SoterAI is an OWASP LLM Top 10 aligned AI security command layer focused on risk reduction for chatbots, RAG apps, and AI agents. This page documents what we test, how we handle data, the controls we run, how you can deploy us, and how to report a vulnerability.
We do not claim complete protection or certification. Customers remain responsible for secure design, access control, monitoring, incident response, and human oversight.
soterai · security posture
OPERATIONALSelf-authored regression and adversarial coverage. Independent third-party auditing is recommended and welcomed.
Adversarial battery
Comprehensive attack scenarios across 40+ services
Garak-style benchmark
F1 = 1.0000, 0 / 25 false positives
Unit + integration suites
Guard, agent-firewall, auth, billing, retention
E2E guard scenarios
Real attack flows against a live build
Full benchmark data: /benchmarks · live system status: /status
See also our privacy policy, subprocessors, and data retention.
Layered rules for prompt injection, jailbreaks, encoding/obfuscation, multilingual bypass, PII, secrets, and unsafe output.
HSTS in production, strict Content-Security-Policy, X-Frame-Options DENY, nosniff, and a locked-down Permissions-Policy.
Session-based auth with CSRF protection; per-project API keys are stored only as hashes, never in plaintext.
HMAC-signed JSONL/CSV exports so downstream SIEM and compliance pipelines can verify integrity.
Tool-call authorization, agent passports, approvals, and escrow for autonomous workflows before risky actions execute.
Secrets live in environment configuration (gitignored); the repo is scanned to keep keys and tokens out of source control.
Control details and posture: /security · /compliance
Hosted guard APIs, dashboard, and audit storage. Fastest path to production.
Run the full stack in your own VPC for data residency and isolation requirements.
Inline SDK detection at the edge with centralized policy, reporting, and audit.
Report suspected vulnerabilities to the security contact listed in your enterprise agreement or deployment runbook. Include affected URLs, impact, reproduction steps, and whether any data was accessed. Only test systems you own or are authorized to assess — do not access, modify, delete, or exfiltrate data that is not yours.
Read the full disclosure policyTry the live playground, review the benchmark, or talk to us about self-hosting.