Security
Security You Can Trust
Defense-in-depth architecture with multiple security layers, encryption at rest and in transit, isolated code execution, and comprehensive audit logging.
Defense in Depth
Multiple Layers of Security
Every request passes through multiple security layers before reaching your data. Each layer is independently hardened and monitored.
Security Foundations
Built with enterprise-grade security at every layer.
Security Features
Security in Every Detail
Ten security pillars protecting your workflows, credentials, and data at every layer.
Sandboxed Execution
All code execution runs in fully isolated environments with strict resource controls. Each execution is completely ephemeral.
AI Guardrails
Content filtering, token budget limits, output validation, and behavioral monitoring for all AI agent interactions. Prevent prompt injection and harmful outputs.
Credential Vault
Strong encryption for all stored credentials. Secrets are never logged and never exposed in the UI.
RBAC
Fine-grained role-based access control with Owner, Admin, Editor, and Viewer roles. Control who can create, edit, execute, and manage workflows.
Audit Logs
Every action is logged with user identity, timestamp, IP address, and resource details. Export logs for compliance reporting and security investigations.
XSS Protection
Multi-layer defense against cross-site scripting with server-side and client-side sanitization at every boundary.
SQL Injection Prevention
All user input is validated and sanitized before database interaction. Built with security best practices from the ground up.
SCIM 2.0 Provisioning
Automated user provisioning and deprovisioning via SCIM 2.0. Integrate with your identity provider for centralized user management.
Red Team Testing
Automated adversarial testing against your AI agents. Detect prompt injection, jailbreak, and data exfiltration vulnerabilities before they reach production.
Incident Response
Automated playbooks that quarantine compromised workflows, notify stakeholders, escalate to on-call, and trigger rollbacks when security events occur.
Our Commitments
Security is more than a feature. It's a core principle that guides every decision we make.
No Training on Your Data
We never use your workflow data, credentials, or execution outputs to train AI models. Your data stays yours.
Full Data Portability
Export all your workflows, credentials (encrypted), and execution history at any time. No vendor lock-in, ever.
Responsible Disclosure
We maintain a security vulnerability disclosure program and respond to all reports within 24 hours. No monetary bounty is offered, but we publicly credit researchers whose reports are acted on.
Vulnerability reporting
Responsible Disclosure
Security researchers play an important role in keeping NodeLoom safe. If you believe you have discovered a vulnerability, please report it directly so we can fix it before disclosure.
Email us at [email protected]
Send a description of the issue, the affected component, and reproduction steps. Encrypted reports are welcome. We aim to acknowledge every report within 5 business days.
Email [email protected]What to include
- Description of the vulnerability and affected component
- Reproduction steps or proof-of-concept
- Impact assessment (data exposure, privilege escalation, etc.)
- Suggested remediation, if any
Please do not
- Test against customer data or production tenants
- Run automated scanners against app.nodeloom.io
- Publicly disclose before we have shipped a fix
- Create marketing accounts solely to file reports
No paid bug-bounty program
NodeLoom does not currently operate a paid bug-bounty program. With the reporter's permission, we will credit responsibly disclosed reports in our security advisories. Unsolicited bounty demands and unverified reports submitted via the signup flow will not receive payment.
Request Security Overview
Need to share NodeLoom's security posture with your team? Request our security overview document covering architecture, encryption, access controls, compliance frameworks, and incident response procedures.
PDF · 8 pages · No signup required
Ready to deploy with confidence?
Control your AI agents with enterprise-grade security, full audit trails, and compliance automation. Start your free trial today.