Security at AI Hardener

We take security seriously. Here's how we protect your data.

As a security company, we hold ourselves to the highest standards. We practice what we preach, using AI Hardener to scan our own codebase continuously.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. API keys and secrets are stored using industry-standard key management.

Infrastructure Security

Our infrastructure runs on SOC 2 Type II certified cloud providers. We use network segmentation, WAF, and DDoS protection as standard.

Code Handling

Your source code is processed in isolated, ephemeral containers and is never stored. Scan results are retained according to your plan's settings.

Access Control

Role-based access control (RBAC) ensures users only access what they need. SSO/SAML integration available for Team and Enterprise plans.

Audit Logging

Comprehensive audit logs track all user actions, API calls, and system events. Logs are immutable and retained for compliance purposes.

Continuous Monitoring

24/7 security monitoring with automated alerting. We run regular penetration tests and maintain a bug bounty program.

Compliance & Certifications

SOC 2 Type II

In progress - Expected Q2 2025

ISO 27001:2022

Planned

GDPR

Compliant

CCPA

Compliant

Responsible Disclosure

We appreciate the security research community and welcome responsible disclosure of vulnerabilities.

Reporting a Vulnerability

If you discover a security vulnerability, please email security@aihardener.com with:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Any suggested remediation

Our Commitment

  • We will acknowledge receipt within 24 hours
  • We will provide a timeline for remediation
  • We will keep you informed of our progress
  • We will credit researchers (with permission) in our security advisories

Scope

The following are in scope for our responsible disclosure program:

  • *.aihardener.com
  • AI Hardener API
  • AI Hardener CLI and integrations

Please do not:

  • Access, modify, or delete data belonging to other users
  • Perform denial of service attacks
  • Conduct social engineering against our employees
  • Disclose vulnerabilities publicly before we've had time to address them