Compliance

Certifications & Standards

We treat security as a fundamental requirement, not a feature. Our platform is built to meet rigorous industry standards and undergoes independent auditing to ensure your data remains safe.

SOC 2 Type IIIn progress

Security, availability, and confidentiality.

ISO 27001In progress

Information security management.

Practices

How we protect your data

Data Protection

Encryption
  • AES-256 encryption at rest for all stored data
  • TLS 1.3 enforced for all data in transit
  • Customer-managed encryption keys available on Enterprise plans
  • Secrets management with automatic rotation
  • Data loss prevention on agent inputs and outputs

Identity & Access Controls

Access
  • Role-based access control with principle of least privilege
  • SSO integration via SAML 2.0 and OIDC
  • Multi-factor authentication enforced for all accounts
  • Session management with configurable timeout policies
  • Centralized management for non-human agent identities

Platform Security

Infrastructure
  • SOC 2-aligned cloud infrastructure on isolated VPCs
  • Multi-region deployment with geographic data residency controls
  • Automated vulnerability scanning and dependency auditing
  • DDoS protection and WAF at the edge layer
  • Network micro-segmentation to limit lateral movement

Security Operations

Operations
  • 24/7 security monitoring and incident response
  • Immutable audit logs for all platform operations
  • Annual third-party penetration testing
  • Responsible disclosure program for security researchers
  • Continuous endpoint and AI model vulnerability scanning
Zero Trust

Built for agentic AI

Autonomous agents introduce non-human identities that operate independently, spawn sub-agents, and interface with external systems. Traditional perimeter security is not enough. Kraken AI implements zero trust principles at every layer of the agentic stack.

Verify Then Trust

Trust only follows successful verification.

Just in Time

Grant access only when needed, revoke immediately after.

Least Privilege

Only the access required, for only as long as required.

Pervasive Controls

Security throughout the system, not just at the perimeter.

Assume Breach

Design as if the attacker is already inside with elevated privileges.

Agent Identity & Credentials

Credentials
  • Unique credentials per agent, per user, per spawned sub-agent
  • Centralized, access-controlled vault for all non-human identities
  • Dynamic credential issuance with automatic rotation
  • Just-in-time privilege grants with automatic revocation
  • Zero hardcoded credentials in application code
  • RBAC and strong authentication for all agent identities

AI Gateway & Tool Registry

Boundary
  • Verified registry of approved APIs, data sources, and tools
  • Only vetted, trusted tools available to agents
  • Inspection layer monitoring all agent inputs and outputs
  • Prompt injection detection and blocking
  • Data leakage prevention at the agent boundary
  • Policy enforcement between agents and external services

Agent Observability

Traceability
  • Immutable, tamper-proof audit logs of all agent actions
  • Full traceability for post-hoc behavioral analysis
  • Environment-wide network, endpoint, and model vulnerability scanning

Human Oversight

Override
  • Kill switch for immediate agent termination
  • Rate limiting and throttling on agent actions
  • Canary deployments for controlled agent rollouts
Contact

Report a vulnerability

If you believe you have found a security vulnerability in Kraken AI, please report it responsibly. Contact our security team at security@optima.engineering. We investigate all reports and aim to respond within 48 hours.