Secure by Design

Enterprise security, engineered in

Fortress Pipeline: 8 stages, 9 AI guards, encrypted data, physically isolated tenants. Security engineered into the Agent OS, not bolted on.

Fortress Pipeline · 8 stagesOWASP LLM Top 10 & Agentic AI Threats defenseAES-256 authenticated encryption + search-while-encrypted indexCloud · physical tenant isolationSelf-hosted · secure Docker distributionRBAC access controlAgent knowledge access control
AGENT LAYER
Multi-layer AI security guards

Multi-layer AI security guards · OWASP Top 10 defenses · HITL takeover

DATA LAYER
PII encryption · search-while-encrypted · per-group keys

AES-256 authenticated encryption · encrypted search · per-group cryptographic keys

INFRASTRUCTURE LAYER
Physical tenant isolation · encrypted container images

Dedicated VMs · separated DB tables · encrypted container images · signed supply chain

SECURITY FOUNDATIONS

Security across infrastructure, data, and agents

Infrastructure Layer

Physical tenant isolation

Dedicated VMs and separated database tables per tenant. Not row-level: infrastructure-boundary isolation.

Infrastructure Layer

Encrypted container images

Docker images encrypted layer-by-layer with per-customer keys. Supply chain signed, tamper-evident.

Data Layer

AES-256 PII encryption

Sensitive fields are encrypted at the application layer with AES-256 authenticated encryption. Keys rotated via KeyVault.

Data Layer

Search-while-encrypted index

Search encrypted fields by exact match without ever decrypting. Industry-standard secure indexing.

Data Layer

Per-group dedicated encryption keys

Independent cryptographic keys per group; compromise of one group cannot expose others. Encrypted key backup.

Agent Layer

Multi-layer AI security guards

Prompt injection, knowledge poisoning, and PII leakage defended at platform level: aligned with OWASP Top 10 for LLM.

AGENT ACCESS CONTROL

Knowledge access, layered by agent tier

Every agent is classified by access tier: and knowledge reach is scoped accordingly. A public concierge cannot see internal group data; a personal assistant cannot see other users' private notes.

Public scope
Public · Concierge
Group scope
Export · Group
Personal scope
Private · Assistant

Private · Assistant

Personal scope

Access only to the individual user's private knowledge, notes, and conversation history. Isolated from group and public knowledge unless explicitly granted.

Export · Group

Group scope

Access to shared group knowledge (team documents, collective memory). Private user data remains invisible. Bound to the group's dedicated encryption key.

Public · Concierge

Public scope

Customer-facing agents restricted to sanitized public knowledge. No internal data, no user history: safe for signage, websites, and external channels.

OWASP TOP 10 · LLM & AI AGENT THREATS

Defenses mapped to OWASP for AI and Agent threats

Every AICLUDE deployment ships with platform-level defenses aligned with OWASP Top 10 for LLM Applications and the emerging OWASP for AI Agent threat catalog: not bolted on, but built into the pipeline.

Prompt Injection
Multi-stage input guards · system prompt isolation
Sensitive Information Disclosure
AES-256 PII encryption · output filters
Data & Knowledge Poisoning
Source provenance · graph-based verification
Supply Chain
Signed containers · encrypted images · SBOM
Excessive Agency
Tool permission scopes · Human-in-the-loop takeover
Agent Hijacking
Agent-tier access control (Private/Export/Public)
Tool Misuse
MCP permission model · audit logs
Unbounded Consumption
Token quotas · rate limits · tenant isolation
AICLUDE VS: SKILL & MCP SAFETY SCANNER

Every Skill and MCP server, scanned before you install

AICLUDE VS continuously pre-scans the global Skill and MCP ecosystem: thousands of packages from npm, GitHub, Smithery, and more. 7 parallel scan engines analyze each package across 10 AI-specific threat categories, so only vetted, safe Skills and MCP servers reach your agents.

7
Parallel Scan Engines
10
AI Threat Categories
Thousands
Packages Scanned Daily
  • Multi-layer parallel scan engines analyze code, dependencies, and behavior at once
  • 10 AI threat categories (Prompt Injection · Tool Poisoning · Command Injection · …)
  • Risk Score 0–100 with 5 severity levels · SBOM auto-generated
  • Scan Search · Risk Reports · Connected Agents · MCP / Skill integration
vs.aiclude.com/dashboard
Average Risk Score
LIVE
12/ 100LOW RISK
@modelcontextprotocol/server-filesystem
8
npm:agentic-skill-web-search
14
smithery:slack-mcp
42
github:acme/mcp-sql-tools
19
Code
Deps
Runtime
Access
Behavior
THREAT CATEGORIES DETECTED
Prompt InjectionTool PoisoningCommand InjectionCredential HarvestingData ExfiltrationSupply ChainPermission EscalationMalicious BehaviorObfuscated CodeBackdoors
DEPLOYMENT SECURITY

Same Docker images. Your choice of infrastructure.

Cloud: physical tenant VMs

Each Cloud tier from Pro up runs on a dedicated tenant VM. Starter uses a shared tenant pool with per-tenant resource quotas.

Self-hosted: encrypted binaries

Encrypted container images delivered to your infrastructure via private registry. License server check-in with 7-day offline grace.

Air-gapped: Enterprise

Full offline / air-gapped deployment available for Self-hosted Enterprise. Model ONNX packages + encrypted image bundle delivered physically.

Ready to see it in action?

Open AICLUDE VS to audit your agents, or contact us for a security deep-dive.

Open AICLUDE VS