Security
Every LEAPWare product treats security as a structural property — enforced at the infrastructure layer, not bolted on after the features work. If governance can be bypassed, it does not exist.
Core Security Architecture
Every knowledge access, every agent action, every API call is evaluated against declarative Cedar policies before execution. Attribute-Based Access Control evaluating agent identity, data classification, organizational hierarchy, task context, and resolution level. Sub-10ms evaluation on every request. Full audit log on every authorization decision — allow and deny. Cedar was chosen because policies are declarative, auditable, and formally verifiable — not embedded in application code where they can be silently bypassed.
Dedicated database schemas per tenant. Scoped API keys with tenant binding at the cryptographic layer. Tenant-aware middleware at every layer of the stack — not a WHERE clause, a structural boundary. No shared tables, no shared indexes, no cross-tenant query path. A compromised tenant cannot access, enumerate, or infer the existence of another tenant's data. Isolation is verified by automated penetration tests in the CI/CD pipeline.
Every VIRT operates in its own container with scoped filesystem access, metered compute, network restrictions, and LeapNerve policy enforcement at the container boundary. Agents cannot see another agent's workspace, access another agent's knowledge scope, or exceed resource allocation. Container lifecycle is managed by the VIRT Execution Engine — containers are created at instantiation, monitored during operation, and destroyed at stand-down. No persistent state outside the governed knowledge graph.
TLS 1.3 in transit — no fallback to older protocols. AES-256 at rest with tenant-scoped encryption keys. Secrets managed in a cloud key vault with automatic rotation on a defined schedule. No plaintext credentials in configuration files, environment variables, container images, or application logs. Key derivation uses tenant identity as an input — one tenant's key material cannot decrypt another tenant's data even if storage-layer access were compromised.
Data Protection
LEAPWare processes three categories of data, each with distinct protection requirements:
Knowledge Objects — the nine typed objects (Specification, Decision, Procedure, Event Record, Metric Definition, Entity, Thread, Template, Experiential Knowledge) that form the organizational mind. Protected by: tenant isolation, Cedar ABAC on every access, bi-temporal versioning with immutable audit trail, encrypted at rest with tenant-scoped keys. Knowledge objects are the highest-value data in the system and receive the strongest protection.
Agent Interaction Data — the actions taken by VIRTs, including tool calls, knowledge mutations, and inter-agent communications. Protected by: container isolation, charter enforcement (every action validated against the VIRT's authority boundaries before execution), full audit logging with actor attribution, and governance-as-context serialization ensuring policy constraints travel with every A2A task delegation.
Operational Metadata — system telemetry, performance metrics, and platform health data. Protected by: anonymization at collection (no tenant-identifying information in telemetry), encrypted transport to the observability stack, and retention limits enforced by policy.
Governance & Compliance
LEAPWare operates under 28 firm-level governance standards. Security is one of them. Here is what the security standard covers:
Multi-factor authentication. Session management with configurable timeouts. API key rotation. OAuth 2.1 for third-party integrations. No shared credentials.
Cedar ABAC policies. Role-based defaults with attribute-based overrides. Least-privilege by default — every VIRT's access profile is compiled from its charter at instantiation time.
Every authorization decision logged. Every knowledge mutation logged with actor, timestamp, and before/after state. Audit logs are append-only and tamper-evident. Retention: configurable, minimum 90 days.
Governed incident response standard with severity classification (P0–P4), escalation procedures, breach notification templates, and mandatory post-incident review within 48 hours.
Dependency scanning in CI/CD. Container image scanning before deployment. Responsible disclosure program. Security patches prioritized over feature work.
SOC 2 Type II certification on the roadmap. GDPR and CCPA compliance built into the architecture from day one — not retrofitted. Privacy-by-design, not privacy-by-policy.
If you discover a security vulnerability in any LEAPWare system, please report it to [email protected]. We commit to acknowledging receipt within 24 hours, providing an initial assessment within 72 hours, and keeping you informed of remediation progress. We do not pursue legal action against good-faith security researchers.