Security

Your data never leaves.
By architecture, not by policy.

Epic AI's security model is a structural guarantee enforced within the SDK runtime — not a promise written in a policy document. Credentials, raw data, and tool schemas never cross a network boundary unless you explicitly authorize it.

Data Sovereignty

Four guarantees.
All structural.

Tool Schemas Stay Local

MCP tool schemas are resolved and cached on-premise inside the SDK runtime. The orchestration layer never transmits schema definitions to an external service.

Credentials Never Transit

API keys, tokens, and connection strings are injected at runtime via environment variables or your secret store. They are never serialized into prompts or sent to the language model.

Raw Data Stays On-Premise

Tool outputs — query results, file contents, system state — are processed locally by the SLM. Only the derived response leaves the boundary, and only when you direct it.

Air-Gapped Deployments

The SDK is designed to operate with no outbound internet access. The local SLM inference path, adapter registry, and audit store function entirely within your network perimeter.

Tiered Autonomy

The model executes nothing
without a tier decision.

Auto
Low risk · Fully autonomous

Read-only queries, status checks, and informational lookups execute immediately. No human in the loop. Latency equals inference latency.

Escalate
Medium risk · Notify and proceed

Write operations and state changes are executed and simultaneously surfaced to the designated escalation channel. Full audit entry is written before the action completes.

Approve
High risk · Block until confirmed

Destructive, financial, or cross-system actions are blocked at the adapter boundary. Execution waits for explicit human approval via webhook, Slack, or the Praetor console.

Audit

Tamper-Evident
Audit Trail

Every tool invocation, tier decision, approval event, and model response is written to an append-only audit log with a cryptographic chain. Each entry contains a hash of the previous entry, making retroactive modification detectable without a separate integrity service.

Logs are written before the action executes — not after — ensuring that a crash or network partition never produces an action without a record.

Export Formats

  • JSONStructured log stream, SIEM-compatible
  • CSVTabular export for compliance reporting
  • Syslog (RFC 5424)Native integration with log aggregators
  • Chain VerificationHash-chain export for independent integrity proof

Vulnerability Disclosure

Found something?
Tell us first.

We operate a responsible disclosure program. If you discover a security vulnerability in Epic AI's SDK, platform, or infrastructure, please report it privately before disclosure. We acknowledge all reports within 48 hours.

Report a VulnerabilityGeneral Contact

security@epic-ai.io