Security & Trust

How Aletheia Core protects your data and operations

Architecture

Aletheia Core uses a tri-agent pipeline to evaluate every API request before execution:

• Scout: Threat intelligence pre-filter detecting instruction smuggling, exfiltration patterns, and rotation probing.
• Nitpicker: Polymorphic intent sanitizer with semantic embedding analysis against a curated bank of static blocked patterns plus a 137-entry semantic manifest.
• Judge: Cryptographic policy enforcer verifying Ed25519-signed manifests and running semantic veto analysis against 50+ alias phrases.

All three agents must independently pass for a request to proceed. Any single agent can deny. The system fails closed for high-risk actions when critical controls are unavailable (for example: rate limiter, decision store, manifest verification, or semantic engine degradation). Availability exceptions are surfaced as explicit denied/degraded responses in the API and demo paths. Audit chain continuity is guaranteed within a single instance; multi-replica chain coordination is planned for a future release.

Data Protection

• Encryption in transit: All connections use TLS 1.2+ with HTTPS enforced. HSTS headers with a 1-year max-age.
• Encryption at rest: Database hosted on Supabase with encryption at rest enabled.
• Password storage: bcrypt with 12 rounds of salting. Passwords are never stored in plaintext or logged.
• Payload handling: API payloads are hashed (SHA-256) for audit logging. Raw payload content is not persisted.
• API key security: Keys are HMAC-hashed before storage. Only the key prefix is stored in plaintext for identification.

Access Controls

• JWT-based authentication with 7-day session expiry
• Per-user API key scoping with plan-based quotas
• Rate limiting: per-IP sliding window (in-memory or Redis-backed)
• CSRF protection: Origin/Referer header validation on all state-changing requests
• Content Security Policy, X-Frame-Options (DENY), Strict-Transport-Security headers
• Login brute-force protection: 5 failures per 15 minutes per email
• Registration rate limiting: 5 attempts per hour per IP

Audit Trail

Every security decision is logged with a cryptographic receipt containing:

• Decision (PROCEED / DENIED / SANDBOX_BLOCKED)
• SHA-256 hash of the policy manifest
• SHA-256 hash of the payload
• Ed25519 signature binding the decision to the specific request (for receipts issued after 2026-05-03)
• Timestamp, action, origin, threat score, and unique request ID

Receipt signing migrated from HMAC-SHA256 to Ed25519 (asymmetric) on 2026-05-03. Receipts issued after that date are signed with our Ed25519 receipt-signing key and can be verified by any third party using the public key at /.well-known/aletheia-receipt-key.pem. Receipts issued before that date were signed with HMAC-SHA256 and remain verifiable for the audit retention period.

Receipts can be independently verified using the Receipt Viewer. Audit logs are exportable in JSONL format from your dashboard.

Incident Response

• Acknowledgment: Within 48 hours of a reported vulnerability.
• Assessment: Within 5 business days.
• Critical fix: Within 14 days for critical severity issues.
• Moderate fix: Within 30 days for moderate severity issues.
• Coordinated disclosure: Fix released, then public advisory published. Reporter credited unless anonymity requested.

Vulnerability Reporting

Report security vulnerabilities by emailing info@aletheia-core.com. Please do not disclose vulnerabilities publicly before a fix is available. For full details, see our Security Policy.

Infrastructure

• Frontend: Vercel (Next.js edge network)
• Backend: Render (FastAPI, isolated containers)
• Database: Supabase (PostgreSQL with connection pooling)
• Payments: Stripe (PCI DSS Level 1 certified)

Compliance Posture

• CalOPPA: Privacy policy with required disclosures, Do Not Track honored.
• CCPA/CPRA: Right to know, right to delete, and right to opt-out supported. Self-service tools in account settings.
• NIST AI RMF: Mapped across GOVERN, MAP, MEASURE, and MANAGE functions per our Threat Model.
• Open source: MIT-licensed core available for independent audit at GitHub.

We are working toward formal SOC 2 Type II and ISO 27001 certification. Contact us for details on our timeline.

Contact

Security questions or concerns: info@aletheia-core.com