Overview

This page covers the contribution model, the privacy controls, the cohort matching logic, and the data flow from contribution through warning. For the buyer-facing summary, see the Draxis Axon page. For the trust-center entry, see the Trust Center.

What is contributed

Draxis contributes the following on behalf of each tenant to the Axon network:

  • Drift direction: bucketed as TRENDING_UP / STABLE / TRENDING_DOWN for each KRI over a rolling window. Not the raw value. Not the delta. The direction.
  • Taxonomy node: the canonical Draxis KRI taxonomy node the KRI maps to. Not the tenant’s internal KRI name. Not the source tool.
  • Visibility band: whether the KRI is K0 (fully observed), K1 (partially observed), or in the U1–U3 uncertainty range. This is a first-class precursor feature: visibility degradation before an incident is itself a signal.
  • Event tag (when applicable): if a tenant logs an incident or near-miss, a bucketed time-distance tag associates the pre-event drift snapshot with the event type. This is what builds the precursor signature library.

The following are never contributed:

  • Raw KRI values
  • Tool names, vendor names, or integration identifiers
  • Organization name, industry, or size
  • User identifiers or IP addresses
  • Anything covered by a tenant’s data residency configuration

Privacy controls

k-anonymity floor

No signature is published to the network unless it is supported by at least k=5 contributing tenants with at least 8 contributing events. Signatures that do not meet this floor are suppressed until the threshold is reached.

Cohort matching

Tenants are matched to cohorts based on bucketed characteristics: size band, tech stack profile class, and industry vertical. Cohort composition is never exposed. Signal and Intelligence tier customers see median and quartile bands for their cohort, not individual peer data.

Scheduled republication

Signatures are republished on a regular schedule rather than on event triggers. This prevents differencing attacks where a tenant could infer individual contributions by observing changes in the network output.

Opt-out

Contribution is default-on. A contractual opt-out is available on request. Opting out removes the tenant from the contribution pool and from all Axon-derived benefit, including the foundational signal quality improvement that applies at the Monitor tier.

Carrier consent gate

Carrier and underwriting access to Axon network aggregates (cohort loss rates, drift pattern prevalence, incident frequency by profile class) is a separate, explicit consent gate. It is not bundled with standard product participation. No tenant’s data is accessible to a carrier without that tenant’s explicit consent.

Tier access

CapabilityMonitorSignalIntelligence
Contribution to Axon network
Foundational warning quality improvement
Cohort benchmarking (median/quartile)
Explicit cross-tenant precursor warnings
Carrier/underwriter reportingSeparate consentSeparate consentSeparate consent

Data flow

  1. KRI collection. Draxis ingests KRI values from connected integrations and the AI Drop Zone on the tenant’s normal collection schedule.
  2. Bucketing. Raw values are bucketed to directional drift signals at collection time. Raw values are stored in the tenant’s partition only. Bucketed signals are what the Axon pipeline consumes.
  3. Taxonomy mapping. Each KRI is mapped to a node in the Draxis canonical KRI taxonomy (seeded from the CIS Controls v8.1 domain library). Axon operates on taxonomy nodes, not tenant KRI identifiers.
  4. Contribution. Bucketed drift vectors are written to the Axon contribution pool with a tenant cohort key (not a tenant identifier). The cohort key is a deterministic hash of bucketed cohort attributes; reversing it to a tenant identity requires knowing the input attributes, which are never stored alongside the key.
  5. Signature computation. The Axon pipeline aggregates contributions, applies k-anonymity floors, and computes drift signatures associated with historical event outcomes. Signatures are stored in the shared signature library.
  6. Matching. The matching service compares each tenant’s live drift vector against the signature library on a rolling basis. Matches above the confidence threshold generate warning candidates.
  7. Warning dispatch. Warning candidates are reviewed against the tenant’s local context and dispatched as early warnings in the Draxis UI and configured notification channels.

Questions

privacy@draxis.ai for data handling and opt-out requests.
security@draxis.ai for architecture questions.