Model settings

One place to pick SLMs, attacker models, and judges. Every role below resolves to a provider configured in this tenant. Launch forms on /discover, /redteam, and /assess read from these bindings.

Tier

Controls how much configuration surface is exposed on the launch forms. Starter runs with sensible defaults; Pro + Enterprise unlock advanced knobs.

Active tier

Tier is persisted on the tenant (`organizations.tier`) and enforced server-side by the submit-path guards on `/api/v1/scans`, `/api/v1/redteam/runs`, and friends.

Data boundary

When enabled, the judge that reviews target model responses must be a local SLM. Attack generation still uses your configured attacker (may be frontier).

Current judge binding is Anthropic. Enabling data boundary will invalidate this binding. Change the judge default first.

Keep judge responses inside VPC

Role bindings

Attacker model: [Anthropic / claude-sonnet-4-6] change in Settings
Judge model: [Anthropic / claude-sonnet-4-6] change in Settings
Discover agent model: [Anthropic / claude-sonnet-4-6] change in Settings
Assess model: [Anthropic / claude-sonnet-4-6] change in Settings

Configured providers

Provider credential boundary: Hosted deployments bind provider credentials through the platform environment or tenant secret manager. Customer-side runner credentials stay in the customer's environment.

Local development only: cp apps/web/.dev.vars.example apps/web/.dev.vars, paste real keys, restart npm run preview, then click Auto-seed from env vars above.

anthropic Anthropic