Security

Separate routes,visible approvals.

Our operational posture in plain language. AGI separates Local, BYOK, and Cloud paths. Sensitive tool actions use visible approvals. Managed Cloud remains gated until operational controls are proven. For the dated compliance status, see /trust.

Report a Vulnerability See Compliance Status

Keys

How AGI treats your keys.

Encrypted at rest
BYOK key handling is designed around local secret storage, masked display, and no plaintext logging. Public surfaces must keep provider labels and route boundaries visible before a request leaves the device.
Master password is yours
Local secret recovery is intentionally limited. If a local key store depends on a master password or OS secure storage, AGI should not be able to recover that secret for you.
Direct provider traffic
On supported BYOK surfaces, direct-provider calls are kept separate from AGI Cloud and labeled with the chosen provider before use.

Tools

Tool execution stays in view.

Sandboxed by default
File, shell, network, and browser actions are routed through explicit permission and sandbox paths where available. No destructive action should run without visible scope.
Audit trail
Tool activity is designed to be journaled with timestamps and visible summaries so you can understand what happened during a session.
Approval flow
Sensitive operations such as file writes, credential access, external actions, and expensive compute require explicit user approval. No silent escalation.

Data

Where your data lives.

Database	Managed Cloud data is scoped by authenticated user in server routes and database policies. Broad Cloud release remains gated until audits are complete.
Local storage	Local mode uses SQLite on disk. SQLCipher available for at-rest encryption.
In transit	HTTPS in transit on deployed surfaces.
Auth	Managed auth uses server-side route checks and secure cookie settings where enabled. State-changing endpoints should keep CSRF and ownership checks.
Code signing	Desktop installers are launch-gated. When public builds ship, they will be published only through verified GitHub releases or configured signed-asset URLs, with Windows EV signing planned as part of that release path.

Practices

Engineering practices behind releases.

Code review
Changes are expected to pass repo guardrails, type checks, lint checks, and focused tests before public release.
Continuous scanning
The release path includes dependency, vulnerability, and Rust workspace checks. Results must be treated as release evidence, not as marketing claims.
Incident response
Security reports go through the support channel. Public incident process and status reporting live on /status.

Report a vulnerability

Found something? Tell us directly.

Email contact@agiworkforce.com with the subject line “security”. Include the affected surface, steps to reproduce, and any relevant logs or screenshots.

See Compliance Posture Read the BYOK Details Read the Privacy Policy

How AGI treats your keys.

Encrypted at rest

BYOK key handling is designed around local secret storage, masked display, and no plaintext logging. Public surfaces must keep provider labels and route boundaries visible before a request leaves the device.

Master password is yours

Local secret recovery is intentionally limited. If a local key store depends on a master password or OS secure storage, AGI should not be able to recover that secret for you.

Direct provider traffic

On supported BYOK surfaces, direct-provider calls are kept separate from AGI Cloud and labeled with the chosen provider before use.

Tool execution stays in view.

Sandboxed by default

File, shell, network, and browser actions are routed through explicit permission and sandbox paths where available. No destructive action should run without visible scope.

Audit trail

Tool activity is designed to be journaled with timestamps and visible summaries so you can understand what happened during a session.

Approval flow

Sensitive operations such as file writes, credential access, external actions, and expensive compute require explicit user approval. No silent escalation.

Where your data lives.

Database

Managed Cloud data is scoped by authenticated user in server routes and database policies. Broad Cloud release remains gated until audits are complete.

Local storage

Local mode uses SQLite on disk. SQLCipher available for at-rest encryption.

In transit

HTTPS in transit on deployed surfaces.

Auth

Managed auth uses server-side route checks and secure cookie settings where enabled. State-changing endpoints should keep CSRF and ownership checks.

Code signing

Desktop installers are launch-gated. When public builds ship, they will be published only through verified GitHub releases or configured signed-asset URLs, with Windows EV signing planned as part of that release path.

Engineering practices behind releases.

Code review

Changes are expected to pass repo guardrails, type checks, lint checks, and focused tests before public release.

Continuous scanning

The release path includes dependency, vulnerability, and Rust workspace checks. Results must be treated as release evidence, not as marketing claims.

Incident response

Security reports go through the support channel. Public incident process and status reporting live on /status.