Resources · Security & trust

Trust is something
you give us evidence for.

AI Warden was built for organisations whose security team has a long memory and a longer questionnaire. This page is the short answer; the long answer ships with the product, signed.

Request audit pack security@aiwarden.com

Security posture

Defaults that fail closed.

Read-only by default

The portal opens in read-only. Mutating actions require an explicit role grant. New tenants see no production data without an explicit invite.

Identity-rooted

No standing local accounts on production deployments. Every action is attributable to an IdP-resolvable principal — human or system.

Least privilege

Five-role RBAC by default; finer-grained permissions available. Privileged actions need four-eyes approval. Time-boxed grants.

Encryption

TLS 1.3 in transit. AES-256 at rest with customer-managed keys (KMS or HSM). Per-tenant key separation.

Audit by design

Hash-chained audit log with periodic anchoring. Integrity-verified at read time. Five+ SIEM sinks shipped, including S3 / Snowflake for cold archive.

No telemetry to us

Self-hosted deployments don’t phone home. No anonymous metrics, no auto-update, no usage pings. Network egress to AI Warden is opt-in only.

Deployment topologies

Self-host. Or single-tenant SaaS. Your choice.

AI Warden ships as a single Go binary plus a small Node portal. Postgres for state, ClickHouse for audit. Stateless gateway, scale horizontally. Your VPC, your network policy, your KMS, your IdP.

  • Self-hosted — Helm chart, Terraform module, plain-VM systemd
  • Single-tenant SaaS — one VPC per customer, in your region
  • Air-gapped — offline install bundle, signed releases, no telemetry
  • Bring-your-own-everything — KMS, IdP, SIEM, observability

Reference deployment · self-host

your-vpc/
├── aiw-gateway   (3+ replicas · stateless)
├── aiw-portal    (2 replicas · stateless)
├── postgres      (your managed PG · TLS)
├── clickhouse    (your managed CH · TLS)
└── kms / hsm     (your customer-managed keys)

egress: only to vendor LLM endpoints
ingress: only from your apps
identity: federated to your IdP

Data & keys

What data we touch. What we don’t.

Data classWhere it livesRetention
Prompt & response bodiesOptional — off by default for regulated tenantsConfigurable; default 30 days, 0 days for regulated
Redacted prompt metadataClickHouse audit table7 years default
Tool-call arguments & resultsConfigurable — off, redacted, or fullPer data classification of the MCP server
Vendor API keysCustomer KMS / HSM — never in our control planeUntil rotated
User PATsHashed in Postgres · never returned after issueUntil revoked or expired
Approval evidenceClickHouse · signedIndefinite

SDLC

How the code that runs in your VPC gets built.

  • Two-person review on every PR; mainline-only, signed merges
  • SAST on every commit (CodeQL · Semgrep · gosec)
  • Dependency scanning + Renovate · pinned versions in releases
  • Container image signed (cosign) · SBOM published per release
  • Reproducible builds where the toolchain allows
  • Annual external pen-test — summary available under NDA
  • Quarterly third-party red-team against the LLM & MCP firewalls
  • Security-only release branch with backports for current major

Coordinated disclosure

Vulnerability disclosure

Email security@aiwarden.com — PGP key on /.well-known/pgp.txt. We acknowledge within one business day, ship a fix or mitigation within 14 days for high-severity, and credit the reporter in the release notes unless asked otherwise. We don’t pursue good-faith research.

Bounty program in private beta — ask if you’d like an invite.

Certifications & assurance

What’s shipping. What’s next.

SOC 2 Type IIIn progress — target report Q4 2026
ISO 27001:2022Planned — 2027
ISO/IEC 42001:2023Planned — alongside ISO 27001
HIPAA / BAA-readyAvailable on enterprise plans
GDPR DPA & SCCsStandard — sample on request
External pen-test summaryAnnual — available under NDA

Bring your security questionnaire.

CAIQ, SIG Lite, custom — we’ll fill it in and we’ll meet your security team. References from financial services and healthcare available under NDA.

Request audit pack Read — Security policy