Security Architecture

Aethyr is built with security at its core. Learn about our defense-in-depth approach to protecting your data and AI workloads.

Security Philosophy

Data sovereignty first. Your data stays under your control. Aethyr is designed for air-gapped deployments where no data ever leaves your infrastructure.

Zero Trust

Verify every request, assume breach mentality

Transparency

Full audit logs, no black boxes

Defense in Depth

Multiple security layers, no single point of failure

Encryption

All data is encrypted at rest and in transit using industry-standard algorithms.

Data at Rest

  • Envelope encryption for sensitive credentials (AES-GCM data keys)
  • Post-quantum key wrapping (ML-KEM-768) for stored secrets
  • KMS-backed key management with versioned key rotation

Data in Transit

  • TLS 1.3 for all client-server communication
  • HTTPS enforced in production (automatic HTTP→HTTPS redirect)
  • Post-quantum encrypted transport (ML-KEM-768) for agent mesh

Authentication & Authorization

Authentication Methods

  • Email/password with secure hashing
  • OAuth 2.0 / OpenID Connect
  • API key authentication
  • Enterprise SSO (Coming Soon)

Authorization

  • Privilege-based access control (PBAC)
  • Organization-level isolation
  • Resource-level permissions
  • Audit logging for all actions

Air-Gap Deployment

For maximum security, Aethyr can operate in fully air-gapped environments with no external network connectivity required.

Air-Gap Features

  • Local model inference (no cloud calls)
  • Local vector storage for knowledge retrieval
  • No-egress mode pins all inference to local models
  • No telemetry or phoning home
  • Offline documentation
  • Manual update packages

Compliance Roadmap

We are actively working toward industry certifications, with SOC 2 Type 1 targeted for Q3 2026.

In progress

SOC 2 Type II

Security, availability, processing integrity, confidentiality, and privacy controls.

In progress

HIPAA

Healthcare data protection for PHI handling in medical applications.

In progress

FedRAMP

Federal government cloud security authorization.