Security Features
Comprehensive security monitoring for your AI agents.
Security Score
Every instance has a security score (0-100) computed from 7 categories. The score updates daily and historical trends are available on the security dashboard.
Score Categories
| Category | What It Measures |
|---|---|
| Gateway Binding | Whether the agent gateway binds to loopback only |
| Credential Storage | Encryption of API keys and tokens at rest |
| Docker Isolation | Read-only root, resource limits, namespace isolation |
| Skill Verification | Percentage of installed skills that are verified |
| Firewall Rules | Deny-by-default firewall with explicit allowlists |
| Auto-Patching | Timeliness of security patch application |
| Audit Logging | Completeness of command and file access logging |
Policies
Security policies define rules for your agent's behavior. Create policies to restrict file access patterns, network connections, or skill permissions. Policies can be set to "monitor" (log only) or "enforce" (block violations).
Alerts & Incidents
Configure alert rules to receive notifications when security events occur. Alerts can trigger on specific event types, severity levels, or patterns. When an alert fires, it creates an incident that can be investigated and resolved through the dashboard.
Compliance Frameworks
Track compliance against industry frameworks including SOC 2, ISO 27001, and NIST CSF. The compliance dashboard shows which controls are satisfied, partially met, or missing.
File Integrity Monitoring
FIM tracks changes to critical system files and configuration. Any unauthorized modification triggers an alert and is logged in the audit trail.
Network Monitoring
Real-time visibility into network connections made by your agent. Track outbound connections, blocked requests, and bandwidth usage. The threat map shows geographic distribution of connection attempts.
Vulnerability Scanning
Automated scanning of your agent's dependencies and runtime environment for known vulnerabilities (CVEs). Critical vulnerabilities are auto-patched; others are surfaced with remediation guidance.