Security at NeoAgent

NeoAgent is built for organizations running AI agents in production. Security, compliance, and observability are first-class concerns — not features we bolt on later.

Compliance

• SOC 2 Type II — independently audited operational controls.
• HIPAA — BAA available for healthcare customers.
• GDPR — DPA available, data residency options for EU customers.
• ISO 27001 — certification in progress.

Infrastructure

• Multi-region deployments on enterprise-grade cloud providers.
• Dedicated single-tenant deployments and private VPC options.
• Encryption in transit (TLS 1.2+) and at rest (AES-256).
• Hardware-backed key management with periodic rotation.

Access & authentication

• SSO via SAML 2.0 and OIDC for enterprise tenants.
• SCIM provisioning, role-based access control, and per-tool permissions.
• Mandatory MFA for all NeoAgent personnel.

Agent guardrails

• Fine-grained, per-tool permission policies.
• Full execution traces for every agent decision, retained for audit.
• Live monitoring, anomaly detection, and one-click rollbacks.
• Built-in PII, prompt-injection, and content-safety guardrails.

Operational practices

• Continuous vulnerability scanning and quarterly penetration tests.
• 24/7 on-call rotation for security incidents.
• Annual disaster-recovery and business-continuity testing.

Reporting a vulnerability

If you believe you’ve discovered a security issue in NeoAgent, please report it confidentially through our contact form. We acknowledge reports within one business day and will work with you on a coordinated disclosure timeline.