural requirements, not add-ons.
Sovereign execution
Business logic and agents run on controlled infrastructure, with institutional-grade performance.
The BlueUP Core engine, written in Rust, runs multi-GAAP accounting (Sectoral, IFRS and Tax) at 162,000+ journals/sec, on a base of 10 crates and 191 tests. On that same infrastructure, AI agents operate under explicit governance: the MCP Gateway decides which tools each agent may invoke, by identity and policy; the LLM Gateway controls access to language models with human approval points for high-risk actions; and each agent is isolated at kernel level by a gVisor sandbox. More in the technical architecture.
Solutions by industry
The platform applies with different building blocks and priorities depending on the regulated industry:
- Private Banking — Enhanced Know Your Customer: conjunto de procesos para verificar la identidad de un cliente y entender su perfil de riesgo. En banca y fintech, requisito legal previo a la apertura de relación de negocio. Leer más → KYC onboarding, continuous screening and regulatory traceability for high-net-worth clients.
- Insurance — Industry-specific AML compliance (life, pensions, non-life) with integrated Servicio Ejecutivo de la Comisión de Prevención del Blanqueo de Capitales e Infracciones Monetarias. Unidad de inteligencia financiera de España (FIU), receptor oficial de las comunicaciones de operativa sospechosa de las entidades obligadas.SEPBLAC workflow.
- Fintech & Agentic AI — Zero Trust governance for fintechs operating with autonomous agents and MCP.
Resources
- DORA Calculator — Measure your DORA maturity in minutes and download the PDF report.
- DORA 2026 Whitepaper — Technical guide to Regulation (EU) 2022/2554 for financial entities.
- Agentic AI Whitepaper — Zero Trust architecture for autonomous agents in regulated industries.
- Blog — Articles on DORA, AML, Zero Trust and Agentic AI. Featured: Agentic AI and Zero Trust, DORA 2026 Guide.
BlueUPALM in Action
BlueUPALM automates the complete regulatory compliance lifecycle, from transactional data ingestion to official supervisor communication.
- ✅ 9 integrated modules: Dashboard, Clients, Alerts, Communications, DORA...
- ✅ AML engine with fuzzy screening against EU, OFAC and UN lists
- ✅ 10-state SEPBLAC legal workflow with automatic Formulario F19-1: comunicación por indicio al SEPBLAC. Documento estandarizado que los sujetos obligados remiten cuando detectan indicios de blanqueo de capitales o financiación del terrorismo, conforme al Art. 17 de la Ley 10/2010.F19 generation
- ✅ DORA incident management with regulatory timers
- → View full presentation | View documentation
ComplianceView in Action
ComplianceView continuously monitors your organization's regulatory compliance posture.
- ✅ 96 unified controls with cross-mapping to 4 regulatory frameworks
- ✅ 6 automated collectors: Gitea, Trivy, GCP, Docker, K8s, NATS
- ✅ Weighted scoring by security zone with 30-day trending
- → View product | View compliance
Technology Partner
Our Zero Trust connectivity substrate is built on OpenZiti, the open-source platform developed by NetFoundry. As official partners, we offer both self-hosted deployment and managed connectivity.
Tech Stack
| Layer | Technologies |
|---|---|
| Frontend | React, TypeScript, CSS Modules |
| Backend | Rust (Axum), Python (FastAPI), NATS JetStream |
| Security | OpenZiti, Keycloak, SPIRE, OPA, Biscuit Tokens |
| AI & Data | Vertex AI, MCP SDK, vLLM / Ollama (sovereign) |
| Infrastructure | Google Cloud, Kubernetes, Terraform, Gitea Actions, Cilium, gVisor |
Contact
Does your organization need Zero Trust infrastructure for agentic AI, AML/DORA compliance, or VPN-free access?