Security
How we secure and operate your AI employeesβand your business.
π Private-First Architecture
Your AI employee is configured to operate through channels and integrations you authorize. External actions run through isolated accounts we provision specifically for your business.
Operating Models
Managed Service (Now)
- We run and maintain infrastructure, orchestration, updates, and reliability.
- Operator support access is available when troubleshooting is required.
- Best for speed, simplicity, and one accountable operator.
Enterprise Deployment (Pilot)
- We deploy our infrastructure management system in your environment (on-prem or private cloud).
- Day-2 operations can be customer-managed or co-managed based on your control and compliance requirements.
- Supports tighter isolation boundaries and customer-defined support access paths.
- Best for control, compliance, and environment ownership requirements.
Our Security Principles
Private by Default
Your AI employee is private by default. It operates through authorized channels (Telegram, WhatsApp, Slack) and approved integrations rather than open public endpoints.
Zero-Trust Keys
API keys and secrets are encrypted at rest and injected through controlled runtime paths instead of being exposed in user-facing chat flows.
Isolated Workspaces
Each customer's AI runs in its own container with its own storage. Your data never touches another customer's environment.
Isolated Personas
When your AI acts externally (email, social), it uses dedicated accounts we create for youβnot your personal credentials. Blast radius contained.
How External Actions Work
When your AI employee needs to interact with the outside world, we don't give it your personal accounts. Instead:
π§ Email
We create a dedicated email address like morgan@yourbusiness.hireopenclaw.com or on your domain if you prefer. This account is used exclusively by your AI. If anything goes wrong, your personal inbox is untouched.
π± Social Media
For social posting, your AI works in draft mode by default. It creates content and queues it for your approval. You review and publish. No autonomous posting to your accounts unless you explicitly enable it.
π€ Outreach
SDR bots send emails from isolated sending accounts with proper authentication (SPF, DKIM). Your personal email reputation stays separate. If a campaign gets flagged, it doesn't affect your main domain.
Attack Vectors We Protect Against
| Attack | Risk | Our Protection | Status |
|---|---|---|---|
| API Key Theft | Attacker steals your AI provider credentials | Zero-trust keyring β AI never has keys | Protected |
| Cross-Customer Data | One customer accesses another's data | Isolated containers per customer | Protected |
| Runaway Actions | AI sends thousands of emails or posts | Daily limits + confirmation for bulk actions | Protected |
| Account Compromise | Bad actor gains control of your AI | Isolated personas limit blast radius | Protected |
| Prompt Injection | Attacker manipulates AI behavior via input | Restricted channels + anomaly detection | Mitigated |
API Key Theft Protected
Attacker steals your AI provider credentials
β Zero-trust keyring β AI never has keys
Cross-Customer Data Protected
One customer accesses another's data
β Isolated containers per customer
Runaway Actions Protected
AI sends thousands of emails or posts
β Daily limits + confirmation for bulk actions
Account Compromise Protected
Bad actor gains control of your AI
β Isolated personas limit blast radius
Prompt Injection Mitigated
Attacker manipulates AI behavior via input
β Restricted channels + anomaly detection
Architecture Overview
Private channels β Isolated AI β Keyring proxy β External APIs
What We're Honest About
β οΈ No AI system is 100% injection-proof
Like all AI assistants, ours can theoretically be manipulated by sophisticated prompt injection attacks. The difference is:
- Restricted channel model β Reduces direct public exposure to your AI workflows
- Isolated personas β Even if manipulated, the blast radius is contained
- Draft mode β High-stakes actions require your approval
- Action logging β Sensitive operations are logged for review
We don't promise perfect security (no one honestly can). We promise defense in depth and minimal blast radius.
Security Best Practices for You
- Keep sensitive credentials out of chat β Don't paste passwords or API keys to your AI. Use our secure integration setup instead.
- Review before publishing β Use draft mode for content. A human eye catches things AI misses.
- Check your audit logs β We provide action logs. Review them periodically.
- Report anything weird β If your AI behaves unexpectedly, let us know immediately.
Compliance
- Data residency: US-based infrastructure (Cloudflare, Vercel)
- Encryption: TLS in transit, plus API keys and secrets encrypted at rest
- Data deletion: Full deletion within 30 days of cancellation (or immediately on request)
- No training: Your data is never used to train AI models
Questions?
Security concerns? We take them seriously. Reach out through your account dashboard or the main contact form.