Security

Enterprise security for every user

Your AI assistant runs in a hardened, isolated environment with encrypted secrets, zero inbound ports, and defense-in-depth infrastructure.

📦

Container Isolation

Every user runs in a hardened Docker container with read-only filesystem, no-new-privileges, CPU/memory limits, and isolated networking.

  • Read-only rootfs
  • No-new-privileges
  • Resource limits
  • Network isolation
🔐

Encryption

All secrets are encrypted with AWS KMS. Per-tenant HMAC sessions, TLS everywhere, and encrypted S3 backups.

  • KMS encryption
  • Per-tenant HMAC
  • TLS/HSTS
  • Encrypted backups
🏗️

Infrastructure

Zero inbound ports, IMDS blocking, IAM least privilege, security headers, and rate limiting. Defense in depth at every layer.

  • Zero inbound ports
  • IMDS blocking
  • IAM least privilege
  • Rate limiting

Security by default, not by tier

Every Alpha Agent workspace — Individual, Team, or Enterprise — gets the same hardened infrastructure. We don't gate security behind pricing tiers.

Every workspace is isolated

Hardened Docker containers with read-only filesystems and no-new-privileges for all users.

Every secret is encrypted

AWS KMS encryption for all API keys and credentials, regardless of plan.

Every connection is secured

TLS 1.3 for data in transit, HSTS, and security headers on every endpoint.

Every action is logged

Audit trail for configuration changes, API access, and integration events.

Isolation architecture

Internet / Client TLS 1.3 API Gateway + WAF + CDN Rate limiting · Security headers · DDoS protection Management Lambda Auth · Routing · HMAC session validation Zero inbound ports EC2 Host (Per-tenant) Docker Container (Isolated) AI Agent Dashboard Read-only rootfs No-new-privileges CPU/mem limits AWS KMS Encrypted Secrets DynamoDB Session & Config S3 Encrypted Backups

What this means for your business

Your API keys are safe

Every credential is encrypted with AWS KMS. Even if someone accessed the database, they couldn't read your keys. We never store secrets in plaintext.

Your data stays yours

Each workspace runs in its own isolated container. One user's data can never leak to another. No shared processes, no shared storage.

No attack surface

Zero inbound ports from the internet. Your AI workspace isn't directly accessible — all traffic goes through our API gateway with rate limiting and WAF protection.

Open source & auditable

Built on OpenClaw, an open-source platform. Every security control is publicly auditable. No black boxes, no "trust us" — just code you can read.

Our security approach

Alpha Agent is built on the principle that every user deserves enterprise-grade security, regardless of their plan. Every workspace — from individual to team — runs in the same hardened, isolated infrastructure.

We use a defense-in-depth strategy: container isolation prevents lateral movement, KMS encryption protects secrets at rest, TLS secures data in transit, and our infrastructure has zero inbound ports accessible from the public internet.

Our platform is built on OpenClaw, an open-source AI agent platform. The security model has been reviewed by the community and is continuously improved.

Security questions?

Review our detailed security documentation or schedule a walkthrough with our team.

Read Security Blog Posts Schedule a Security Review