AI Security Mesh
Security & trust

Argus is built to be trusted with your stack

We are a security product. The bar we set on our own posture is the bar we hold our customers to. Here is how Argus handles data, what we request access to, where it runs, and how to report an issue.

Access

Minimal scopes, opt-in writes

Every connector requests read scopes by default — discovery and findings only. Write scopes are requested only when you turn on a specific feature that needs them (PR-based fixes on GitHub, edge-rule pushes on Cloudflare, remote remediation on WordPress). Disruptive actions surface a plain-language approval card; nothing high-blast-radius happens silently.

Data

Where your data lives

Argus runs on Google Cloud Platform, primarily in us-central1. Customer data is stored in Firestore and Cloud Storage with platform-managed encryption at rest (AES-256). All traffic is encrypted in transit over TLS 1.2 or higher. Secrets we store on your behalf live in Google Secret Manager, access-controlled per service account.

Isolation

Tenant boundaries we hold

Customer data is partitioned by organisation ID at the application layer. Storage paths and Firestore collections are scoped per organisation. Session tokens are signed and validated on every request. No customer reads across the tenant boundary — including agency accounts, which see only their own clients.

AI

How we use AI on your data

Findings, configuration metadata and the narrative of security events are passed to language models for triage, enrichment and response drafting. We use Anthropic, DeepSeek and Groq through enterprise APIs that do not train on customer data. The cost router picks the cheapest sufficient model per task, so most routine triage runs on the smaller models and frontier models handle the harder calls.

The protective-actions ledger logs every decision the AI contributed to — including which model produced which judgement — so you can audit what happened, by whom (or by what), with full reasoning.

Posture

Frameworks and certifications

SOC 2 Type I readiness is in progress. ISO 27001 alignment is in design. We will publish reports as they close. In the meantime, the protective-actions ledger and the controls mapping produced by the platform are designed to be evidence-ready under the control families those frameworks share.

Reporting

Responsible disclosure

Email security@argusmesh.app. We aim to acknowledge within one business day and triage within three. PGP keys are available on first contact for sensitive material. A coordinated bounty programme is in design and will be announced here when it launches.

Security FAQ

Questions, answered

Where does Argus run?
Argus runs on Google Cloud Platform (GCP), primarily in us-central1 with secondary regions for resilience. Customer data is stored in Firestore and Cloud Storage with platform-managed encryption at rest.
What scopes does each connector request?
Each connector requests the minimal read scopes needed to produce its findings. Write access is only requested when the customer explicitly opts in to Auto-Protect or to PR-based fixes on a connected GitHub repository.
Is data encrypted?
Yes. Data is encrypted at rest by GCP (AES-256) and in transit over TLS 1.2 or higher. Secrets stored on behalf of customers are held in Google Secret Manager and access-controlled per service account.
How are tenants isolated?
Customer data is partitioned by organisation ID at the application layer, and access is gated by signed session tokens. Storage paths and Firestore collections are scoped per organisation. No customer can read across the tenant boundary.
Is Argus SOC 2 certified?
SOC 2 Type I readiness is in progress. We will publish the report when the audit closes. In the meantime, the protective-actions ledger and controls mapping produced by the platform are designed to be evidence-ready under common SOC 2 control families.
How do I report a security issue?
Email security@argusmesh.app. We aim to acknowledge within one business day and triage within three. Sensitive reports can be PGP-encrypted — request the key on first contact.
Do you have a public bug bounty?
A coordinated disclosure programme is in design. Until it launches, responsible disclosures via security@argusmesh.app are welcomed and acknowledged.
Who are your sub-processors?
Google Cloud Platform (hosting, storage, identity, AI), Anthropic (Claude models for triage on cost-routed escalations), DeepSeek (mid-tier model routing), Groq (low-tier triage), and Stripe via WooPayments for billing card data. We update the list when it changes.

Bring your stack into the mesh.

Trust is built by the controls you can see — read them, then connect a platform.

Open Argus →Talk to us