SECURITY
WE DEFEND YOU. HERE IS HOW WE DEFEND OURSELVES.
As a security company, we hold ourselves to the highest standard. Our platform is built with security-first architecture from the ground up.
MITRE ATT&CK ALIGNEDGDPR-ALIGNED
// 001
SECURITY POSTURE
DATA RESIDENCY
- >Your data is stored on dedicated infrastructure in Germany (EU)
- >All data stays within the EU
- >No third-party sub-processors have access to your raw data
DATA ENCRYPTION
- >Industry-standard authenticated encryption at rest with per-record key isolation
- >TLS 1.3 for all data in transit
- >Zero plaintext storage of credentials or tokens
- >API key hashing with memory-hard algorithms (lookup by prefix, verify by hash)
ACCESS CONTROL
- >Secure authentication with token-based validation
- >Role-based access control (RBAC) with least-privilege defaults
- >Multi-factor authentication supported via identity provider
- >Session management with configurable timeout
INFRASTRUCTURE SECURITY
- >Immutable infrastructure: all deployments are fresh containers
- >Network segmentation between services
- >Non-root container execution for all services
- >Secrets managed via environment variables, never in code
DATA PRIVACY
- >EU data residency with TTL-based retention policies
- >No customer data used for model training
- >Account data deletion available on request (email security@agentdefenders.ai)
- >Alarm values never stored in plaintext on our servers
AUDIT AND LOGGING
- >Immutable audit log of all platform actions
- >Analytics pipeline with configurable TTL-based retention
- >Full alert event history with metadata
- >Agent health monitoring and status tracking
// 002
INFRA SHIELD AGENT SECURITY
The Infra Shield agent runs on your infrastructure. Here is how we ensure it operates safely and does not introduce risk.
ALARM DEPLOYMENT
- >Safe file writes that never overwrite existing files
- >Collision checks before deploying alarm credentials
- >Manifest tracks locations but never stores alarm values
- >Automated rollback on deployment failure
FILE MONITORING
- >Intelligent event batching to reduce noise
- >Process attribution for file access events
- >Configurable process allowlist for your environment
- >Rate limiting to prevent alert flooding
NETWORK SECURITY
- >Network monitors on unused ports only
- >Decoy credentials using modern cryptography
- >All agent-to-server communication over TLS
- >GeoIP enrichment on alert events
// 003
DATA HANDLING
Understanding what data our products collect and where it goes.
MCP SCANNER
- >Runs locally. No data leaves your machine unless you pass an API key.
- >With an API key: scan grades and finding metadata are uploaded. Tool descriptions and config paths are included for context. No credentials are transmitted.
INFRA SHIELD AGENT
- >Sends heartbeats (hostname, version, status) to the Infra Shield API over TLS.
- >On alarm trigger: source IP, user agent, and request metadata are captured. Alarm secret values are never transmitted to our servers.
RESPONSIBLE DISCLOSURE
Found a vulnerability? Email security@agentdefenders.ai. We respond within 48 hours.
REPORT A VULNERABILITY