Skip to main content
ALDO AI
control plane

Security

What we have built, and what we have not.

The honest version. No implied compliance, no fabricated audit posture.

Shipped

  • Process-isolated tool sandbox

    Every tool call runs out-of-process under a constrained worker. The supervising agent never executes user-supplied code or shell commands directly.

  • Prompt-injection guards

    External content (web pages, files, retrieved documents) is wrapped with spotlight markers before it reaches a model, and post-call output is run through a scanner that flags exfiltration patterns and policy-violating tool calls.

  • Privacy-tier enforcement at the router

    Agents marked privacy_tier: sensitive are physically incapable of reaching a cloud model. The model gateway drops the call before it leaves the trust boundary; this is enforced by the platform, not by agent authors.

  • Secrets at rest with NaCl secretbox

    Provider keys are encrypted with libsodium secretbox under a per-tenant key, which is itself wrapped by a master key bootstrapped from the deploy environment. The plaintext never lands in the database; rotation is supported.

  • Auth and session model

    Sessions are HTTP-only cookies; bearer tokens never reach the browser bundle. Passwords use argon2id with conservative memory and time costs. JWT signing keys are rotated per environment.

  • Replayable, auditable runs

    Every run is checkpointed end-to-end: every prompt, every tool call, every model response. If something goes wrong you can replay the exact sequence; you do not have to reconstruct from logs.

Not yet shipped

Stating these honestly costs us a few enterprise conversations. Hiding them would cost us all of them, eventually.

  • No SOC2

    We are an MVP product. We have not pursued SOC2 Type I or Type II yet. If you need a formal compliance posture today, we are not the right vendor today — talk to us about Enterprise / self-host instead, where the trust boundary lives in your infrastructure.

  • No external pen test

    We have done internal review and threat-modelling. We have not commissioned a third-party pen test yet; that is on the roadmap before we leave MVP.

  • No bug-bounty programme yet

    We will respond to responsible disclosure (see below) and credit researchers, but we cannot offer monetary rewards at this stage.

Operational documentation

Data retention, support intake, SLAs, and the operations runbook are available to customers under agreement. Email info@aldo.tech to request access.

Responsible disclosure

Found something? Email info@aldo.tech. We will acknowledge within two business days. Please give us a reasonable window to fix before public disclosure; we will credit you in the release notes.

ALDO AI is a proprietary hosted product; reserve the email address above for security-impacting reports. For non-sensitive questions, reach us at info@aldo.tech.