Subrosa Documentation
  • Subrosa Documentation
  • Getting Started
    • Step 1 - Install Device Agent
    • Step 2 - Setup Policy
    • Step 3 - Monitor AI Usage
  • Device Agent
    • Manage Device Agent
  • Dashboard
    • Organisation Dashboard
  • Shadow AI
    • Visibility and Shadow AI Guardrails
  • Policy
    • Manage Policy
  • AI Provider
    • AI Provider Support
  • Traffic Log
    • About Traffic Log
    • Inspect Traffic Log
  • Settings
    • Manage Organisation
  • Resource
    • Security
    • Status
    • Change Log
Powered by GitBook
On this page
  • Data Architecture
  • Source Code
  • Agent
  • Infrastructure
  • Identity
  • Cloud
  • Backups
  • Encryption
  • Monitoring
  • Internal Security Procedure
  • Reporting issues
  • What to know more about our security practices?

Was this helpful?

  1. Resource

Security

Subrosa considers security a core requirement of our product, the following will give you an idea of what this means and how we protect your data and privacy.

PreviousManage OrganisationNextStatus

Last updated 3 months ago

Was this helpful?

Data Architecture

All data we store is encrypted in-flight and at-rest and is correlated via cryptographic IDs, which enables us to easily process deletion requests should we receive them.

Source Code

  • Two-person code review is mandatory before any code is deployed.

  • Third party libraries are used as minimally as possible (to reduce supply chain risks) and any that are used are carefully vetted.

  • Automation is in place to detect any vulnerabilities in libraries and source code is scanned for security issues.

  • Penetration testing is performed when required.

Agent

While our agent is not open source, we are happy to explain how it works and what the it does on your endpoints - we fully understand the significance and privilege of running on your devices and want you to feel confident and informed.

  • To function, the agent intercepts traffic on your host, this interception happens on-device.

    • A new Certificate Authority (CA) is generated on your device on first run (this is unique to each device so if it was ever compromised [eg: by malware on the device] the CA would not be useful to attack the traffic of any other machine).

  • The agent intercepts requests to the defined set of AI endpoints and no others.

    • See

Please contact us via if more information is required.

Infrastructure

Identity

  • Our identity infrastructure leverages Auth0.

    • The tenant is hosted in Australia.

Cloud

    • Data sovereignty is respected with all infrastructure being deployed in Australia

  • Architectural and network segmentation exists between the application tier, services tier and data storage tier.

    • The data storage tier is never exposed to the internet directly.

Backups

  • Backups are regular and automated.

Encryption

  • Any storage we use is encrypted-at-rest (servers, backups, etc).

  • All traffic between the agent and server is encrypted on-the-wire via HTTPS (TLS1.2 or above).

Monitoring

  • Monitoring is present throughout the environment along with automated alerting.

Internal Security Procedure

  • All administrative access is logged and monitored.

  • System configurations are deployed consistently throughout the environment via automation.

Reporting issues

What to know more about our security practices?

All our infrastructure is deployed on AWS and aligns to the .

If you experience any bugs or issues when using Subrosa, please contact us on with your inquiry.

If your issue is security related please contact and we will reply urgently.

Feel free to contact our security team at

AI Provider
security@subrosa.ai
Well Architected Framework
help@subrosa.ai
security@subrosa.ai
security@subrosa.ai