All Systems Operational

Security at PermitNetworks

We build authorization infrastructure for AI agents. Security is not a feature — it is the product. Here is how we protect your data and your agents.

Security Practices

How we protect your data

SOC 2 Type II

In Progress

We are actively pursuing SOC 2 Type II certification. Our controls cover security, availability, and confidentiality across all systems that process authorization decisions.

End-to-End Encryption

Active

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256-GCM. API keys and secrets use envelope encryption with hardware-backed key management.

Ed25519 Cryptographic Signatures

Active

Every authorization decision is cryptographically signed using Ed25519 elliptic curve signatures. This creates an immutable, tamper-proof audit trail that can be independently verified.

Zero-Trust Architecture

Active

Every request is authenticated and authorized regardless of network location. No implicit trust — every agent, user, and service proves its identity and permissions on every call.

Infrastructure

Built for resilience

Our infrastructure is designed to be secure, reliable, and fast from the ground up.

Dedicated Hardware

Our authorization engine runs on dedicated, isolated infrastructure. No shared tenancy for the core policy evaluation path.

DDoS Protection

Multi-layer DDoS mitigation with automatic traffic scrubbing. Rate limiting and circuit breakers protect against volumetric and application-layer attacks.

Vulnerability Scanning

Automated vulnerability scanning runs continuously across our codebase and infrastructure. Dependencies are monitored for CVEs with automated patching.

Automated Rotation

Encryption keys, TLS certificates, and internal credentials are automatically rotated on regular schedules. No manual intervention required.

Real-Time Monitoring

24/7 infrastructure monitoring with anomaly detection. Alerts fire automatically on suspicious patterns, latency spikes, and error rate increases.

Backup & Recovery

Continuous data replication with point-in-time recovery. Authorization policies are versioned and recoverable. RPO under 1 minute, RTO under 15 minutes.

Responsible Disclosure Policy

We take security vulnerabilities seriously

If you believe you have found a security vulnerability in PermitNetworks, we encourage you to report it responsibly. We appreciate the security research community and will work with you to understand and address the issue.

What to report

  • -Authentication or authorization bypasses
  • -Data exposure or leakage vulnerabilities
  • -Cryptographic implementation flaws
  • -Remote code execution or injection

Our commitment

  • -Acknowledge receipt within 24 hours
  • -Provide an initial assessment within 72 hours
  • -No legal action against good-faith researchers
  • -Public credit for reported vulnerabilities (if desired)

Report a vulnerability

Found a security issue? Contact our security team directly. We respond to every report within 24 hours.

security@permitnetworks.com