Parinita Overwatch

How it works

Overwatch’s core insight: no single security product can see a multi-domain attack. A malicious MCP server with risk score 0.28 (just below auto-approve) that Sentry approves; a developer installs it; a Sentry eBPF warrant allows HTTPS to a legitimate-looking CDN; a GitHub token exfiltrates; malicious code pushes via API (no privileged session because it’s API access not SSH); a medium-severity Cortex XDR alert on unusual data volume — every individual product sees an isolated event. Overwatch sees the kill chain in real time across all three signal sources and issues the response.

Technical foundation: NATS JetStream on P8 AmpereOne as the event bus, P1 Gaudi 3 as the AI correlation compute plane, P3 EPYC Turin as the Chrysalis validator and compliance-report engine, ConnectX-7 eBPF/XDP as the hardware enforcement layer for directives, and Chrysalis as the immutable audit chain. Response directives are issued sub-second across all three products simultaneously — not sequentially — and every directive is itself anchored on Chrysalis.

Compliance reports are generated by querying Chrysalis directly via Besu JSON-RPC (eth_getLogs with indexed event filters) — every control in SOC 2 TSC, CMMC, NIST CSF, HIPAA Security Rule, and ITAR (22 CFR 120–130) is mapped to one or more Chrysalis transaction hashes. The completed report is itself anchored on-chain. The result: tamper-proof by architecture, not by policy. Air-gap-compatible. Sovereign. Court-admissible.

What it isn’t

A replacement for your SIEM/XDR — Overwatch sits on top of Sentry and Secure and gives the human + agent response layer one coherent interface. Without those signal sources, Overwatch has nothing to correlate.