Security Overview
Last Updated: December 12, 2025
Guardiar is designed as a security-first API proxy for AI agents. This document summarizes our core security practices.
Data Protection
- •All data encrypted in transit (TLS 1.2/1.3)
- •All data encrypted at rest (AES-256)
- •AWS IAM, VPC isolation, and KMS key management
- •Strict access controls for internal/admin access
Credential Management
- •API keys stored hashed (SHA-256)
- •Keys are segregated per user
- •No plaintext credentials stored
Infrastructure
- •Built entirely on AWS
- •Serverless components minimize attack surface
- •Automated dependency scanning
- •WAF and rate limiting enforced at edge layer
Operational Security
- •Audit logging on all privileged operations
- •CloudWatch monitoring & anomaly detection
- •Automated alerting for suspicious request patterns
Shared Responsibility Model
Guardiar secures agent → API interactions. You maintain responsibility for:
- Safe agent logic
- Secure storage of your own LLM/API keys
- Appropriate configuration of Guardiar rules
Security Commitments
- Encryption at rest and in transit
- API key hashing
- Zero-trust request validation
- Logging of all privileged operations
Backup & Recovery
- Continuous backups for metadata
- Recovery point objective (RPO): < 1 hour
- Recovery time objective (RTO): < 4 hours
Compliance
Guardiar is designed to help you meet compliance requirements:
- GDPR: Data processing agreements, right to deletion, data export
- CCPA: California consumer data rights supported
- SOC 2 Type II: AWS infrastructure compliance
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly to security@guardiar.io
Contact
Security team: security@guardiar.io