Execution GovernanceWhy this layer must exist
New
How It WorksPersistent & verifiable governance
Proving GroundLive interactive demo
ArchitectureDeep technical dive
WhitepaperThe official PDF thesis
New
Protocol (EAAP)Open protocol spec
IntegrationsMCP, ChatGPT, REST API
Code AnalyzerCheck your code risk
New
Use CasesFinTech, Healthcare, SaaS, Legal
SOC 2 Audit TrailsAI Agent Compliance
Stop AI SQL InjectionDatabase Governance
Compare ToolsExogram vs alternatives
vs Guardrails AIAction Filtering vs Infrastructure
vs LangChainOrchestration vs Control
Trust CenterCompliance & Security
API ReferenceREST API endpoints
CLI ReferenceTerminal commands
New
MCP SetupClaude Desktop integration
Docs HubAll documentation
Answers & FAQCommon questions
GlossaryAI governance terms
Learning HubGuides & deep-dives
BlogLatest posts & insights
Failure CasesReal AI agent failures
RFC-0001Full protocol spec
PricingGetting Started
Log inGet Started Free →
Trust & Compliance

Security & Compliance

Every AI action is verified before execution, logged in a tamper-proof ledger, and enforceable by policy. No unauthorized action reaches your systems.

Infrastructure Security

Exogram is built on SOC2-compliant infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS 1.3 or higher. We employ continuous vulnerability scanning and automated threat detection.

Cryptographic Verification

Exogram implements Layer 4 Action Admissibility via cryptographic state hashing. As AI transitions to autonomous entities operating within enterprise infrastructure, they require an immutable trust ledger. Exogram tokens act as this ledger, cryptographically signing actions to ensure zero capacity for unaccountable mutations.

UUID-Hardened Identity

Every API endpoint enforces strict UUID v4 validation at the request boundary. Malformed identifiers, string-based user IDs, and injection attempts are rejected before reaching any database query. This prevents identity spoofing, SQL injection via identifier fields, and cascading 500-error loops from malformed authentication tokens.

Data Isolation

Enterprise and Pro tier data namespaces are strictly isolated. Meaning Engines evaluate similarity only within tenant-specific vector boundaries. Cross-tenant leakage is physically and logically prevented.

Vulnerability Reporting

We take security reports seriously. If you have discovered a vulnerability in the Exogram platform or MCP server, please report it to security[at]exogram.ai. We will acknowledge receipt within 24 hours.

Compliance Status (Q2 2026 Target)

  • SOC 2 Type II (In Progress)
  • ISO 27001 (In Progress)
  • GDPR Compliant Data Export