Back to Home

Security

MeshGuard is built to govern AI agents — and that starts with earning your trust. Here’s how we protect your data, your agents, and your organization.

Our Commitment

Security isn’t a feature we bolt on — it’s foundational to everything we build. As an AI agent governance platform, MeshGuard handles sensitive policy configurations, audit trails, and agent behavioral data. We treat every byte with the seriousness it deserves.

Encryption

In transit: All communication between clients, agents, and MeshGuard services is encrypted using TLS 1.2+ (with TLS 1.3 preferred). We enforce HTTPS everywhere with HSTS headers.

At rest: Data stored in our databases and object stores is encrypted using AES-256. Encryption keys are managed through a dedicated key management service with automatic rotation.

Agent Data Handling

MeshGuard processes agent telemetry, policy evaluation results, and governance metadata. We follow strict data-handling principles:

  • Least privilege: Services only access the data they need to function.
  • Isolation: Tenant data is logically isolated. No cross-tenant data leakage by design.
  • Retention controls: You control how long we retain agent data. Deletion requests are honored promptly.
  • No training on your data: We never use customer agent data to train models.

Audit Log Integrity

Governance without trustworthy audit logs is theater. MeshGuard audit logs are:

  • Append-only: Logs are written to immutable storage. They cannot be modified or deleted after creation.
  • Tamper-evident: Each log entry is cryptographically chained, making unauthorized modifications detectable.
  • Exportable: You can export your complete audit history at any time for compliance or external review.

Infrastructure & Access Controls

Our infrastructure follows security best practices across the stack:

  • Role-based access control (RBAC) for all internal systems
  • Multi-factor authentication required for all team members
  • Infrastructure-as-code with change review and audit trails
  • Regular dependency scanning and vulnerability patching
  • Network segmentation and minimal attack surface

Compliance Roadmap

We are actively pursuing SOC 2 Type II certification. Our controls are designed from day one to meet SOC 2 Trust Service Criteria for security, availability, and confidentiality. We expect to complete our audit in 2026.

If you need details on our current security posture for your vendor review, reach out to security@meshguard.app.

Responsible Disclosure

We welcome security researchers who help us keep MeshGuard safe. If you discover a vulnerability, please report it responsibly:

Email: security@meshguard.app

Response time: We acknowledge reports within 48 hours and aim to provide an initial assessment within 5 business days.

Please include a detailed description, steps to reproduce, and potential impact. We ask that you give us reasonable time to address the issue before public disclosure.

Bug Bounty & Vulnerability Reporting

We recognize and appreciate the security research community. While we are building out a formal bug bounty program, we commit to:

  • Acknowledging all valid reports
  • Not pursuing legal action against good-faith researchers
  • Crediting researchers (with permission) in our security advisories
  • Working with you on coordinated disclosure timelines

Send all reports to security@meshguard.app.

This page was last updated on January 26, 2026. For our machine-readable security policy, see security.txt.