The Lab — Security & Privacy

Built Secure.
By Design, Not Afterthought.

AI UNITE was architected from day one with enterprise-grade security, tenant isolation, and data privacy at every layer. Your data never leaves your boundary.

AES-256 Encryption Tenant Isolation SOC 2 Ready HIPAA Compliant
Principles

Three Pillars of AI UNITE Security

Every architectural decision starts with these three non-negotiable principles.

1

Your Data Stays Yours

Proprietary intelligence — UserBrain, Engine 14, CorporateBrain — is never sent to external AI providers. AIs are raw data providers. All proprietary intelligence is applied post-synthesis by SOOB's internal systems. Nothing proprietary enters AI prompts.

2

Isolation by Default

Every organization's data lives in its own boundary. Multi-tenant architecture with organization-scoped queries on every table. One company can never see another's data — enforced at the middleware layer, not just the application layer.

3

Zero Trust Architecture

Every request is authenticated, authorized, and scoped. JWT tokens carry organization, role, and tier. API keys are hashed, scoped, and revocable. No request is trusted by default — not even between internal services.

Encryption

AES-256 Encryption at Every Layer

Industry-standard encryption protects data at rest and in transit. No exceptions, no shortcuts.

Encryption at rest uses AES-256-GCM (Galois/Counter Mode) — the same standard used by financial institutions and government agencies. Every encryption operation generates a unique 12-byte nonce, ensuring no two encrypted values are ever identical.

Key derivation uses HKDF-SHA256 to derive purpose-specific keys from a master secret. OAuth tokens, personal data, and session data each use separate derived keys — compromising one key cannot expose another category of data.

Key rotation is built in. Every encrypted value carries a version identifier, enabling seamless key rotation without re-encrypting existing data.

Implementation Details

AES-256-GCM authenticated encryption
Unique 12-byte nonce per operation
HKDF-SHA256 key derivation
Purpose-specific derived keys
Authentication tags prevent tampering
Key version tracking for rotation
TLS in transit via reverse proxy
Authentication & Access Control

Seven-Tier Permission Hierarchy

Every user, every request, every data point is scoped to exactly the access level it requires. No more, no less.

JWT Token Security

Short-lived access tokens (15 minutes) with separate refresh tokens (7 days). Every token carries user identity, organization, role, and tier. Constant-time comparison prevents timing attacks. 120-second clock skew tolerance for distributed systems.

HS256 · 15min access · 7d refresh

Password Security

Bcrypt hashing with cost factor 12 — intentionally slow (~300ms per hash) to prevent brute-force attacks. Passwords must include uppercase, lowercase, digits, and special characters. Failed attempts trigger account lockout.

bcrypt · cost=12 · ~300ms/hash

API Key Management

API keys are generated with 256-bit entropy and stored as SHA-256 hashes — the plaintext key is shown once and never stored. Keys support granular scopes, expiration dates, and instant revocation. Usage is tracked per-IP.

SHA-256 · 256-bit entropy · scoped

Role-Based Access

Seven permission levels from Employee to CEO, each with precisely defined data visibility. Employees see only their own data. Managers see their team. Directors see their department. VPs and above see organization-wide — each level enforced at the database query layer.

7 levels · OWN → UNRESTRICTED
Data Isolation

Multi-Tenant Isolation at Every Layer

Tenant boundaries are enforced at the middleware, database, and application layers simultaneously.

The Switzerland Principle: The Brain service (port 8000) has zero knowledge of organizational structure. It trusts the JWT issued by the authentication service and scopes every query to the organization ID embedded in that token. No org data leaks between services.

Row-level isolation ensures every database query includes an organization_id filter. This isn't application-level filtering — it's enforced at the SQL layer via parameterized queries. Over 1,400 parameterized query instances across the codebase, eliminating SQL injection surface entirely.

UserBrain isolation goes further. Personal data (preferences, interests, identity) is scoped per-user, not per-organization. Even within the same company, one user cannot access another user's personal intelligence layer.

Isolation Boundaries

Organization-scoped middleware on every request
JWT-based org identity (not URL or header)
1,400+ parameterized SQL queries
Zero SQL string concatenation
Per-user UserBrain data isolation
Separate database ports for auth vs. brain
Environment-based credential management

AI Provider Privacy Wall

The most critical architectural decision in AI UNITE: your proprietary data never enters an AI prompt. External AI providers (Claude, GPT, Gemini) act as raw data processors only. All proprietary intelligence is applied after responses return, inside your data boundary.

Code Execution

Sandboxed Code Execution

AI-generated code runs in fully isolated Docker containers with no network access, capped resources, and multi-layer validation before execution.

Container Isolation

Every code execution runs in an ephemeral Docker container that is destroyed after use. Zero network connectivity, 256MB memory cap, single CPU core. The codebase is mounted read-only — generated code cannot modify production files.

--network none · --memory 256m · --rm

4-Layer Validation Pipeline

Before any code executes, it passes through AST syntax validation, linting (ruff), security pattern scanning (blocks eval, exec, os.system, __import__), and finally sandboxed pytest execution. Each layer can reject the code independently.

AST → Lint → Security → Pytest

Security Pattern Scanning

Critical-severity patterns (eval, exec, os.system, __import__) are blocked outright. High-severity patterns (subprocess, network calls) trigger warnings. SQL injection patterns in generated code are detected and rejected before execution.

CRITICAL · HIGH · MEDIUM severity tiers

Self-Evolution Safety

When AI UNITE improves its own code, every change goes through the same sandbox pipeline plus additional safety analysis. 50+ adversarial test scenarios run automatically, including SQL injection, prompt injection, resource exhaustion, and alignment checks.

50+ safety scenarios · adversarial testing
Audit & Monitoring

Comprehensive Audit Trail

Every access, every query, every permission check is logged with structured data for compliance reporting.

Structured logging captures who accessed what data, when, with what permission level, and what scope of data was returned. PII and PHI access is flagged separately for HIPAA compliance reporting.

Authentication events — every login, token refresh, API key usage, and failed attempt is recorded with IP address, timestamp, and outcome. Account lockouts trigger immediately on suspicious patterns.

Data sensitivity classification automatically tags records as Public, Sensitive, Confidential, or Restricted. Access logs capture which sensitivity levels were accessed per request, creating a complete chain of custody for regulated data.

What Gets Logged

User identity and permission level
Data scope accessed (own/team/dept/org)
PII / PHI access flags
Data sensitivity levels touched
Request duration and outcome
API key usage with IP tracking
Failed auth attempts and lockouts
Compliance

Built for Regulated Industries

AI UNITE's security architecture meets the requirements of SOC 2, HIPAA, and enterprise security frameworks.

SOC 2

Type II Ready

Access controls, audit logging, encryption, and change management aligned with SOC 2 Trust Service Criteria.

HIPAA

Compliant

AES-256 encryption, PHI access logging, role-based access, and audit trails meet HIPAA Security Rule requirements.

RBAC

7-Tier Access

Employee through CEO hierarchy with scope-based data visibility enforced at the database layer.

0

Data to AI Providers

Zero proprietary data enters external AI prompts. Your intelligence stays in your boundary. Always.

API Security

Hardened at the Edge

Rate limiting, CORS enforcement, input validation, and connection pooling protect every endpoint.

Rate Limiting

Per-IP, per-path rate limiting with configurable windows. Exceeding limits returns 429 with a Retry-After header. Client IP detection respects X-Forwarded-For and X-Real-IP for reverse proxy deployments.

100 req/60s default · per-IP + per-path

Input Validation

Pydantic schema validation on every request body. Email format enforcement. Password strength rules. SQL injection prevention through 100% parameterized queries via SQLAlchemy ORM — zero string concatenation in SQL.

Pydantic · SQLAlchemy ORM · parameterized

CORS Policy

Explicit origin allowlist — only registered frontend domains can make cross-origin requests. Credentials are allowed only from known origins. No wildcard origins in production.

Explicit allowlist · no wildcards

Connection Security

Async connection pooling for database and HTTP clients. Separate database ports for authentication and brain services. All credentials loaded from environment variables — zero hardcoded secrets.

Async pooling · env-based secrets

Security You Can Trust.

Enterprise-grade security isn't a feature we added. It's the foundation we built on. See it for yourself.

Request Early Access →