Built by people who've shipped this kind of system before.

Who we are

Citorum was founded by an exited cloud-computing founder with two decades of operating experience in enterprise infrastructure, security, and multi-tenant Software as a Service (SaaS). The company that preceded Citorum was acquired; the technical and operational disciplines that made that company sellable — boundary discipline, audit lineage, isolation by construction, the difference between "we encrypt at rest" and "we documented every key in your Key Management Service" — are the same disciplines that this product is built around.

The founder also runs a peer network of Chief Technology Officers and Chief Information Security Officers across financial services, healthcare, and public-sector technology, and has spent the last year doing the unglamorous work: sitting with security teams, reading incident post-mortems, watching what happens when generative-AI infrastructure collides with regulatory regimes that were not written for it.

Citorum is the system those conversations produced.

Why we built this

The pattern we kept hearing was the same. A team has a use case for generative AI — answering questions about a corpus, drafting from records, summarizing across documents — and the obvious tool is a third-party model Application Programming Interface (API). The engineering team can prototype it in a week. Then the security team sees it.

The security team's question is not whether the model is good. The question is whether the company can sign the document that puts those records into someone else's infrastructure. For most regulated operators, the answer is no — and the prototype dies, or the team quietly ships it anyway and the audit hangs over the program for a year.

Citorum exists so the security team's first review is the last one. The system runs inside the customer's environment. The corpus does not leave. The inference runs on hardware the customer controls. Every answer is scored for faithfulness against its sources. Every retrieval, prompt, response, and confidence label is logged with chain of custody. The Chief Information Security Officer (CISO) signs because there is nothing about the architecture that makes their existing controls inapplicable.

This is not novel research. The techniques in the platform — Retrieval-Augmented Generation (RAG), vector and lexical hybrid retrieval, Natural Language Inference (NLI) for grounding, ensemble adjudication — are well-documented in the public literature. What is novel is applying them as a packaged platform with sovereignty as the primary architectural constraint, rather than as a feature bolted on late. How that looks under the hood →

What we hire for

Citorum is small and intends to grow deliberately. The hiring bar is calibrated against the security teams who buy the product — every engineer needs to be able to walk a Chief Information Security Officer through the controls inventory. We hire for:

• Operating experience in regulated environments. People who have shipped systems through Service Organization Controls (SOC) 2, Health Insurance Portability and Accountability Act (HIPAA), Federal Risk and Authorization Management Program (FedRAMP), or Payment Card Industry Data Security Standard (PCI DSS) audits and understand what the auditors actually look at.
• Boundary discipline. People who reach for isolation primitives before they reach for cleverness; who default to "the customer's Key Management Service holds the key" instead of "we'll handle it."
• Plain-English technical communication. People who can write a page like this one — precise, honest about what is and isn't true, no breathless register. The buyer reads it. We owe them that.

If that describes how you work, we'd like to hear from you. Talk to us →