Trying out Axiom-Core for a restricted LLM setup — a couple of questions

[mike-labX]

Hey

I’ve been poking around Axiom-Core a bit and really like the direction here, so figured I’d ask a couple of things while it’s fresh.

We’ve been trying to use cloud LLMs on internal data, but every time we get close, compliance shuts it down. Redaction helps a bit but usually kills the reasoning quality, and fully on-prem setups feel like a step backwards.

I tried running a few examples locally with axiom-core, and it’s interesting that the output still feels “reason-able” for an LLM while the raw input never leaves. That’s not something we’ve had much luck with using typical PII masking tools.

One thing I wanted to double-check - is the idea that Axiom basically makes it impossible (by design) for raw identifiers to leak downstream, rather than relying on best-effort filtering? That mental model would make a lot of sense for how we’re thinking about boundaries internally.

Also curious how you think about audits / reproducibility. Should the same input always map to the same transformed output? That’s usually something compliance folks care about.

Anyway, this feels more like a real infra primitive than another “privacy layer,” which is refreshing. Just trying to understand if this is the right building block for what we’re doing.

Nice work on this

[AI-God-Dev]

Hi @mike-labX , glad you took a look, and thanks for the thoughtful questions

You’re basically spot on with the boundary mental model. The goal with Axiom-Core is to make raw identifiers structurally impossible to pass downstream by default, not just filtered out on a best-effort basis. The transformation step is meant to be the only thing that ever “sees” raw input.

On determinism: yes, for the same input + config, the output is intended to be deterministic. That’s mostly driven by audit and reproducibility needs, we’ve found that’s a hard requirement in regulated environments, not a nice-to-have.

On the reasoning-quality side, you’re right that there’s a tuning aspect. In practice, it usually comes down to how aggressive the abstraction policy is. Different domains end up needing slightly different tradeoffs, and we’ve been trying to keep that explicit rather than hidden.

And yeah , the intent is very much for this to be an infra primitive, not another privacy wrapper. If you end up pushing it further and run into rough edges, definitely feel free to open issues or share feedback. That kind of input is super useful for us right now.

Appreciate you checking it out.