Model Card · NAVI (Altara Compliance Intelligence Engine)
NAVI is the analytical layer that sits behind every Altara module — Altara Core (AI Governance Assessment & Maturity Report), Altara Sentinel (Digital Trust & Scam Defence) and the operational managed-services workflows. This card describes the model NAVI is built on, the way it is used inside Altara, the controls that wrap it, and the limitations regulators, customers and auditors should be aware of.
| Field | Value |
|---|---|
| Card version | 1.0 |
| Card last reviewed | 27 February 2026 |
| Card owner | Altara Core Governance Team — hello@altaracore.ai |
| Model name (internal) | NAVI |
| Underlying foundation model | Anthropic Claude Sonnet 4.5 |
| Provider model ID | claude-sonnet-4-5-20250929 |
| Provider | Anthropic, PBC |
| Access route | Emergent Universal LLM Key (managed by Emergent Labs) — Altara does not hold raw Anthropic credentials |
| Modalities | Text in / text out · vision (image input) for evidence analysis |
| Context window | 200 000 tokens (provider-published) |
| Knowledge cutoff | Provider-managed — see Anthropic's published documentation for the latest cutoff |
| Deployment regions | Anthropic infrastructure as exposed by Emergent — see "Data Flow & Residency" below |
1. Purpose & Intended Use
NAVI is used as an analytical assistant that turns the evidence a user supplies into governance-grade observations, summaries, scores, and structured recommendations.
Primary use cases
| # | Use case | Where in Altara | Output |
|---|---|---|---|
| 1 | AI Maturity Report analysis | Altara Core / Maturity Assessment | Executive summary, per-pillar narrative, peer comparison commentary, 30 / 90 / 180 / 365-day phased roadmap, framework implications |
| 2 | AI application risk classification & DPIA / FRIA drafting | Altara Core / AI Registry Wizard | Risk score, classification rationale, suggested control set |
| 3 | Vendor due-diligence question drafting & evidence review | Altara Core / Managed Services | Drafted DDQ responses, gap notes, evidence requests |
| 4 | Scam analysis — text, URLs, screenshots, voice-note transcripts | Altara Sentinel | Trust score, behavioural risk indicators, customer-facing explanation |
| 5 | OCR-style evidence reading from screenshots and document images | Altara Sentinel + Altara Core | Structured extraction of claims, brand names, payment requests |
Primary users
- Compliance, Risk, Audit, Data Protection and AI Governance professionals.
- Altara managed-services analysts running engagements on behalf of customers.
- Front-line bank / fintech operators using the Sentinel WhatsApp simulator and consumer-protection flows.
Out-of-scope
NAVI is not authorised to:
- Produce binding legal opinions, regulatory interpretations or formal regulatory advice.
- Replace internal audit, external assurance or supervisory engagement.
- Make fully-automated, irrevocable decisions about a person, transaction or AI application — every materially impactful output is HITL-gated (see §6).
2. Inputs
- Text: free-text answers, policy documents, vendor SOC reports, customer support transcripts, scam reports (typed or pasted).
- Images: screenshots of suspicious messages, document scans, brand assets supplied for impersonation analysis. JPEG / PNG / WEBP up to platform-defined size limits.
- Structured payloads: the 35-question Maturity Assessment Likert scores, AI Registry Wizard answers, DPIA / FRIA forms.
System and developer prompts are versioned (PROMPT_VERSION) and shipped alongside the code. Every outbound request is stripped of unnecessary PII at the application layer before it reaches NAVI; raw identifiers are not used for prompt construction unless the use case explicitly requires it.
3. Outputs
- Narrative text rendered in the Altara UI and in the generated PDF reports (Maturity Report, DPIA, FRIA, Vendor DDQ, Sentinel case summary).
- Structured JSON for downstream rendering — pillar scores, band labels, framework implications, phased roadmap entries, trust-score components.
- Suggested next-steps and HITL prompts that human reviewers must read, approve, edit or reject before any externally-visible action is taken.
Outputs are accompanied by a stable NAVI Disclosure & HITL notice in every PDF, every email and on the Transparency page.
4. Training Data & Lineage
The underlying foundation model (Claude Sonnet 4.5) was trained by Anthropic on a corpus and with a methodology that Altara does not control and cannot independently verify. Altara has not contributed proprietary training data; the model is used in inference-only mode. No customer evidence is used to fine-tune or further train the base model.
For full base-model lineage refer to Anthropic's official model documentation and Anthropic Acceptable Use Policy.
5. Performance & Evaluation
Because NAVI is used as a drafting / analytical assistant with mandatory human review, Altara evaluates NAVI on fit-for-purpose dimensions rather than single accuracy numbers:
| Dimension | How Altara evaluates it |
|---|---|
| Factual accuracy on governance content | Spot-check sampling by Altara compliance specialists per engagement; analyst sign-off captured in the audit log |
| Framework citation correctness | Curated test set of NIST AI RMF, ISO/IEC 42001, OECD AI Principles, EU AI Act prompts — re-run before any prompt or model version change |
| Risk-score determinism | Maturity scores are not generated by NAVI — they are computed deterministically by score_assessment() in /app/backend/maturity/scoring.py. NAVI only narrates them. |
| Refusal handling | Test set of prompts that should be refused (legal opinions, regulatory interpretations) — NAVI is expected to decline and surface a HITL escalation |
| Sentinel scam analysis | Internal labelled set of historical fraud / impersonation samples; reviewed when prompts change |
Quantitative metrics are not published per release because (a) outputs are narrative not classification, and (b) the model provider rotates underlying weights independently of Altara.
6. Human-in-the-Loop (HITL) Checkpoints
Every materially impactful NAVI output is gated by a documented HITL checkpoint:
- Pre-submission HITL confirmation — the Maturity Assessment NAVI disclosure modal requires the user to explicitly acknowledge that NAVI is an AI assistant and that the output supports, but does not replace, human decision-making.
- Managed-services analyst sign-off — for paid engagements, an Altara specialist reviews every NAVI-drafted DPIA / FRIA / vendor DDQ before it is delivered to the customer.
- Sentinel case approval — when a scam case is escalated to a sponsoring bank, a human analyst confirms the NAVI trust-score before the alert is dispatched.
- PDF disclaimer — every PDF report includes the disclaimer and copyright page that explicitly positions NAVI as an analytical aid and disclaims liability for unreviewed reliance.
7. Data Flow & Residency
[ User browser ]
│ (HTTPS)
▼
[ Altara React frontend ]
│ (REACT_APP_BACKEND_URL · HTTPS)
▼
[ Altara FastAPI backend ]
│ (Universal Emergent LLM Key · HTTPS)
▼
[ Emergent LLM gateway ]
│
▼
[ Anthropic Claude Sonnet 4.5 ]
- Prompts and responses transit Anthropic and Emergent infrastructure.
- Altara stores prompts and outputs that are part of a customer artefact (e.g. the Maturity Report, a Sentinel case) so the customer can replay and audit them via the Data-Rights Bundle.
- Anthropic's data-handling for prompts is governed by Anthropic's published API data-use policy. Anthropic states that API inputs are not used to train models by default — Altara relies on that contractual position and does not opt into any training feedback.
- Sensitive customer files (screenshots, voice recordings) are stored in Altara-managed storage and never persisted by Anthropic.
If region-specific residency is required for a regulated tenant, contact hello@altaracore.ai — Altara can deploy on a per-tenant basis with a regional LLM endpoint and a signed DPA.
8. Known Limitations & Failure Modes
- Hallucination risk — like all large language models, NAVI can produce confident-sounding statements that are not factually correct. Treat every NAVI output as a draft, not as truth.
- Regulatory specificity — NAVI's knowledge is broad but not jurisdiction-exhaustive. For SADC / EU / US sector-specific rules, an Altara managed-services analyst must validate.
- Date sensitivity — the base model has a knowledge cutoff; recent regulatory developments may not be reflected. Altara mitigates this by curating a current regulatory knowledge pack supplied at runtime.
- Bias — biases present in the base model's training data can surface in narrative tone, recommendations and sector assumptions. Altara actively reviews outputs for tone in vulnerable-customer scenarios and culturally-specific sectors.
- Adversarial prompts — users may attempt prompt-injection via uploaded documents or chat. Altara applies an input sanitiser and a system-prompt hardening layer; Sentinel additionally classifies suspicious instruction patterns.
- Vision limits — image OCR/analysis is high-recall but not 100 % accurate; for evidentiary use the human reviewer must visually confirm critical fields.
9. Monitoring, Incident Handling & Drift
- Operational telemetry — every NAVI invocation is logged with prompt version, model ID, latency and outcome bucket. Logs feed an internal dashboard reviewed by the Altara governance team.
- Provider-side drift — model upgrades by Anthropic are tracked via Emergent's release notes. Altara pins the model ID (
claude-sonnet-4-5-20250929) so silent model changes cannot occur without a code change in Altara. - Customer-reported issues —
hello@altaracore.aiis the disclosed contact for any concern about a NAVI output. Triage SLA: acknowledge in 1 business day, resolve / explain in 5 business days. - Kill switch — feature flags in the backend allow NAVI to be disabled per-module without redeploying the platform.
10. Frameworks This Card Maps To
| Framework | Section |
|---|---|
| NIST AI RMF 1.0 | Govern · Map · Measure · Manage — this card is the published "Measure" artefact for the deployer |
| ISO/IEC 42001 | Annex A.6 (Data governance for AI), Annex A.7 (Information for interested parties), Annex A.9 (Use of AI systems) |
| EU AI Act | Article 13 (transparency), Article 26 (deployer obligations), Article 50 (transparency obligations for certain AI systems) |
| OECD AI Principles | Transparency & explainability · Robustness, security and safety · Accountability |
| POPIA (South Africa) | s.71 (automated decision-making) — NAVI does not make solely-automated decisions; this card evidences the HITL position |
| GDPR | Article 22 — same position; HITL checkpoints documented |
11. Versioning & Change Log
| Card version | Date | Change |
|---|---|---|
| 1.0 | 2026-02-27 | Initial public publication of the NAVI model card. Base model pinned to claude-sonnet-4-5-20250929. |
A new card version is published whenever (a) the underlying foundation model is changed, (b) the system-prompt scope is materially changed, (c) new use cases are added, or (d) data-flow / residency changes.
12. Contact & Reporting
- Card owner / questions —
hello@altaracore.ai - Responsible AI / incident reporting —
hello@altaracore.ai· subject[NAVI-INCIDENT] - Data-rights / NAVI-output access requests — every Maturity Report carries a Data-Rights Bundle download link; for other modules, email
hello@altaracore.aiwith the subject[ALTARA-DATA-RIGHTS].
Altara Core is a division of Navigate Group (Pty) Ltd · Reg No 2016/343423/07. This document is published as a public AI transparency artefact. © Navigate Group (Pty) Ltd — all rights reserved.