Agents that take action need security baked in.

01

Defense in Depth

Security at the platform layer means doing the boring things well. TLS 1.2+ everywhere in transit. AES-256 at rest. An encrypted secret store that agents read from but never see in cleartext.

Customer keys for upstream LLM providers are sealed in our secret store and decrypted only at the edge of an outbound call. They never appear in logs, traces, or admin UIs.

• TLS 1.2+ in transit, AES-256 at rest
• Encrypted secret store with short-lived decryption
• Vendor keys never logged, traced, or rendered in UI

02

Access Control

BeeKeeper has a real authorization model — not a flag on a user record. Permissions are scoped to organizations, departments, and members, and each agent action carries the identity of the human who triggered it.

Today, single sign-on works through Google OAuth. SAML SSO and SCIM provisioning are in active development for enterprise rollouts.

• Org / department / member RBAC
• Action-scoped tool permissions per agent
• Identity propagated to every downstream tool call
• Google OAuth SSO today; SAML + SCIM in development

03

Audit and Observability

Every prompt, every retrieval, every tool invocation, every model call — recorded with the user, agent version, and reasoning trace. Replay any conversation to see exactly what the agent saw and why it acted.

Audit logs are queryable from the admin UI and exportable for SIEM pipelines. Retention is configurable per organization.

• Per-action audit log with full context
• Conversation replay against historical agent versions
• Export to SIEM (JSON / webhook)
• Configurable retention

04

OWASP Agentic Top-10

Agentic AI introduces a class of vulnerabilities that classical AppSec doesn't cover. We take this seriously: BeeKeeper runs 125 automated tests across the OWASP Top 10 for Agentic Applications, executed on every release.

Coverage spans ASI01 (prompt injection), ASI02 (tool misuse), ASI03 (identity abuse), ASI04 (supply chain), ASI05 (code execution), ASI06 (memory poisoning), ASI07 (inter-agent communication), ASI08 (cascading failures), ASI09 (human-trust manipulation), and ASI10 (rogue agents).

This is not a one-time audit. The test suite runs in CI against every change to the agent runtime, tools, and orchestration layers.

• 125 automated tests across ASI01–ASI10
• Run in CI on every release of the agent runtime
• Findings tracked publicly to customers under NDA

05

Tenancy and Isolation

BeeKeeper is multi-tenant with strict org-scoped data boundaries. Memory, corrections, agent definitions, and integration credentials live within an organization's scope and are never readable from another tenant.

Authorization checks happen at every layer — request, retrieval, and tool dispatch — so a misconfigured prompt cannot exfiltrate data across the boundary.

• Hard org boundary on data, memory, and corrections
• Authorization enforced at retrieval and tool dispatch
• Per-tenant data deletion on demand

06

On the Roadmap

We believe in being honest about what's shipped versus what's coming. SOC 2 Type II is in progress. SAML SSO and SCIM provisioning are in active development for enterprise customers. We're also building region-pinned deployments and customer-managed encryption keys.

If your security review needs something specific that isn't listed here, ask us — we're happy to talk in detail under NDA.

• SOC 2 Type II — in progress
• SAML SSO + SCIM — in development
• Region-pinned deployments — planned
• Customer-managed encryption keys — planned