The problem Defense contractors and agencies must stop Controlled Unclassified Information (CUI) from leaking — a mandate now reaching ~300,000 organizations under DFARS 7012 and CMMC 2.0. A leak ("spillage") is a reportable, contract-ending event. But their tools are keyword scanners that miss anything they weren't told to look for. The insight The new wave of "AI DLP" adds intelligence — but inspects your document by sending it to a cloud AI. For this data, that transmission IS the leak. You cannot prevent a spillage by committing one. Any tool whose model lives in the cloud is structurally disqualified. The solution Spillguard inspects a document as it tries to leave and returns a verdict — ALLOW / FLAG / BLOCK — with the CUI categories found, the missing markings, the exact offending sentences, and a plain-English rationale. The AI is Google's Gemma, self-hosted on an AMD Instinct GPU on a network with no route to the internet. The document never leaves the box. How it works A four-stage pipeline: deterministic checks first (regex/keyword — our "legacy DLP" baseline), a semantic Gemma scan, a portion-marking check, and a deterministic decision engine that owns the final verdict. The model informs but never has final authority; if it goes down, the system degrades to a safe verdict instead of failing. Use of AMD. Gemma 3 (12B) is self-hosted on an AMD Instinct GPU via ROCm + vLLM — its large HBM3 memory holds the entire CUI ruleset in-context, no fine-tuning. Self-hosting on AMD is the only way this product can legally exist inside an enclave. Proof On a labelled 31-document set scored on real self-hosted Gemma on AMD, Spillguard hit 100% verdict accuracy and 100% spillage recall with zero false alarms — versus 48% / 54% for the legacy baseline. Reproducible with one command; every verdict cites its evidence.
Category tags: