Security

Last updated: April 2, 2026

We secure AI agents for a living. We hold ourselves to an even higher standard. This page details the security measures we apply to the Aegis platform itself — because a security tool is only as trustworthy as its own defenses.

Infrastructure Security

Hosting & Isolation

  • Hosted on SOC 2 Type II certified cloud infrastructure
  • Tenant data is logically isolated — strict access boundaries prevent cross-tenant data access
  • All production systems run in hardened, minimal containers with read-only filesystems where possible
  • Network segmentation isolates the monitoring pipeline from the web application layer

Encryption

  • In transit: TLS 1.3 enforced on all external connections. HSTS enabled. Certificate transparency monitored.
  • At rest: AES-256 encryption for all stored data, including backups
  • Secrets management: API keys and credentials stored in dedicated secrets managers — never in code, logs, or environment variables at rest

Application Security

Authentication & Access

  • Password hashing using bcrypt with appropriate cost factors
  • Session tokens with strict expiration and rotation policies
  • API authentication via short-lived JWT tokens
  • Rate limiting on all authentication endpoints to prevent credential stuffing

Secure Development

  • All code changes require peer review before merge
  • Automated dependency scanning for known vulnerabilities (CVEs)
  • Static analysis integrated into the CI/CD pipeline
  • No production access from development environments

Operational Security

Monitoring & Incident Response

  • 24/7 automated monitoring of platform health and security events
  • Anomaly detection on our own systems — we use the same behavioral analysis we provide to customers
  • Incident response plan with defined severity levels, response times, and communication protocols
  • Post-incident reviews published as transparency reports for significant events

Data Handling

  • Automated data retention enforcement — telemetry data purged after retention period
  • Audit logging on all data access by internal staff
  • Annual third-party penetration testing
  • Employee access follows least-privilege principle — engineers cannot access customer data without documented justification

Vulnerability Disclosure

We welcome responsible security research on the Aegis platform. If you discover a vulnerability:

  • Report it to security@aegis-security.com
  • Include steps to reproduce, impact assessment, and any proof-of-concept
  • We commit to acknowledging reports within 24 hours
  • We will not pursue legal action against good-faith security researchers
  • We credit researchers in our security advisories (with permission)

Compliance

  • OWASP Alignment: Our detection capabilities map to the OWASP Top 10 for Agentic Applications (2025)
  • SOC 2: Platform designed to SOC 2 Type II controls
  • GDPR: Data processing compliant with EU General Data Protection Regulation
  • EU AI Act: Monitoring capabilities designed to support customers' EU AI Act compliance obligations

Contact

Security questions or vulnerability reports: security@aegis-security.com

PGP key available on request for encrypted communications.