# Security at RunAgent

// Commitment: Maximum
At RunAgent, security is our top priority. We implement industry-leading practices to protect your AI agents and data.

# Infrastructure Security

• ✓ Secure, isolated containers for each deployed agent
• ✓ Network segmentation and firewall protection
• ✓ Regular security patches and updates
• ✓ DDoS protection and rate limiting
• ✓ 24/7 infrastructure monitoring and alerting
• ✓ Automated backup and disaster recovery systems

# Data Encryption

• ✓ **In Transit:** TLS 1.3 encryption for all data transmission
• ✓ **At Rest:** AES-256 encryption for stored data
• ✓ **API Keys:** Securely hashed and never stored in plaintext
• ✓ **Secrets Management:** Encrypted environment variables and secure key storage
• ✓ **Database Encryption:** Full database encryption with regular key rotation

# Access Control

• ✓ Multi-factor authentication (MFA) support
• ✓ Role-based access control (RBAC) for team management
• ✓ API key authentication with fine-grained permissions
• ✓ Session management with automatic timeout
• ✓ IP allowlisting and restriction capabilities
• ✓ OAuth 2.0 integration for enterprise authentication

# Compliance & Auditing

• ✓ Regular third-party security audits and penetration testing
• ✓ SOC 2 Type II compliance (in progress)
• ✓ GDPR and CCPA compliant data handling
• ✓ Comprehensive audit logs for all system activities
• ✓ Regular vulnerability scanning and remediation
• ✓ Annual security certifications and assessments

# Agent Isolation

• ✓ Each agent runs in its own isolated container
• ✓ Resource limits to prevent resource exhaustion
• ✓ Network isolation between agents
• ✓ Secure by default configurations
• ✓ Automated vulnerability scanning of agent dependencies
• ✓ Sandboxed execution environments

# Incident Response

We have a comprehensive incident response plan that includes:

• ✓ 24/7 security monitoring and alerting
• ✓ Rapid response team for security incidents
• ✓ Clear communication protocols for affected users
• ✓ Post-incident analysis and remediation
• ✓ Regular incident response drills and training

# Best Practices for Users

We recommend the following security practices when using RunAgent:

• ✓ Enable multi-factor authentication on your account
• ✓ Use strong, unique passwords
• ✓ Regularly rotate API keys and credentials
• ✓ Review and limit team member permissions
• ✓ Keep your agent dependencies up to date
• ✓ Monitor your agent logs for suspicious activity
• ✓ Use environment variables for sensitive configuration
• ✓ Follow the principle of least privilege

# Reporting Security Issues

If you discover a security vulnerability in our platform, please report it responsibly to security@run-agent.ai. We aim to respond to all security reports within 24 hours.