SECURITY
WE DEFEND YOU. HERE IS HOW WE DEFEND OURSELVES.
As a security company, we hold ourselves to the highest standard. Our platform is built with security-first architecture from the ground up.
MITRE ATT&CK ALIGNEDGDPR-ALIGNED
// 001
SECURITY POSTURE
DATA ENCRYPTION
- >Industry-standard authenticated encryption at rest with per-record key isolation
- >TLS 1.3 for all data in transit
- >Zero plaintext storage of credentials or tokens
- >API key hashing with memory-hard algorithms (lookup by prefix, verify by hash)
ACCESS CONTROL
- >Secure authentication with token-based validation
- >Role-based access control (RBAC) with least-privilege defaults
- >Mandatory MFA for all accounts
- >Session management with configurable timeout
INFRASTRUCTURE SECURITY
- >Immutable infrastructure: all deployments are fresh containers
- >Network segmentation between services
- >Non-root container execution for all services
- >Secrets managed via environment variables, never in code
DATA PRIVACY
- >GDPR-aligned data processing
- >No customer data used for model training
- >Right to erasure with cryptographic verification
- >Alarm values never stored in plaintext on our servers
AUDIT AND LOGGING
- >Immutable audit log of all platform actions
- >Analytics pipeline with configurable TTL-based retention
- >Full alert event history with metadata
- >Agent health monitoring and status tracking
INCIDENT RESPONSE
- >Responsible disclosure program
- >Security contact: security@agentdefenders.ai
- >Post-incident transparency reports
- >Automated lockdown actions on critical alerts
// 002
SHIELD AGENT SECURITY
The Shield agent runs on your infrastructure. Here is how we ensure it operates safely and does not introduce risk.
ALARM DEPLOYMENT
- >Safe file writes that never overwrite existing files
- >Collision checks before deploying alarm credentials
- >Manifest tracks locations but never stores alarm values
- >Automated rollback on deployment failure
FILE MONITORING
- >Intelligent event batching to reduce noise
- >Process attribution for file access events
- >Configurable process allowlist for your environment
- >Rate limiting to prevent alert flooding
NETWORK SECURITY
- >Network monitors on unused ports only
- >Decoy credentials using modern cryptography
- >All agent-to-server communication over TLS
- >GeoIP enrichment on alert events
RESPONSIBLE DISCLOSURE
Found a vulnerability? We take security reports seriously and respond within 24 hours.
REPORT A VULNERABILITY