Security

Security isn't a feature.
It's the architecture.

Your data stays in your environment. Your AI agents operate under strict governance. Every action is audited.

Compliance

Compliance Readiness

Architecture designed for the requirements of regulated industries.

SOC 2 Type 2

Architecture designed for SOC 2 Type 2 certification. Controls aligned with security, availability, and confidentiality trust principles.

HIPAA

Built for HIPAA readiness. Architecture supports protected health information workloads with required governance controls.

GDPR

Designed for GDPR compliance. Data residency controls keep personal data where your policies require.

Data Residency

Your infrastructure. Your data. Period.

WorkingAgents deploys inside your environment — your VPC, your data center, your air-gapped network. The platform orchestrates workloads without extracting data. No third-party ever touches your information.

This is the fundamental difference from managed services. With hosted platforms, your data flows through someone else's infrastructure. With WorkingAgents, your data stays where it is.

  • Deploy on AWS, GCP, Azure, or on-premises
  • Air-gapped deployment for classified environments (Enterprise)
  • Control plane: self-hosted or WorkingAgents-hosted
  • Multi-region support for global organizations (Enterprise roadmap)
  • Zero data egress by design
// Deployment topology

Your VPC / Data Center
┌──────────────────────────────┐
WorkingAgents Gateway
Model Serving (GPUs)
MCP Servers
Databases & Storage
Audit Logs
└──────────────────────────────┘

Nothing leaves this boundary.
Access Control

Four layers of authentication

Defense in depth — not a single gate, but a series of checkpoints that every request must pass through.

LayerWhat It DoesHow It Works
1. Gateway Authentication Verify the caller's identity WorkingAgents API keys or tokens from your identity provider (Okta, Azure AD, Google Workspace)
2. Gateway Authorization Determine what the caller can access MCP Server Groups define which teams can access which tools. Virtual MCP Servers enforce boundaries.
3. Service Authorization Authenticate with external tools OAuth2 flows managed per user, per service. The gateway handles token refresh and rotation.
4. Custom Headers Additional auth for specialized services Inject custom authentication headers for services that require non-standard auth mechanisms.
CapBAC + ABAC

Fine-grained permission control

Capability-based and attribute-based access control work together. Grant specific capabilities per user or team, then use attributes for context-dependent access decisions.

  • Capability-based access control for fine-grained permissions
  • Attribute-based rules for context-dependent access
  • Per-user, per-service, and per-endpoint rate limiting
  • Cost-based and token-based quota enforcement
  • Time-based access windows for temporary permissions
// Permission evaluation

Request: search_contacts
User: [email protected]
Role: sales-team

Gateway auth: valid PAT
Server group: sales-tools
Tool access: crm.search_contacts
Rate limit: 42/100 this minute
Budget: $18/$500 this month

Result: ALLOWED
Guardrails

Automated safety at three checkpoints

Every tool call passes through pre-execution, real-time, and post-execution guardrails. Configurable per tool, per team, per environment.

Pre-Execution

Validate inputs before any tool runs. Block SQL injection, path traversal, prompt injection, and malformed requests before they reach your systems.

Real-Time

Monitor execution and require human approval for high-risk operations. Configurable risk thresholds per tool and per team.

Post-Execution

Inspect outputs before they reach the agent. Redact PII, mask credentials, filter confidential data from responses.

Content Safety

Detect and prevent harmful content

GuardrailWhat It CatchesModes
Prompt Injection Prevention Blocks "ignore all previous instructions" and similar manipulation attempts Validate / Block
PII Detection & Redaction 20+ PII categories: SSNs, credit cards, emails, phones, addresses, passport numbers Validate / Mutate
Content Safety Hate speech, self-harm, sexual content, and violence with configurable severity thresholds Validate / Block
Topic Filtering Block specific domains: medical advice, legal counsel, financial recommendations, profanity Validate / Block
Custom Rules Your organization's policies, enforced in code. Python-based rules for domain-specific requirements. Validate / Mutate / Block

Two enforcement modes

Validate mode rejects requests that violate rules — the agent receives an error and can retry with different inputs. Mutate mode modifies the content to comply — PII is redacted, sensitive fields are masked — and the request proceeds. Choose per guardrail based on your risk tolerance.

Audit Trails

Every action. Every decision. Every result.

Complete audit coverage means you can answer any question about what your AI did, who triggered it, what data it accessed, and what guardrails it passed through — months after the fact.

  • Every tool call logged with user, agent, inputs, and outputs
  • Every model request logged with prompt, response, and cost
  • Every guardrail evaluation with pass/fail status
  • Every permission check with the full authorization chain
  • Tamper-evident log storage in your infrastructure
  • Export to your SIEM (Splunk, Datadog, ELK)
// Audit log entry
{
  "timestamp": "2026-02-18T14:32:07Z",
  "user": "[email protected]",
  "agent": "sales-assistant",
  "tool": "crm.search_contacts",
  "args": {
    "query": "Acme Corp"
  },
  "guardrails": {
    "pii_check": "passed",
    "injection": "passed",
    "topic_filter": "passed"
  },
  "result": "3 contacts returned",
  "latency_ms": 42,
  "cost_usd": 0.0018
}
Why This Matters

The AI agent security imperative

Every previous technology wave created a new attack surface. Cloud computing demanded cloud security. Mobile apps demanded app security. APIs demanded API security. Each time, the early adopters who skipped governance paid the price in breaches, regulatory fines, and lost customer trust.

AI agents are the next wave — and the threat model is fundamentally different.

AI agents don't just access data. They make decisions about it.

A misconfigured API endpoint leaks data when someone finds it. An ungoverned AI agent actively seeks out data, reasons about it, and takes actions — continuously, at scale, without human review. The governance model that worked for APIs doesn't work for agents.

An agent that can query a database, draft a message, and send it — all in a single chain of reasoning — needs controls at every step. Not just at the entry point. Not just at the network boundary. At every decision point in the chain.

That's what WorkingAgents provides. Not security as an add-on. Security as the architecture.

Build AI agents your CISO will sign off on

Enterprise security, compliance, and governance — without slowing down your AI teams.

See the Platform View Pricing