SHIELD/ATLAS — LLM Provider Matrix
ATLAS is LLM-agnostic by design. The orchestrator routes every AI call through the highest-authority backend available on the current network, with automatic failover and a corpus-only RAG floor when no provider is reachable. The four backends below are wired today; the lane status shows where each holds (or is pursuing) authority.
GPT-4o (OpenAI)
Microsoft / OpenAI · default model gpt-4o
Internet / Azure commercialACTIVETier 2 on the failover ladder. Active in production.
Azure Government IL5READYAdapter routes through Azure OpenAI on Azure Government when AZURE_OPENAI_GOV_ENDPOINT is configured. IL5 ATO held by Microsoft.
SIPR (Azure Gov Secret)READYCuts over via the same adapter the moment a SIPR Azure Gov Secret tenant credential is provisioned.
JWICSPENDINGAwaiting Azure Government Top Secret availability.
Microsoft's Azure Government hosts GPT-4o at IL5. ATLAS is wired to swap to that endpoint with a single env var change.
Grok (xAI)
xAI / Oracle · default model grok-4-fast-non-reasoning
xAI commercialACTIVEXAI_API_KEY configured 2026-05-05. Tier 3 in the failover ladder (fires only when OpenAI and Gemini both refuse, e.g. military-specific content policy edges). Default model grok-4-fast-non-reasoning chosen for cost discipline; override via GROK_MODEL env var.
Oracle Government CloudREADYxAI has a published partnership with Oracle Government Cloud. ATLAS adapter is endpoint-agnostic.
Oracle Gov SecretPENDINGAwaiting public availability. ATLAS adapter ships now.
JWICSPENDINGAwaiting Oracle Government Top Secret availability.
Specifically named by the warfighter SME as a preferred classified-network LLM. Adapter and config are in place; account onboarding is the only gating item.
Gemini (Google)
Google Public Sector · default model gemini-2.5-pro
Vertex AI / OpenRouterACTIVETier 3 of the failover ladder. Reachable today via OpenRouter and via Vertex AI on the commercial cloud.
Google Distributed Cloud HostedREADYAdapter routes to GDC Hosted (IL5 capable) when configured.
Gemini Enterprise on SIPRPENDINGGoogle Public Sector ETA Q4 2026 per industry reporting and warfighter SME guidance. ATLAS will cut over with a config change.
Gemini Enterprise on JWICSPENDINGRoadmap item for Google Public Sector. ATLAS adapter is forward-compatible.
When Gemini Enterprise reaches SIPR, ATLAS agents become callable as Gemini Enterprise workflow nodes with no additional integration work.
On any AI call: orchestrator selects the highest-authority backend available on the operating network, calls it, records the result in the AI Audit Engine, and surfaces the tier and grounding tag (GREEN / AMBER / RED) on the response. If a tier fails, the next tier is attempted with the failure reason logged. No silent fallback. See GET /api/ai/orchestrator/health.
Azure Government (IL5)
Microsoft · verified DoD CC SRG IL5 PA
DISA PA letterMicrosoft Azure Government Cloud holds DISA Provisional Authorization at IL5; renewed annually. Reference: azure.microsoft.com/en-us/explore/global-infrastructure/government/ · DISA Cloud Service Catalog at cyber.mil/dccs (filter "Microsoft Azure Government").
FedRAMPFedRAMP High baseline. Reference: marketplace.fedramp.gov — CSO "Microsoft Azure Government" (Status: Authorized).
OpenAI / GPT modelsAzure OpenAI Service available in Azure Government regions (USGov Virginia, USGov Arizona) for IL5 workloads. Reference: learn.microsoft.com/azure/ai-services/openai/azure-government.
Oracle Government Cloud (IL5)
Oracle · OCI Government Cloud regions
DISA PA letterOCI US Government Cloud holds DISA IL5 PA across designated regions. Reference: oracle.com/government/cloud-regions · DISA Cloud Service Catalog.
FedRAMPFedRAMP High authorized. Reference: marketplace.fedramp.gov — CSO "Oracle Cloud Infrastructure US Government Cloud".
xAI Grok hostingxAI announced Grok-on-OCI partnership (2024-Q4). Government tenant availability follows OCI Gov region authority. Reference: oracle.com/news/announcement/oracle-and-xai.
Google Distributed Cloud (air-gapped / IL6 path)
Google Public Sector · GDC Hosted & Air-gapped
IL5 / IL6GDC Hosted targets IL5; GDC Air-gapped targets IL6 / SIPR-class deployments. Reference: cloud.google.com/distributed-cloud · Google Public Sector announcement 2024.
Gemini availabilityGemini Enterprise pathway through GDC for classified isolation. Reference: cloud.google.com/blog/topics/public-sector.
DISA cloud authority — primary source
Defense Information Systems Agency
Cloud Computing SRGAuthoritative impact-level definitions (IL2 / IL4 / IL5 / IL6) and PA process. Reference: cyber.mil/dccs · DoD Cloud Computing Security Requirements Guide v1r4.
Provisional Authorization listLive list of cloud services with active DISA PA. Reference: DISA cyber exchange — "Cloud Service Catalog". Audit ATLAS provider claims against this list before any ATO conversation.