Capability Statement

Corporate data

Core competencies

1. Foundational AI, LLMs & ML. Sovereign, on‑premises, and air‑gapped foundation models (the open-weight Osage model series); agent orchestration over MCP and A2A; multimodal vision–language–audio through the Osage multimodal framework; fine‑tuning, RAG, evaluation, red‑teaming, and alignment on classified and CUI‑controlled data; secure inference and model‑weight custody under the canonical CEK envelope.
2. Sovereign cryptography & post‑quantum security. ML‑KEM, ML‑DSA, SLH‑DSA, Falcon, Ringtail threshold lattice signing; classical/PQ hybrid (CNSA 2.0); MPC wallets and threshold signing; ZK proof systems (Groth16, PLONK, STARKs, Halo2, zkVM); FHE workloads; HSM integration via Osage KMS with the canonical CEK envelope. Carried by the Chief Architect & Cryptographer (Z. Kelling) and the applied‑research lattice at Osage Institute.
3. Robotics & autonomy. Autonomy stacks — SLAM, perception (multi‑sensor + foundation‑model), prediction, planning, control. ROS 2 and NVIDIA Isaac runtimes; hardware‑in‑the‑loop benches; sim‑to‑real via Isaac Sim, Gazebo, CARLA, AirSim. Edge inference (ONNX, TensorRT, OpenVINO) and real‑time Linux. Fleet management with cryptographic identity per platform, signed and attested OTA, and cryptographic provenance on every sensor frame and actuation command. Detailed at osage.cloud/robotics.
4. Sovereign settlement infrastructure. Permissioned and permissionless chain operation; auditable settlement; cross‑domain bridging with documentary discipline. The in‑house chain is Osage Network.
5. Trusted digital identity. Federated government‑and‑enterprise identity through Osage ID; attribute‑based access control; cryptographic credentialing.
6. Sovereign cloud platform. Osage Cloud — the uniform cloud wrapper across every capability domain. White‑label of Osage Cloud (sovereign cloud platform — AI, compute, host, gateway, KMS in one product). One Go binary serves the API; multi‑tenant with external IAM via osage.id; console separate from API; one unified ClickHouse store for analytics + o11y; everything else SQLite via Osage Base with the CEK envelope. Air‑gap‑capable for DoD IL5/IL6, IC, and Treasury‑side deploys.
7. Technical advisory & strategic consulting. Architecture review, cryptographic posture assessment, program‑risk advisory, and long‑horizon platform strategy.
8. International transactional counsel. Cross‑border licence coordination and foreign‑jurisdiction documentary support through International Counsel (Serhiy Hromov, Kyiv).

Past performance & demonstrated capability

A standing record of open‑source cryptographic research and sovereign‑infrastructure operation, with public‑record evidence:

• Foundational AI & the Osage model series. Open‑weight frontier language and multimodal models published in our open-weight Osage model series; agent orchestration over Model Context Protocol (MCP); the Osage multimodal framework; serving and inference through Osage AI. Used as the foundation layer for sovereign, air‑gapped deployments under our prime/teaming structure.
• Osage Network — sovereign settlement chain. Block explorer, public RPC, and audited settlement at osage.network; engineering documentation at docs.osage.network.
• Osage Institute — applied‑research press. Working papers, Fellows programme, and the post‑quantum brief.
• Osage ID — trusted identity portal. Unified sign‑in across the ecosystem of forty domains, on Osage IAM.
• Osage Cloud — uniform sovereign cloud platform. White‑label of Osage Cloud; compute, storage, databases, AI, cryptography, robotics under one SDK and one Go binary; air‑gap‑capable; published spec at osage.cloud and the storage / encryption canonical at osage.tech/docs/storage.
• Standing publications. Press releases and the machine‑readable feed at news.osage.network/v1/releases.

Full past‑performance reference sheet, contract‑value summaries, and CPARS analogues are provided to qualified contracting officers and prime teaming partners on request.

NAICS & PSC codes

Primary NAICS in bold; secondary follow.

Contract vehicles

Pursuing primary‑vehicle access and open to all standard teaming structures:

• GSA MAS (Multiple Award Schedule) — under capture, IT Schedule 70 successor SINs.
• GSA Stars III — 8(a) Government‑wide Acquisition Contract; teaming under review.
• SeaPort‑NxG — Navy engineering and program management services.
• CIO‑SP4 — NIH‑NITAAC IT services GWAC; teaming under capture.
• OASIS+ — GSA professional services successor vehicle.
• OTA (Other Transaction Authority) — rapid‑prototyping awards through DIU, AFWERX, NSIN, DARPA, and the Service‑level OTA consortia.
• IDIQ / BPA / BAA — standing capacity to prime or sub on Indefinite‑Delivery, Blanket Purchase, and Broad Agency Announcement instruments.

Compliance posture

• NIST SP 800‑171. Controls implementation in place; SSP and POA&M maintained.
• CMMC Level 2. Roadmap to assessor‑led certification on award‑triggering DoD work.
• FedRAMP Moderate. Operating posture on partner‑hosted authorised infrastructure; agency ATO support available.
• FISMA Moderate. Standing controls aligned to OMB A‑130.
• FAR / DFARS. Full clause flow‑down on all award and teaming instruments. Cybersecurity DFARS 252.204‑7012 / ‑7019 / ‑7020 / ‑7021 compliance in place.
• DCAA‑ready accounting. Job‑cost accounting and indirect‑rate structure prepared for incurred‑cost audit.
• ITAR / EAR. Registration on award where the work requires; export‑control plan template on file.
• Facility Security Clearance (FCL). Process initiated through prime sponsor on first cleared award.

Data at rest — cryptographic envelope

Every Osage Group application stores sensitive data under a published envelope‑encryption posture: Osage KMS as root of trust (HSM‑backed, FIPS 140‑3 boundary); per‑org Key Encryption Key; per‑row Content Encryption Key wrapped under the KEK; AES‑256‑GCM with AAD‑bound nonces. The OLTP store is SQLite via Osage Base across local, staging, production, and air‑gapped / sovereign deploys; no PostgreSQL anywhere in the ecosystem. Analytics route through a separated ClickHouse layer that never sees plaintext sensitive columns.

This means: crypto‑shredding (one KMS revocation renders a client’s entire dataset unreadable), per‑row blast radius (compromise of one CEK leaks one row), full KMS audit trail on every data‑access unwrap, and air‑gap‑capable deploys for IC and Treasury‑side work. The canonical spec is at osage.tech/docs/storage.

Solutions for the federal mission

The core competencies above are delivered into mission outcomes through named solution lines. Each is led by an accountable officer and built on the same sovereign substrate — air‑gapped where the mission requires, post‑quantum‑ready by design.

Defense & warfighter

• Sovereign LLM for the warfighter. Air‑gapped foundation models, fine‑tuned on operational doctrine, deployed on hardened cloud or at the edge.
• Decision‑support agents. MCP‑based tool‑using agents wired into mission systems, with red‑teamed safety and full audit trail.
• Trusted multimodal sensing. Vision–language–audio fusion through the Osage multimodal framework on cleared compute.
• Post‑quantum signing & key custody. FIPS‑adjacent KMS for weapons‑system and platform identity.

Intelligence Community

• Air‑gapped foundation models on classified networks. Open‑weight Osage models deployed inside SCIFs and on JWICS‑adjacent enclaves; no telemetry, no phone‑home.
• Retrieval‑augmented analysis. Sovereign RAG over compartmented corpora with cryptographic provenance.
• Identity, attestation & compartmentation. Cryptographic credentialing through Osage ID; attribute‑based access across enclaves.
• Adversarial model evaluation. Red‑teaming, jailbreak resilience, and capability‑limit testing on foreign and domestic foundation models.

Cyber & civilian

• Post‑quantum cryptographic migration. Inventory, profile‑gating, and crypto‑agility advisory aligned to CNSA 2.0 and the federal PQC migration.
• Zero‑trust identity. Login.gov‑adjacent attribute‑based access and continuous authentication for federal civilian executive‑branch agencies.
• Confidential compute. TEE‑hosted inference and data‑processing for HIPAA‑BAA, CJI, and CUI workloads.
• AI red‑team for CISA‑aligned programs. Adversarial testing of agency AI deployments against the NIST AI Risk Management Framework.

Energy & national labs

• Scientific foundation models. Domain‑adapted LLMs for nuclear, materials, and high‑energy physics through Osage Institute partnerships with the National Laboratories.
• Sovereign HPC‑adjacent inference. On‑cluster model serving and orchestration with cryptographic verification of model weights.
• Critical‑infrastructure post‑quantum advisory. Migration roadmaps for grid, pipeline, and SCADA cryptographic posture.

Allied defense & international

• Cross‑border AI & cryptographic programs. Coordinated through International Counsel and the standing partnership of 2026 with the Cyrus / Pars Foundation; foreign‑jurisdiction documentary support at every layer of the work.

Customer set

The standing capability is engaged with United States Government and allied‑defense customers across: Department of Defense (Air Force, Army, Navy, Marine Corps, Space Force, USSOCOM, CYBERCOM, OUSD(R&E), CDAO, DIU, AFWERX, NSIN, DARPA); Intelligence Community under appropriate authorities; Department of Homeland Security (CISA cyber‑defence, federal civilian executive‑branch identity, NIST AI RMF evaluation); Department of Energy & NNSA (National Laboratories — shared infrastructure, cryptographic research, scientific foundation models); federal civilian agencies (Treasury, State, GSA, OPM, HHS, VA); allied defense ministries through International Counsel and the Cyrus / Pars Foundation partnership.