Security posture for an autonomous AI data scientist.
OctOpus is built for regulated enterprise workloads. The agent's research loop is sandboxed, secrets are scrubbed before the LLM-authored training code runs, holdout data lives outside the agent's workspace, and every research run is fully audit-logged. For SOC 2-, GDPR-, HIPAA-, and PCI DSS-aligned teams, Desktop and VPC deployments keep data on your perimeter.
Data residency
Desktop (local)
OctOpus Desktop runs the agent fully on a workstation or on-prem server. Data, models, training scripts, and logs stay on the device. The only outbound connection is to the LLM endpoint you configure — Anthropic, OpenAI, Azure OpenAI, Bedrock, or a private model.
VPC / private cloud
OctOpus Enterprise deploys inside your AWS, GCP, or Azure account as a private install. Customers integrate with IAM / Workload Identity / Entra ID, route inference through Bedrock or Azure OpenAI, and keep all data inside their network perimeter.
SaaS (cloud)
The hosted product runs in a single, audited region with at-rest disk encryption and TLS-in-transit. Tenant isolation is enforced on every endpoint; every run is gated by an ownership check. Holdout is stored outside the agent workspace.
Encryption
- In transit. TLS 1.2+ for all client and inter-service traffic. HSTS enforced on production endpoints.
- At rest. Persistent volumes use the storage provider's at-rest encryption (AES-256 on AWS / GCP / Azure managed disks). The Desktop app uses OS-level disk encryption (FileVault / BitLocker / LUKS recommended).
- User-provided LLM and connector keys. Encrypted at rest with Fernet using a per-install random secret. Decrypted only inside the server process, never written to disk plain, never shipped to log streams.
Identity, access, and tenancy
- SSO. SAML 2.0 and OIDC with Okta, Microsoft Entra ID (Azure AD), Google Workspace, OneLogin, JumpCloud, and any standards-compliant IdP.
- SCIM. SCIM 2.0 provisioning for user and group lifecycle.
- RBAC. Role-based access control with workspace isolation. Every API endpoint enforces an ownership check before serving runs, models, or logs.
- Audited multi-tenancy. Tenant isolation is enforced server-side; client roles are never trusted alone.
Agent sandboxing and secret handling
- Subprocess scrub. Every research-run subprocess is launched with a scrubbed environment — provider API keys are removed before the LLM-authored
train.pycan reados.environ. - Holdout isolation. The holdout dataset is stored outside the agent's workspace. The LLM cannot glob or read it during planning or experiment generation — the orchestrator scores the winner on it only after the run is locked.
- Log redaction. All server-sent-event and SQLite log streams pass through a secret-redaction regex before reaching disk or the UI. Provider keys, connector credentials, and known secret patterns are masked.
- Production refusal. The server refuses to boot in production mode without persistent storage and a configured Postgres instance — guards against ephemeral, unencrypted, or single-node deployments by mistake.
Audit and Model Risk Management (MRM)
- Full audit log per workspace: research plan, every experiment's train.py, every error, every revision, holdout metrics, deployed artifact hash.
- Exportable for SR 11-7 / IFRS 9 / CECL / SOC 2 reviews.
- Every train.py is human-readable — no opaque AutoML pipeline blocks to defend in committee.
- Reproducible runs: rerun the same dataset with the same seed and the same OctOpus version and get the same model.
Compliance alignment
| Framework | How OctOpus aligns |
|---|---|
| SOC 2 Type II | Encryption at rest and in transit, access logging, role-based access control, audit logging, secret redaction, change management. Documentation available under NDA. |
| GDPR | Data residency controls via Desktop / VPC, audit trail of processing, scoped retention, support for right-to-erasure on a per-workspace basis. |
| HIPAA | Desktop or VPC deployment for PHI; the agent never transmits PHI outside your perimeter when configured with a private inference endpoint. |
| PCI DSS | VPC deployment so cardholder data never leaves your perimeter; encrypted-at-rest secrets; redacted log streams. |
| SR 11-7 / IFRS 9 / CECL | Full audit log of model development; inspectable train.py per experiment; reproducible builds for MRM independent validation. |
| AML transaction monitoring | VPC deployment for transaction data; calibrated probability outputs; SHAP attributions for case-investigator workflows. |
Responsible disclosure
If you discover a security issue, email security@octoopus.dev. We acknowledge within 24 hours and patch coordinated-disclosure issues within 7 days for critical and 30 days for high-severity findings. We do not pursue legal action against good-faith researchers who follow responsible disclosure.