Skip to content

Security & Readiness Overview

Audience: CISOs, FI risk reviewers, and integration leads
Last reviewed: 2026-07-11 (v0.1.0)
Product: Waspada AI — edge-first Malaysian mule-fraud telemetry (SDK → partner JWT → gateway → FMS / STIX / analyst SSE)

Readiness status

Waspada is past "hardened demo" and into operable pilot infrastructure. The trust stack is designed, implemented, and — for the durable path — exercised under controlled failure. It is not yet bank-production or RMiT-certified.

ContextStatusConditions
Supervised pilot (sandbox / BNM-sandbox)Ready — with conditionsAdvisory disposition only; partner JWT integration; FI retains freeze authority
Production / national infrastructureNot yet4 gates open: independent VAPT, staging durable soak, FI RMiT acceptance, bank FMS webhook acceptance

One-line status: Ship a supervised pilot today. Do not claim BNM-ready production until VAPT + staging durable soak + FI acceptance of the RMiT mapping.


What the hardening sprints delivered

Work landed as a deliberate sequence: close credibility holes → lock data foundations → measure extraction → ship durable runtime → prove ingest and outbox under load.

1. Credibility & AppSec

Closed adversarial-review residuals that would have failed a CISO read in minutes:

  • HMAC blinded_hash + verifiable gateway signatures
  • Spec-shaped STIX egress; private/IPv6 host filtering
  • PII dual gate (NRIC / phone / email); NRIC≠account disambiguation
  • Hardened runtime (no demo signing oracle; Redis mandate via REQUIRE_REDIS)
  • Advisory contract — alerts are intelligence, not automated freeze; ADV-005 public-triage quarantine

2. Phase B0 — durable data foundations

Postgres schema, tenancy, retention, and per-row DEK + AAD-bound alert envelopes. Boot refuses DATABASE_URL without a valid ALERT_DATA_KEK. Spec: phase-b0-foundations.

3. Extraction accuracy as a gate

Labeled Malay receipt corpus (n=37) with CI fail thresholds on account/BIC precision & recall. DuitNow QR “no account” treated as correct null — not invented. See security overview and EXTRACTION_METRICS.md.

Honest limit: NER/OCR/noisy screenshots are measured informationally, not CI-gated.

4. RMiT mapping + Phase B1–B4 runtime

LayerShipped
ComplianceParagraph-cited RMiT mapping across 10 domains (mapping ≠ certification)
B1202 + event_id + schema_version: 2; durable audit_events; Redis Streams publish
B2Pipeline consumer; Streams consumer with processed_events idempotency
B3Encrypted alerts / corroboration writers
B4delivery_outbox + poller; Redis pub/sub for cross-replica SSE

Runtime notes: phase-b1-b4-runtime.

5. Load-test + durable-path soak

TopologyResultArtifact
Memory (ingest + in-process pipeline)100 req/s · p50 13 ms · p99 64 ms · 3000/3000 2xxREPORT.md
Durable (Redis + Postgres + outbox + mock FMS)~30–36 req/s · p99 ~1.8–2.0 s · ~98.5% outbox recovery through 20% mock fail; ~94.7% at 50%REPORT-durable.md

--mock-fms + fail-rate matrix exercises retry/backoff without a live bank webhook. Drain runs while the outbox poller is alive (first matrix was discarded after that methodology bug was found).

Durability–latency trade-off: durable-path p99 reflects the cost of guaranteed delivery (Postgres write + Redis Streams publish + outbox commit). Memory-only path is 64 ms p99. This is a measured design cost, not a performance bug — do not claim sub-second gateway ingest on the durable topology.


Trust stack — confirmed vs open

Confirmed (no known drift)

  • Edge extraction → partner RS256 JWT → gateway defense-in-depth → FMS / STIX / SSE
  • RMiT table paragraph-cited; B1–B4 modules match the runtime doc
  • audit_events, encrypted alerts (DEK+AAD), delivery_outbox, Streams + processed_events
  • Measured ingest latency (memory) and outbox recovery under mock FMS failure (local Docker)

Measured trade-off (not a gap)

Durable ingest p99 ~2 s is the price of the B1–B4 path above. Publish both topologies; never collapse them into one “gateway latency” claim.

Explicitly open

GapWhy it mattersOwner
Independent VAPT letterFI / §11 expectation; largest remaining credibility holeHire
Staging durable soak (e.g. Railway Redis+Postgres)Local Docker ≠ multi-service deploy proofEngineering
XAUTOCLAIM PEL sweepReplica crash mid-handler leaves stuck Streams entriesB5
Audit write batching1 INSERT/event fine for pilot; limits harder loadB5+
Bank FMS acceptanceLive webhook + disposition policyPartner-gated

Claims we make / do not make

Make

  • Edge-first, advisory mule-fraud telemetry for Malaysian typologies
  • Measured extraction gate on clean Tier-1 account/BIC fields
  • Hardened gateway with durable optional path (Redis + Postgres + outbox)
  • Load numbers with topology stated (memory vs durable)

Do not make (yet)

  • “BNM-compliant” / “RMiT-certified”
  • Absolute “zero PII egress”
  • Sub-second durable gateway ingest
  • Cross-bank corroboration / automated freeze
  • That public / WhatsApp reports feed bank FMS or corroboration (ADV-005 quarantines them until partner or analyst promotion)
  • Production readiness without VAPT + FI acceptance

  1. Commission VAPTengagement brief is ready for provider RFP; goal is an external CISO letter
  2. Railway (or equivalent) durable soak — same mock-FMS matrix against staging LOAD_TEST_URL (harness in PR #14)
  3. B5 XAUTOCLAIM — close the documented Streams PEL gap (also called out as V-11 in the VAPT brief)
  4. Partner sandbox — real FMS webhook acceptance (only step that requires a bank)

Document map

NeedRead
This summaryYou are here
VAPT RFP / kickoffVAPT engagement brief
CISO packSecurity & compliance
Regulatory mappingRMiT mapping
Data foundationsPhase B0
Durable runtimePhase B1–B4
Advisory postureAdvisory contract
Latency proofLoad-test · Durable soak

Waspada AI: Enterprise infrastructure powering public defense.