Trust

Security

Last updated: March 5, 2026

Security-First Architecture

CortexKai is designed with security as a foundational requirement, not an afterthought. Our platform processes sensitive healthcare data, and we hold ourselves to the highest standards of data protection and operational security.

Infrastructure Security

  • Hosted on SOC 2 Type II certified cloud infrastructure
  • Network isolation with private subnets and security groups
  • Web Application Firewall (WAF) and DDoS protection
  • Regular infrastructure vulnerability scanning
  • Automated patching and security updates

Data Protection

  • AES-256 encryption at rest for all stored data
  • TLS 1.2+ encryption in transit for all communications
  • Customer data isolation — no cross-tenant data access
  • Encryption key management with hardware security modules (HSMs)
  • Secure data deletion upon contract termination

Application Security

  • Secure software development lifecycle (SSDLC)
  • Regular penetration testing by third-party security firms
  • Static and dynamic application security testing (SAST/DAST)
  • Dependency vulnerability monitoring and automated updates
  • Code review requirements for all changes

Access Controls

  • Role-based access control (RBAC) with least-privilege principles
  • Multi-factor authentication (MFA) required for all users
  • Single Sign-On (SSO) support for enterprise customers
  • Comprehensive audit trails for all data access and system changes
  • Automated access reviews and deprovisioning

AI Model Security

  • AI agents operate within strict data boundaries per customer
  • No customer data is used for model training
  • Input validation and output filtering on all AI interactions
  • Model behavior monitoring and anomaly detection

Incident Response

We maintain a documented incident response plan with defined roles, escalation procedures, and communication protocols. Our team conducts regular tabletop exercises and post-incident reviews to continuously improve our response capabilities.

Certifications and Compliance

  • HIPAA and HITECH compliant
  • SOC 2 Type II certified
  • Regular third-party security audits

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We appreciate responsible disclosure and will work with you to address any issues promptly.