Security Architecture
Aethyr is built with security at its core. Learn about our defense-in-depth approach to protecting your data and AI workloads.
Security Philosophy
Data sovereignty first. Your data stays under your control. Aethyr is designed for air-gapped deployments where no data ever leaves your infrastructure.
Zero Trust
Verify every request, assume breach mentality
Transparency
Full audit logs, no black boxes
Defense in Depth
Multiple security layers, no single point of failure
Encryption
All data is encrypted at rest and in transit using industry-standard algorithms.
Data at Rest
- Envelope encryption for sensitive credentials (AES-GCM data keys)
- Post-quantum key wrapping (ML-KEM-768) for stored secrets
- KMS-backed key management with versioned key rotation
Data in Transit
- TLS 1.3 for all client-server communication
- HTTPS enforced in production (automatic HTTP→HTTPS redirect)
- Post-quantum encrypted transport (ML-KEM-768) for agent mesh
Authentication & Authorization
Authentication Methods
- Email/password with secure hashing
- OAuth 2.0 / OpenID Connect
- API key authentication
- Enterprise SSO (Coming Soon)
Authorization
- Privilege-based access control (PBAC)
- Organization-level isolation
- Resource-level permissions
- Audit logging for all actions
Air-Gap Deployment
For maximum security, Aethyr can operate in fully air-gapped environments with no external network connectivity required.
Air-Gap Features
- Local model inference (no cloud calls)
- Local vector storage for knowledge retrieval
- No-egress mode pins all inference to local models
- No telemetry or phoning home
- Offline documentation
- Manual update packages
Compliance Roadmap
We are actively working toward industry certifications, with SOC 2 Type 1 targeted for Q3 2026.
SOC 2 Type II
Security, availability, processing integrity, confidentiality, and privacy controls.
HIPAA
Healthcare data protection for PHI handling in medical applications.
FedRAMP
Federal government cloud security authorization.