Security built for the AI era.
Tenant isolation at compute, data, and model level. Per-customer KMS keys. Audit-grade observability. Compliance certifications you can hand to procurement.
SOC 2 Type II
Renewed annually by independent auditor.
ISO 27001
Certified ISMS · annual surveillance audit.
HIPAA
BAA available on Enterprise tier.
FedRAMP
Moderate in-process · High on the roadmap.
EU AI Act
Conformity assessment + risk registry.
GDPR
EU data residency · DPA on request.
ISO 42001
AI management system certified.
PCI DSS
L1 service provider scope.
Defense in depth, for agents.
Tenant isolation
Schema-per-tenant for Enterprise, RLS for Growth, per-tenant KMS keys, per-tenant vector indices.
Prompt-injection defense
Input sanitization, tool allowlists, output validators, isolated tool sandboxes.
Secrets
HashiCorp Vault + AWS KMS. Short-lived tokens. No long-lived credentials in env.
Audit log
Immutable append-only log of every agent action. Export to SIEM. Held 7 years.
PII handling
Microsoft Presidio + custom redaction at ingress. PII never leaves customer KMS scope.
Pen-testing
Annual third-party pen-test. HackerOne bug bounty. Public security.txt.