Security
How we protect your data and systems
Data Encryption
We employ industry-standard encryption to protect your data:
- At Rest: All data is encrypted using AES-256
- In Transit: All communications use TLS 1.3
- Audit Logs: Cryptographic hash chaining ensures tamper-evidence
Access Control
We implement strict access controls at every level:
- Role-based access control (RBAC) for user permissions
- Multi-factor authentication support
- API key management with scoped permissions
- Tenant isolation at the database level
Infrastructure Security
Our infrastructure is designed with security in mind:
- Hosted on secure cloud infrastructure with regular security updates
- Network segmentation and firewall rules
- Regular security assessments and monitoring
- Automated threat detection and alerting
SSRF Protection
The HTTP proxy connector includes built-in protection against Server-Side Request Forgery (SSRF) attacks:
- Blocks access to private IP ranges (10.x, 172.16-31.x, 192.168.x)
- Blocks access to cloud metadata endpoints
- Blocks localhost and loopback addresses
- Configurable allowlist for internal services
Audit Trail
Every action is logged with cryptographic integrity:
- Immutable audit logs with hash chaining
- Complete action history with full context
- Exportable proof packs for compliance
- Configurable retention periods
Policy Engine
The OPA-based policy engine provides defense in depth:
- Declarative policies using Rego language
- Default-deny security model
- Real-time policy evaluation
- Human-in-the-loop for sensitive actions
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:
- Email security concerns to security@agentactionfirewall.com
- Include detailed steps to reproduce the issue
- Allow reasonable time for us to address the issue before disclosure
Contact
For security-related questions or to report a vulnerability, please contact us at security@agentactionfirewall.com