SECURITY
WE DEFEND YOU. HERE IS HOW WE DEFEND OURSELVES.
As a security company, we hold ourselves to the highest standard. Our platform is built with security-first architecture from the ground up.
Items marked [PLANNED] are architecture targets for the full platform launch.
MITRE ATT&CK ALIGNEDGDPR-ALIGNEDSOC2 TYPE IIPLANNEDISO 27001PLANNEDPCI-DSSPLANNEDHIPAAPLANNED
// 001
SECURITY POSTURE
DATA ENCRYPTION
- >AES-256-GCM at rest, TLS 1.3 in transit
- >Customer-managed KMS keys (AWS KMS, GCP Cloud KMS, Azure Key Vault) [PLANNED]
- >Zero plaintext storage of credentials or tokens
- >Hardware security module (HSM) integration for key ceremonies [PLANNED]
ACCESS CONTROL
- >Role-based access control (RBAC) with least-privilege defaults
- >SSO via SAML 2.0 and OIDC (Okta, Azure AD, Google Workspace) [PLANNED]
- >Mandatory MFA for all accounts
- >Session management with configurable timeout and IP allowlisting
INFRASTRUCTURE SECURITY
- >Dedicated VPC per customer on Combatant and War Room tiers [PLANNED -- Combatant/War Room]
- >Network segmentation with microsegmentation policies
- >Air-gapped deployment option for War Room tier [PLANNED -- War Room]
- >Immutable infrastructure: all deployments are fresh containers
DATA PRIVACY
- >GDPR Article 28 compliant data processing agreement
- >Data residency options: US, EU, APAC
- >Right to erasure with cryptographic verification
- >No customer data used for model training — ever
AUDIT AND LOGGING
- >Immutable audit log of all platform actions
- >Real-time SIEM export (Splunk, Elastic, Datadog)
- >Quarterly penetration testing by third-party firms [PLANNED]
- >Annual SOC 2 Type II audit by independent auditor [PLANNED]
INCIDENT RESPONSE
- >Dedicated security incident response team
- >1-hour SLA for critical vulnerabilities (War Room)
- >Responsible disclosure program with bug bounty
- >Post-incident transparency reports
// 002
OPENCLAW SHIELD SECURITY
OpenClaw Shield extends our security posture to protect AI personal assistant deployments. Every OpenClaw instance monitored by Shield benefits from our full security infrastructure.
SUPPLY CHAIN INTEGRITY
- >Static analysis of all ClawHub skills via hash matching
- >Known malicious hash database (ClawHavoc samples)
- >Prompt injection pattern detection in SKILL.md files
- >Automated quarantine of flagged skills (Pro)
MEMORY PROTECTION
- >Cryptographic hash monitoring of SOUL.md and MEMORY.md
- >Automatic restore from last known good state (Pro)
- >Detection of time-shifted prompt injection patterns
- >Quarantine mode for compromised instances (Pro)
NETWORK HARDENING
- >Gateway binding audit (default 0.0.0.0 to 127.0.0.1)
- >WebSocket origin validation enforcement
- >Egress traffic monitoring (coming soon)
- >Automated token rotation on incident detection (Pro, coming soon)
RESPONSIBLE DISCLOSURE
Found a vulnerability? We take security reports seriously and respond within 24 hours. Qualifying reports are eligible for our bug bounty program.
REPORT A VULNERABILITY