Trust

Built by security engineers, audited like one.

We instrument the AI SDLC boundary — therefore we sweat identity, cryptography, tenancy isolation, and provable telemetry as hard as you would expect from an infrastructure vendor.

Operational practices

  • • Argon2id password hashing with OWASP 2024-aligned work factors.
  • • Tenant-scoped envelopes with AES-256-GCM wherever secrets rest.
  • • Optional hash-chained audit + append-only exporters for SOC evidence.
  • • SAML 2.0 / OIDC with domain discovery; SCIM onboarding on roadmap.
  • • TLS 1.2+ enforced, HSTS preload for hosted control plane endpoints.
  • • Annual penetration testing plus targeted reviews on major releases.

Responsible disclosure

Found something? Reach us at security@oryxai.dev . PGP encouraged for sensitive payloads — we acknowledge within one business day and coordinate remediation + advisory cadence openly.