Security

How we protect agent actions, audit trails, and customer data.

Specific algorithms. Specific vendors. Specific dates. No marketing language. If a CISO can't complete pre-purchase due diligence on this page, we've failed.

Threat model

Eight enumerated threats (T1–T8) with mitigations and explicit residual risk. Developer-facing version is public; CISO version available under NDA.

Open

Cryptography

Specific algorithms, specific reasons.

Use	Algorithm	Why
Receipt signing	AWS KMS · ECDSA P-256	Hardware-backed key custody. Receipts verifiable offline against the public key — no contact with our infrastructure required.
Hash chain	SHA-256	FIPS 180-4. Universally implemented; the conservative choice.
At-rest encryption	AES-256-GCM	Authenticated encryption; per-tenant keys via cloud KMS.
Transit	TLS 1.3	Strict; HSTS preloaded; no fallback to TLS 1.2 except for legacy webhook destinations.
Key rotation	90 days	Receipts include the public key they were signed with; old keys remain in the registry indefinitely for verification.

Architectural posture

What the architecture refuses, by design.

Property	What it means
No LLM in the authorization path	The Authorization Boundary evaluates structured intents against deterministic rules. A prompt-injected agent cannot persuade the boundary — the boundary does not read prose.
No raw payment credentials at the input boundary	Payment account numbers and CVVs are refused before they enter the gateway. Only tokenised payment-intent IDs from PSP-controlled tokenisation flows are accepted. Whether this reduces a merchant’s PCI scope depends on the full payment architecture and the merchant’s QSA assessment.
Persistent, hash-chained audit	Receipts persist with tenant-scoped row-level security. The full audit chain is exportable. Amendments link back to the original receipt via `amendmentOf` — a receipt is a living record, not a single snapshot.

Operations

SLA posture.

SLA targets

Public SLA targets (API uptime, webhook delivery, receipt signing, Authorization Boundary evaluation) will publish on this page once paid plans launch and we have measured production data to back them. Until then, the sandbox operates without an SLA.

We’d rather publish a target six weeks late than publish one we can’t defend on day one. Any targets discussed elsewhere are design targets only — not commitments. Insurance posture, sub-processor list, and data residency arrangements are available under NDA via the CISO kit below.

CISO Resources

Need the executive briefing for security review?

We maintain a CISO kit: 15-slide executive briefing, full threat model, and architecture deep-dive. Available under NDA via your account team.

Request the CISO kit

Reporting a security issue

Email security@executionprotocol.dev. Real human reply within one business day. We treat researchers acting in good faith as collaborators.

For non-security inquiries, use /contact.

Use

Algorithm

Why

Receipt signing

AWS KMS · ECDSA P-256

Hardware-backed key custody. Receipts verifiable offline against the public key — no contact with our infrastructure required.

Hash chain

SHA-256

FIPS 180-4. Universally implemented; the conservative choice.

At-rest encryption

AES-256-GCM

Authenticated encryption; per-tenant keys via cloud KMS.

Transit

TLS 1.3

Strict; HSTS preloaded; no fallback to TLS 1.2 except for legacy webhook destinations.

Key rotation

90 days

Receipts include the public key they were signed with; old keys remain in the registry indefinitely for verification.

Property

What it means

No LLM in the authorization path

The Authorization Boundary evaluates structured intents against deterministic rules. A prompt-injected agent cannot persuade the boundary — the boundary does not read prose.

No raw payment credentials at the input boundary

Payment account numbers and CVVs are refused before they enter the gateway. Only tokenised payment-intent IDs from PSP-controlled tokenisation flows are accepted. Whether this reduces a merchant’s PCI scope depends on the full payment architecture and the merchant’s QSA assessment.

Persistent, hash-chained audit

Receipts persist with tenant-scoped row-level security. The full audit chain is exportable. Amendments link back to the original receipt via amendmentOf — a receipt is a living record, not a single snapshot.