Security at ai-agents.bar

We continuously align our security program with leading standards and frameworks:

• SOC 2 Type II — annual audit covering Security, Availability and Confidentiality trust principles. Reports available under NDA.
• ISO/IEC 27001 — Information Security Management System certification.
• GDPR & UK GDPR — privacy-by-design controls, DPIA support, DPA available at /dpa.html.
• HIPAA — BAA available for eligible enterprise customers (on request).
• NIST CSF & OWASP ASVS — used as design and review baselines.

To request our latest SOC 2 report, ISO certificate or security whitepaper, see the CTA below.

The ai-agents.bar platform runs on a hardened, multi-tenant cloud infrastructure with dedicated isolation guarantees:

• Sandboxed execution. Every agent run executes inside an ephemeral, isolated container with restricted egress, capability-based permissions and tight resource limits.
• Zero-trust network. All internal service-to-service traffic uses mutual TLS and short-lived workload identities. There is no implicit trust between services.
• Multi-tenant isolation. Logical isolation is enforced at the application, database, queue and object-storage layers, with cryptographically scoped tenant identifiers on every request.
• Hardened images. Base images are built from minimal distributions, regularly patched, scanned with SAST/DAST and image-vulnerability tooling, and signed with verifiable provenance.
• Infrastructure as code. All infrastructure changes go through code review, automated policy checks (OPA) and audit logging.

In transit. All external traffic is encrypted with TLS 1.3 (1.2 minimum negotiated). HSTS is enabled. Internal service traffic uses mTLS.

At rest. All persistent data — databases, object storage, backups, logs and ephemeral disks — is encrypted with AES-256-GCM.

Key management. Keys are managed in a FIPS 140-2 Level 3 validated KMS. Customer master keys are rotated automatically; data-encryption keys are unique per tenant and rotated on a defined schedule. We support BYOK (Bring Your Own Key) for enterprise plans.

Secrets. Customer secrets (API keys, OAuth tokens) are stored in a dedicated secret store with envelope encryption, scoped access tokens and full audit logging on access.

Customer-facing.

• Role-based access control (RBAC) with granular permissions per workspace, agent and integration.
• Single sign-on via SAML 2.0 and OpenID Connect.
• SCIM 2.0 user provisioning and deprovisioning.
• Multi-factor authentication (TOTP and WebAuthn) — required for admin roles, configurable for all users.
• IP allowlisting and session timeout policies on enterprise plans.
• Comprehensive audit logs covering authentication events, configuration changes and agent actions; exportable via API and to your SIEM.

Internal.

• Least-privilege access enforced through identity-aware proxies; no shared credentials.
• Hardware-backed MFA mandatory for all employees with access to production systems.
• Just-in-time, time-bound, peer-approved access to production with full session recording.
• Quarterly access reviews and immediate offboarding tied to HRIS events.

Agentic systems introduce new categories of risk. We engineer specific controls for them:

• Runtime guardrails. Policies enforced at the execution layer — not via prompts — that constrain which tools, integrations and data scopes an agent can use, with deterministic deny-by-default behaviour.
• Blast radius controls. Quotas on outbound actions per run (e.g. number of emails sent, records modified, dollars committed), with hard caps and graceful failure modes.
• Human-in-the-loop gates. Configurable approval steps for high-stakes actions such as external communications, financial transactions or data deletions.
• Prompt-injection defences. Input sanitisation, untrusted-content tagging, tool-call allow-lists and response evaluation. We treat all integration content as potentially adversarial.
• Output safety filters. Configurable policies that flag or block disallowed content categories before delivery.
• Full audit trail. Every action, decision, tool call, intermediate reasoning step and human approval is logged, timestamped and queryable in real time.
• Reversibility tooling. Where supported by the integration, we capture pre-action state to enable rollback or compensating actions.

We engage a vetted set of sub-processors for hosting, foundation models, analytics, support and billing. Each is bound by a written agreement consistent with our security commitments and our DPA.

An up-to-date list of sub-processors is maintained and provided on request. To subscribe to email notifications of changes (added at least 30 days in advance, where required), email security@ai-agents.bar.

We operate a 24/7 on-call rotation backed by automated detection across infrastructure, application and identity layers. Our incident response plan covers detection, containment, eradication, recovery and post-incident review.

We will notify affected customers of confirmed personal-data breaches without undue delay and, in any case, within 72 hours of becoming aware, providing the information required to assess impact and respond. See our DPA for contractual commitments.

Status, scheduled maintenance and incident updates are published on our status page and notified via email and in-product banners.

We welcome reports from independent security researchers. To report a vulnerability, email security@ai-agents.bar with reproduction steps and proof of concept. PGP key available on request.

We commit to:

• Acknowledge receipt within 2 business days.
• Provide an initial assessment within 5 business days.
• Keep you informed of remediation progress and coordinate public disclosure.
• Refrain from legal action against good-faith research conducted under our policy.

We commission independent penetration tests at least once per year against the platform, and additional targeted tests for major releases. Test scope includes web, API, infrastructure, agent runtime and integrations. Executive summaries are available under NDA.

We also perform continuous security assessments: SAST, DAST, dependency scanning, container scanning and IaC policy enforcement, with findings tracked to remediation against defined SLAs.

Our service-level objective is 99.99% uptime on the production platform. We deploy across multiple availability zones and run active-active in primary regions, with automated failover.

Backups are encrypted, geographically replicated and tested through restore drills. We maintain documented disaster recovery and business continuity plans with an RTO of 4 hours and RPO of 1 hour for the production database.

Multi-region deployment options are available on enterprise plans for data residency in the EU, US and other jurisdictions.

We operate a private bug bounty programme with rewards calibrated to severity, including dedicated bounties for agent-specific vulnerability classes (prompt injection, tool-misuse, scope escalation). To request an invite, email security@ai-agents.bar.

• General security: security@ai-agents.bar
• Privacy & data protection: privacy@ai-agents.bar
• Status page: status.ai-agents.bar