Security is not a feature. It is the foundation.
When AI agents act on your behalf, security is everything. Here is how we protect your data, your credentials, and your reputation.
Hardware Isolation
Every agent runs in its own virtual machine with hardware level isolation. A compromised agent cannot access other workloads, user data, or the host system. No shared kernel, no container escape risk.
Encryption Everywhere
TLS 1.3 for all data in transit. AES 256 for all data at rest. OAuth tokens encrypted with per user keys. Database connections require mutual TLS. Zero plain text secrets anywhere in the stack.
Action Gating
13 action gates across 5 categories with 4 risk levels. High risk actions (sends, trades, purchases) require explicit user approval. Configurable per action type and per autonomy level.
Authentication
Short lived JWT tokens (15 minutes) with secure httpOnly refresh tokens. Enterprise SSO via WorkOS (Google, Okta, Azure AD). Rate limiting on all auth endpoints. Brute force protection.
Trading Safety Rails
Auto expiring mandates (24h max). Hard position limits per asset and portfolio. Automatic kill switch on drawdown exceeding user defined threshold. Paper trading required before live execution. Immutable audit log.
Compliance and Audit
SOC 2 Type II audit program. GDPR compliant with right to delete (30 day full purge). No user data in error logs. PII detection and redaction in agent activity logs. Complete audit trail for all operations.
Responsible Disclosure
Found a vulnerability? We take security reports seriously. Email security@miteos.comwith details and we will acknowledge within 24 hours. We offer bounties for qualifying reports and commit to fixing critical issues within 72 hours.