Security

At 01Security, we believe that the only way to defend against modern, AI-augmented threats is with an autonomous, agentic defense system that is itself fundamentally secure. Our security architecture is built from the ground up to protect not only our customers' infrastructure but also the integrity of the AI models that drive our defense mechanisms. This document outlines the multi-layered security and governance framework that defines the 01Security Platform.

1. The Agentic Security Model

01Security utilizes a decentralized "Agentic Mesh" architecture. Unlike legacy security solutions that rely on a central server to push signatures, our agents are autonomous entities capable of local reasoning and immediate response. This model provides several key security advantages:

• Reduced Latency: Detection and response happen at the edge, within milliseconds of a threat surfacing.
• Independence: Agents can continue to defend your infrastructure even if the connection to our centralized control plane is temporarily interrupted.
• Blast Radius Limitation: Agents are isolated from one another. A compromise of one node (though highly unlikely) does not provide an attacker with a path to the rest of the mesh.

2. AI Model Integrity and Safety

The "brain" of our agents consists of highly optimized, domain-specific AI models. Protecting these models is our highest priority:

• Secure Inference: Our models run in hardened execution environments that prevent memory scraping and external tampering.
• Adversarial Robustness: We employ rigorous adversarial training to ensure our models are resilient against "prompt injection" or "evasion attacks" that seek to confuse AI reasoning.
• Cryptographic Signing: Every model update is cryptographically signed. Agents will only execute models that have been verified against our secure root of trust.

3. The Secure Control Plane

While agents operate autonomously, they are governed by a centralized, high-security Control Plane. Security for the Control Plane includes:

• Zero Trust Access: Every administrative action requires multi-factor authentication (MFA) and is authorized based on strictly defined role-based access control (RBAC).
• Mutual TLS (mTLS): All communication between Agents and the Control Plane is encrypted using mTLS, ensuring that only authorized agents can communicate with our infrastructure.
• Auditability: Every command issued from the Control Plane and every high-level decision reported by an Agent is stored in an immutable, append-only log for forensic analysis.

4. Data Protection and Encryption

We treat your infrastructure data with the highest level of confidentiality. Our encryption standards meet or exceed industry requirements:

• In Transit: All data moving between your infrastructure and 01Security is encrypted using TLS 1.3 with forward secrecy.
• At Rest: Any telemetry stored for forensic purposes is encrypted using AES-256 with keys managed in a secure Hardware Security Module (HSM).
• Privacy-Preserving Telemetry: Whenever possible, we use differential privacy and data masking to ensure that threat indicators do not contain sensitive personal or proprietary information.

5. Continuous Governance and Monitoring

Security is not a static state but a continuous process. 01Security employs several governance mechanisms to maintain a high-security posture:

• Automated Vulnerability Scanning: Our codebase and infrastructure are scanned multiple times daily for vulnerabilities and configuration drift.
• Third-Party Pentesting: We engage leading cybersecurity firms to perform regular, deep-dive penetration tests of our Platform and Agents.
• AI Ethics and Safety Board: A dedicated internal committee reviews all changes to our agentic reasoning modules to ensure they align with ethical AI principles and do not introduce unintended safety risks.

6. Supply Chain and Developer Security

We extend our security principles to our development lifecycle. This include rigorous CI/CD pipeline security, mandatory code reviews for every change, and strict vetting of all third-party dependencies used within our stack.

7. Incident Response and Responsible Disclosure

01Security maintains a world-class incident response team available 24/7. We also value the contributions of the global security community. If you believe you have found a security vulnerability in our platform, we encourage you to report it to us via our Responsible Disclosure Program at info@01security.com.

We are committed to working with researchers who act in good faith to resolve vulnerabilities and protect our users.

8. Compliance and Certifications

01Security is currently in the process of obtaining SOC2 Type II and ISO 27001 certifications. We design our platform to help our customers meet their own compliance requirements by providing detailed reporting and immutable logs of all security activities.