Governed Autonomy
Solutions
Venture Capital Investment Research OS Entrepreneur CAIaaS — AI Strategy CMaaS — Marketing CPaaS — Product
Platform
Architecture Security Integrations Deployment Demos Trust Center Readiness Scorecard Insights Pricing Get Started →
Meta3 ecosystem
Meta3VenturesInvests & scales GenovateAIDiagnoses & builds Meta3AgentsGoverns & automates
Security

Security architecture for governed agent deployment

Built for the people who have to sign off — CTOs, CISOs, and security reviewers running technical due diligence. Below is how access, execution, isolation, and observability are designed in the platform today, framed against the same controls described on the Architecture page. Where a control is set per deployment or still on our roadmap, it is labelled plainly — we do not claim certifications we have not completed.

Least privilege

Role-based access, scoped tokens, and skill allowlists mean an agent can only touch what it has been explicitly granted.

Contained execution

Skills run sandboxed, in non-root containers, so the blast radius of any single action stays bounded.

Full observability

Structured logging, request tracing, and watchdog supervision make the running system inspectable end to end.

Human override

A supreme kill-switch and hash-chained audit trail sit above everything that touches the real world.

Live Ships in the platform today Configurable Set per deployment Enterprise On the Enterprise tier Roadmap Planned, not yet shipped
Access control
Who and what gets in

Identity, authority, and inter-agent trust are enforced before any action runs — the same access model described on the Architecture page.

Identity, tokens & agent-to-agent trust substantiated

  • RBAC Role-based access control governs which roles can invoke which capabilities. Live
  • Hashed tokens Access tokens are stored hashed, not in plaintext. Live
  • Signed A2A Agent-to-agent calls are cryptographically signed, so one agent cannot impersonate another. Live
  • Scoped authority A graduation state machine plus human-set guardrails bound what each agent is allowed to do. Live
Configurable. Role definitions, token lifetimes, and approval thresholds are set per deployment. Defaults are conservative — sensitive workflows involving financial, customer-facing, or operational actions are gated until you widen scope.
Skill governance
Agents run only allowed skills

Capabilities are an explicit allowlist, not an open tool surface. An agent cannot invoke a skill it has not been permissioned for.

Allowlists & scoped execution substantiated

  • Allowlists Each agent runs against a defined skill allowlist — capabilities are granted, never assumed. Live
  • Scoped skills Skills carry their own validation logic and run only within their permissioned scope. Live
  • Curated routing Intent is classified against a curated intent-to-skill map, so requests resolve to known, vetted capabilities. Live
Configurable. Which skills are enabled for which personas and roles is configured per deployment, so you can run a tightly-scoped subset for sensitive environments.
Runtime isolation
Execution stays contained

Code runs in a sandbox with least-privilege defaults, so a misbehaving skill or prompt cannot reach beyond its bounds.

Sandboxing & non-root containers substantiated

  • Sandboxed Skill execution is sandboxed to limit what any single action can reach. Live
  • Non-root Workloads run in non-root containers, reducing host-level risk. Live
  • Bounded blast radius Isolation keeps the impact of any single failure or compromise contained. Live
Configurable. Container resource limits, network egress policy, and host hardening are tuned to your environment in a self-hosted or private deployment.
Observability
The running system is inspectable

If something looks wrong, you should be able to see what happened — not reconstruct a guess. Logging and tracing are built in, not bolted on.

Logging, tracing & supervision substantiated

  • Structured logs Structured logging captures system events in a machine-parseable form. Live
  • Request tracing Full request tracing follows a request through the system. Live
  • Watchdog Watchdog supervision monitors the running platform. Live
  • Audit chain Decisions land in hash-chained, replayable logs (see Incident response below). Live
Configurable. Log retention windows, export formats, and integration with your SIEM or observability stack are set per deployment.
Deployment & delivery
Run it where you trust it

The delivery pipeline is containerized and the platform can run entirely inside your own boundary. Full deployment models are on the Deployment page.

Containerized CI/CD & self-hosting substantiated

  • Containerized The platform ships as containers for reproducible, isolated deployment. Live
  • CI/CD Delivery runs through a continuous-integration / continuous-delivery pipeline. Live
  • Caddy TLS Transport security is terminated by Caddy. Live
  • Self-hosted Self-hosted deployment keeps the full platform and your data inside your own infrastructure. Live
Configurable. Private-cloud / VPC, hybrid, and air-gapped-leaning topologies are scoped per engagement — see the Deployment page.
Integrations & secrets
Credentials handled with care

Connecting agents to your systems means handling credentials. We treat connector permissions and secrets as first-class, scoped objects.

Connector permissions & secrets management substantiated + configurable

The access primitives here — RBAC, hashed tokens, signed agent-to-agent calls, and skill allowlists — are substantiated platform controls. The specifics of how a given connector authenticates, and how its scopes are managed, are framed generally below and confirmed per deployment.

  • Scoped connectors Integrations run under the same allowlist and role model as everything else — a connector only carries the permissions it is granted. Configurable
  • OAuth / API keys Connectors authenticate via OAuth or scoped API keys, requesting the narrowest scope the workflow needs. Configurable
  • Secrets handling Credentials are kept out of plaintext logs and treated as secrets, not configuration. Configurable
Configurable / roadmap. Integration with a managed secrets store (e.g. a vault or your cloud KMS), per-connector scope review, and automated rotation are configured per deployment and continue to mature. Exact connector authentication for a given system is confirmed during a security walkthrough. See the Integrations page for which channels are live today versus available by configuration.
Data boundaries
Your data stays in your boundary

How data is scoped, isolated, and retained is a decision you make per deployment — mirroring the data-governance posture in the Trust Center.

Tenant isolation & client-scoped execution substantiated + configurable

  • Self-hosting In a self-hosted deployment, data stays inside your own infrastructure — substantiated. Live
  • Scoped execution Access to data is governed by RBAC, signed calls, and allowlists, with sandboxed, non-root execution. Live
  • Multi-tenant isolation Tenant isolation is available on the Enterprise tier. Enterprise
Configurable. Client-scoped execution, data-retention windows, and tenant data boundaries are set per deployment. Your content is not used to train third-party foundation models as part of normal operation; exact data-handling terms for managed and multi-tenant deployments are confirmed in your agreement.
Incident response
When something goes wrong, you can stop it

The first control in an incident is the ability to halt, then to review exactly what happened. Both are built in.

Kill-switch, audit review & escalation substantiated + configurable

  • Kill-switch A supreme kill-switch can halt anything that touches the real world, immediately — substantiated. Live
  • Audit review Hash-chained, replayable logs let you reconstruct and explain any decision after the fact — substantiated. Live
  • Escalation Low-confidence or out-of-scope requests are designed to defer to a human rather than guess. Live
Configurable / roadmap. A formal published incident-response SLA, named security contacts, and a coordinated disclosure process are being formalized and are confirmed per engagement. Request a security walkthrough for current status.
Compliance roadmap
Where we are honest about status

The items below are a roadmap, not completed certifications. We deliberately do not display compliance badges we have not earned. This section tells you what is in progress and what is confirmed per deployment.

SSO, SOC 2 readiness, DPA / GDPR roadmap

  • SSO Single sign-on (SAML / OIDC) is on the roadmap, available by configuration for enterprise deployments. Roadmap
  • SOC 2 readiness SOC 2 is a readiness effort, not a completed attestation. We will not represent it as certified until it is. Roadmap
  • DPA / GDPR A data-processing agreement and GDPR-aligned handling are addressed per engagement where relevant; we confirm specifics in your agreement. Roadmap
  • Pen testing Independent penetration testing and a security questionnaire pack are part of the maturity roadmap. Roadmap
Roadmap — not certified. No statement on this page should be read as a claim of a completed SOC 2, ISO, or other certification. These are works in progress; current, dated status is shared directly in a security walkthrough and under NDA.
Run your due diligence

We would rather walk your security team through the live system than ask them to take our word for it. See also the Trust Center and Deployment options.

Request a security walkthrough →