Skip to main content
    iTmethods

    Forge at a Glance

    What it is

    Forge is iTmethods' Governed AI Infrastructure for regulated enterprises. Three components: Governed Tooling Layer (Available Now), Forge AI Substrate (Hybrid), and Forge Secure AI (Hybrid). One discipline underneath: Sovereign Substrate Engineering. Governed by Reign.

    Key capabilities
    • Governed Tooling Layer. Managed runtime for the customer's 55-plus enterprise tool estate under one governed envelope.
    • Forge AI Substrate. Agent Runtime Operations, Governed Foundation Model Access, MCP and Tool Operations, Governed Sovereign Control Plane.
    • Forge Secure AI (FSAI). Three phases (Assess, Harden, Sustain), two subscription tiers (Standard, Premium).
    • Sovereign Substrate Engineering: the codified 21-year practice operating regulated workloads under customer ownership.
    • Reign integration: Audit Ledger (CAVR) plus Assurance Packs across 13-plus regulatory frameworks.
    • Four deployment topologies: SaaS, Dedicated Cloud, Customer Cloud, Air-Gapped.
    Best for

    Platform Owners, CTOs, VPs of Engineering, Heads of AI, CISOs, CAIOs, CROs, Audit Committees at regulated enterprises (banking, capital markets, insurance, life sciences, defense, public sector) standing up Governed AI Infrastructure under EU AI Act, OSFI E-23, SR 26-2, FDA PCCP, DORA, BCBS 239, and ISO 42001.

    Deployment options

    SaaS, Dedicated Cloud, Customer Cloud (AWS, Azure, GCP), Air-Gapped. Same architecture, same evidence model.

    Compliance coverage

    SOC 2 Type II since 2018. Reign Assurance Packs pre-mapped to EU AI Act, OSFI E-23, SR 26-2, FDA PCCP, DORA, BCBS 239, ISO 42001, NIST AI RMF, SOC 2.

    Key metrics

    21 years operating mission-critical regulated environments across banking, capital markets, life sciences, semiconductor, and defense in North America and Europe. Bootstrapped, profitable, founder-led.

    FORGE · GOVERNED AI INFRASTRUCTURE

    Forge. Governed AI Infrastructure for Regulated Enterprises.

    Forge runs the governed infrastructure underneath production AI. The substrate where continuous remediation actually happens, delivered by Forward Deployed Engineers.

    In Production · Design Partner Phase Open

    21 years operating mission-critical regulated environments for enterprises across banking, capital markets, life sciences, semiconductor, and defense in North America and Europe.

    WHY FORGE

    Two Cycles Converging on the Substrate.

    Two structural cycles are hitting regulated enterprises at the same time. They cannot be answered with the same infrastructure that ran the cloud-native era.

    Cycle 1

    The compliance cycle.

    EU AI Act, OSFI E-23, SR 26-2, FDA PCCP, DORA, BCBS 239, and ISO 42001 are converging into a single mandatory-spend posture. Boards now carry personal liability on AI controls. The question is no longer whether to govern AI. It is whether the evidence will hold up in front of a regulator at quarter-end, audit-grade, on a schedule the audit committee can defend.

    Cycle 2

    The substrate rebuild cycle.

    Agentic AI is not a feature added to existing stacks. It is forcing a structural rebuild. Agents need governed runtime, identity-bound tool access, sandboxed MCP servers, deterministic audit trails, and a sovereign control plane (data, compute, model, agent runtime) under customer ownership. Generic AI infrastructure (a model endpoint, a vector DB, a script) cannot prove what happened, who authorized it, what data flowed where, or how the controls held under load.

    Forge sits at the intersection. The runtime layer that makes both cycles answerable at the same time, inside the same envelope, against the same evidence model. Not a SaaS overlay. Not a hyperscaler reseller play. The operational substrate.

    THE THREE COMPONENTS

    Three components. One discipline.

    Each component is independently buyable. Together they form a single Governed AI Infrastructure spine. The architecture is deliberate and visible to the buyer on day one. Status is named where it lives, not buried in fine print.

    Governed Tooling Layer

    Available Now

    Inside the Governed Tooling Layer:Managed Tools Catalog·Modern DevOps·Fluxnova on Forge·AI-Native Governed SDLC·Forge Managed AWS

    Governed Tooling Layer.

    Managed runtime for the customer's 55-plus enterprise tool estate (DevOps, security, observability, AI-native development) inside one governed envelope. Where 2025 Modern DevOps meets the 2026 AI-native SDLC under a single set of controls.

    Atlassian, GitHub, GitLab, JFrog, SonarQube run as managed runtime. Cursor, Claude Code, Cortex, Docker, GitHub Copilot run inside an AI-Native Governed SDLC with identity binding, prompt and output logging, secret hygiene, and policy enforcement at the pipeline boundary. Twenty-one years of regulated DevOps DNA, productized for Platform Owners and VPs of Engineering.

    Forge AI Substrate

    Hybrid

    Inside the substrate:Agent Runtime Operations·Governed Foundation Model Access·MCP and Tool Operations·Governed Sovereign Control Plane

    Forge AI Substrate.

    Sovereign operations of the AI stack inside the customer envelope. Four sub-components: Agent Runtime Operations, Governed Foundation Model Access, MCP and Tool Operations, and a Governed Sovereign Control Plane.

    Agent runtime, foundation model usage, MCP servers, identity, keys, and audit logging are run as audit-grade infrastructure rather than as experiments. Built for CTOs, Heads of AI, CISOs, and CAIOs who need agent runtime, model access, and MCP operations to be one governed substrate rather than three disconnected stacks.

    Explore Forge AI Substrate

    Forge Secure AI

    Hybrid

    Three engagements:Assess·Harden·Sustain

    Forge Secure AI (FSAI).

    Governed Infrastructure Assurance. Three phases (Assess, Harden, Sustain) and two subscription tiers (Standard, Premium). FSAI Assess is the low-friction 4-to-6 week on-ramp: a framework-mapped picture of current AI infrastructure risk.

    Standard delivers continuous monitoring, evidence generation, and framework mapping. Premium adds a 24/7 expert-led remediation pod embedded with the customer. FSAI also serves as the on-ramp for net-new customers who need a defensible picture of their current AI infrastructure posture before they commit to deeper substrate work. Built for CAIOs, CISOs, Audit Committees, Heads of Risk, and CROs operating under EU AI Act, OSFI E-23, SR 26-2, FDA PCCP, DORA, BCBS 239, and ISO 42001.

    Explore Forge Secure AI (FSAI)

    The Practice Underneath

    Sovereign Substrate Engineering is iTmethods' codified 21-year practice of operating foundational infrastructure (data, compute, model, agent runtime) under customer ownership and customer control, to audit-grade. Hyperscalers operate their own substrate, not yours. SaaS governance vendors sit above the substrate and report on it. iTmethods runs the substrate inside the customer envelope.

    Read the practice

    Reign · Governance Layer

    Forge runs the runtime. Reign governs every decision it makes. Every Forge surface (Governed Tooling Layer, Forge AI Substrate, FSAI phases) emits structured evidence into Reign's Audit Ledger (CAVR), turned into regulator-ready output through Assurance Packs pre-mapped to 13-plus frameworks. Forge without Reign is governed runtime without a regulator-ready output. Reign without Forge is an evidence layer with nothing operational underneath.

    How Reign integrates

    Deployment

    SaaS
    Dedicated Cloud
    Customer Cloud
    Air-Gapped

    Same architecture across all four topologies.

    See deployment options

    Design Partner Program

    Open

    Co-Develop the In-Flight Components.

    Selected regulated enterprises standing up agentic AI co-develop the in-flight Forge components alongside iTmethods principals. Partners shape the operational pattern that becomes the GA product. They receive named iTmethods architects plus an embedded expert-led pod, lock GA-pricing protection, and become reference customers ahead of general availability.

    Open across banking, capital markets, insurance, life sciences, defense, and public sector. The cohort sizes the engagement to design partner cadence, not to a marketing calendar. Selection prioritizes use cases where the regulator outcome is explicit and the operational scope is well-bounded.

    What partners get. Co-development of the in-flight components (Governed Foundation Model Access, Sovereign Control Plane, FSAI Harden, FSAI Sustain, FSAI Standard and Premium tiers). Reign integration in lockstep, so the Audit Ledger (CAVR) and Assurance Packs are wired into the partner's runtime from day one rather than retrofitted.

    ROADMAP

    The Forge Roadmap to GA.

    Forge is being built and shipped in stages. The Governed Tooling Layer is the 21-year foundation in production today. Forge AI Substrate and Forge Secure AI are shipping in waves through 2026. Subject to design partner co-development cadence.

    Governed Tooling Layer

    Full layer

    Available Now

    Forge AI Substrate

    Agent Runtime Operations

    Available Now

    Forge AI Substrate

    MCP and Tool Operations

    Available Now

    Forge AI Substrate

    Governed Foundation Model Access

    Design Partner Phase

    Forge AI Substrate

    Governed Sovereign Control Plane

    Design Partner Phase

    Forge Secure AI

    FSAI Assess

    Available Now

    Forge Secure AI

    FSAI Harden, Sustain

    Design Partner Phase

    Forge Secure AI

    FSAI Standard, Premium tiers

    Design Partner Phase

    GA windows are co-developed with partners. Dates shift to match design partner cadence rather than a marketing calendar. Components in Design Partner Phase reach GA when the operational pattern is proven, not before. Components in production stay in production: the Governed Tooling Layer is not waiting on anything to ship.

    CUSTOMER BASE AND CREDENTIALS

    Built for Regulated. Operated to Audit-Grade.

    Forge runs production workloads across banking, capital markets, insurance, life sciences, defense, and public sector. The reference base is deep on the regulated side specifically because Forge was built for it.

    SOC 2 Type II

    Continuously maintained since 2018

    Regulated verticals

    Banking · Capital Markets · Life Sciences · Defense · Semiconductor

    North America & Europe

    Operating footprint

    21 Years

    Operating regulated workloads

    Operating mission-critical regulated environments for enterprises across banking, capital markets, life sciences, semiconductor, and defense in North America and Europe. Bootstrapped, profitable, founder-led.

    Talk to Forge.

    For platform owners, CTOs, Heads of AI, and CISOs evaluating Governed AI Infrastructure for production deployment. Or start with FSAI Assess, the framework-mapped 4-to-6 week on-ramp that produces a defensible picture of current AI infrastructure risk and a prioritized remediation path.

    FORGE FAQ

    Frequently asked questions

    What is Forge?
    Forge runs the governed infrastructure underneath production AI. It is the substrate where continuous remediation actually happens, delivered by Forward Deployed Engineers. Three operational layers deliver the outcome: the Governed Tooling Layer produces an audit-grade envelope around the customer's enterprise tool estate; Forge AI Substrate produces a sovereign operational plane for agents, foundation model access, and MCP and tool operations inside the customer envelope; Forge Secure AI produces the productized assurance discipline that closes the runtime-layer remediation loop. All three are underpinned by Sovereign Substrate Engineering and governed by Reign.
    What is Sovereign Substrate Engineering?
    Sovereign Substrate Engineering is iTmethods' codified 21-year practice of operating foundational infrastructure (data, compute, model, agent runtime) under customer ownership and customer control, to audit-grade. Hyperscalers operate their own substrate. SaaS governance vendors sit above the substrate. iTmethods runs the substrate inside the customer envelope.
    What is the difference between Forge and Reign?
    Reign delivers continuous remediation at the governance layer the moment it goes live. Forge extends remediation into the runtime layer. Every Forge surface emits structured evidence into Reign's Audit Ledger (CAVR), and Reign's Assurance Packs are pre-mapped to 13-plus frameworks including EU AI Act, OSFI E-23, SR 26-2, FDA PCCP, DORA, BCBS 239, ISO 42001, NIST AI RMF, and SOC 2. Forward Deployed Engineers close the loop on complex-fix remediation. Three tiers. One outcome.
    What is Available Now versus in Design Partner Phase?
    The Governed Tooling Layer is Available Now. Forge AI Substrate has Agent Runtime Operations and MCP and Tool Operations Available Now; Foundation Model Access and Sovereign Control Plane are in Design Partner Phase. Forge Secure AI has FSAI Assess Available Now; FSAI Harden, Sustain, Standard, and Premium are in Design Partner Phase. See the Forge Roadmap below for current status.
    Where can Forge run?
    Four deployment topologies. SaaS for customers whose data classification permits it. Dedicated Cloud (single-tenant Forge in an iTmethods-operated account). Customer Cloud (Forge inside the customer's own AWS, Azure, or GCP account, under customer keys). Air-Gapped for disconnected, classified, or sovereign environments. Same architecture, same evidence model across all four.
    Who buys Forge?
    Platform Owners, VPs of Engineering, CTOs, and Heads of Developer Productivity buy the Governed Tooling Layer. CTOs, Heads of AI, CISOs, and CAIOs buy Forge AI Substrate. CAIOs, CISOs, Audit Committees, Heads of Risk, and CROs buy Forge Secure AI. Each component is independently buyable.