Security & compliance
Security is designed into Skynet’s architecture, not bolted on afterward. From encryption to on-premise deployment, Skynet is built with security-conscious organizations in mind.
Infrastructure
Skynet runs on reputable cloud infrastructure with physical and network protections managed by our providers. Production environments are isolated from development and staging, and access between them is tightly controlled.
Encryption
- In transit: traffic between clients and servers is encrypted using TLS.
- At rest: stored data is encrypted using industry-standard algorithms.
- Enterprise: encryption keys can be managed within your own infrastructure rather than Skynet’s, and AI processing can run entirely on your own data centre, cloud, or infrastructure of choice.
On-premise data residency (Enterprise)
For Enterprise customers, Skynet can run entirely on your own data centre, cloud, or infrastructure of choice (see pricing). That means:
- No financial data, intellectual property, or client information has to leave your servers.
- AI processing can happen within your own network.
- You retain control over data, backups, and access logs.
Access control
- Role-based access control (RBAC): define who can access what data and features.
- Organization-wide AI governance: view, control, and optimize AI usage across all teams and members.
- Selective memory controls: admins set policies on what enters collective memory versus what stays private.
- Third-party API controls: Enterprise admins can enable or disable external LLM API connections.
Internally, access to production systems is restricted on a least-privilege basis and protected with strong authentication.
Monitoring and incident response
We log and monitor our systems for anomalous activity and maintain an incident-response process to investigate and remediate security events. If an incident affects your data, we notify you in accordance with applicable law.
Compliance frameworks
Skynet Enterprise is built to meet compliance frameworks including SOC 2 Type 2, ISO 27001, ISO 42001, and GDPR (see the Enterprise plan for current details).
Responsible disclosure
We welcome reports from security researchers. If you believe you’ve found a vulnerability in Skynet, report it with enough detail to reproduce the issue, and give us a reasonable opportunity to investigate before disclosing it publicly. We don’t pursue legal action against good-faith research conducted under this policy. See the live security page for the current contact address.