Security at Hexel Studio

Last Updated: 20-07-2025

Table of Contents

Our Commitment to Security

At Hexel Studio, we understand that trust is the foundation of our platform. We are deeply committed to protecting the data and assets of our customers. Security is not an afterthought; it is a core principle embedded in every layer of our engineering, operations, and company culture. This page outlines the comprehensive measures we take to secure our AI agent marketplace and protect your information.

Core Security Principles

  • Security by Design: We build security into every phase of our product development lifecycle, from initial design and architecture to deployment and maintenance.
  • Zero Trust Architecture: We operate on a principle of “never trust, always verify.” Every request to access our systems, regardless of its origin, is treated as potentially hostile and must be authenticated and authorized.
  • Principle of Least Privilege: Users, employees, and systems are granted only the minimum level of access necessary to perform their specific tasks.

Platform and Infrastructure Security

  • Secure Cloud Environment: Our platform is built on Amazon Web Services (AWS), a leading cloud provider that meets a broad set of international and industry-specific compliance standards.
  • Network Isolation: Our production environment operates within a Virtual Private Cloud (VPC), using strict firewall rules and network access control lists to prevent unauthorized access.
  • DDoS Mitigation: We utilize advanced DDoS mitigation services to protect our platform from traffic-based attacks and ensure high availability.

Data Security and Privacy

Protecting the confidentiality and integrity of your data is our highest priority.

  • Encryption In-Transit: All data transmitted between you and our Services is encrypted using industry-standard Transport Layer Security (TLS) 1.2 or higher.
  • Encryption At-Rest: All customer data stored on our platform, including database records and files, is encrypted at rest using AES-256 encryption.
  • Secret Manager Security: Our Secret Manager is a core component designed for maximum security. All credentials, such as OAuth tokens and API keys, are encrypted at rest in a hardened vault. They are never stored in plaintext and are only decrypted in memory at runtime when required for an agent task.
  • Data Isolation: We enforce strict logical separation to ensure that your data is isolated and cannot be accessed by other customers.

Application and Model Security

  • Secure Software Development Lifecycle (SSDLC): Our development process includes peer code reviews, automated security testing (SAST/DAST), and dependency scanning to identify and remediate vulnerabilities before they reach production.
  • Protection Against AI-Specific Threats: We implement safeguards against common AI attacks. This includes rigorous input sanitization to prevent prompt injection and continuous monitoring of data pipelines to detect signs of data poisoning or model manipulation.
  • Vulnerability Management: We regularly scan our applications and infrastructure for vulnerabilities and have a formal process to address critical issues promptly.

Identity and Access Management

  • Role-Based Access Control (RBAC): Access to data and systems is strictly controlled based on an individual's role and responsibilities, ensuring users only have access to what they need.
  • Multi-Factor Authentication (MFA): We enforce MFA for all internal access to critical systems, including our cloud infrastructure and source code repositories, adding a critical layer of security to prevent unauthorized access.

Compliance and Governance

  • Industry Certifications: We are actively working towards achieving certifications such as ISO 27001 and SOC 2 Type II to provide independent validation of our security controls.
  • Data Protection Regulations: Our policies and practices are designed to comply with global data protection laws, including GDPR and CCPA.

Monitoring and Incident Response

  • Continuous Monitoring: We use advanced monitoring and anomaly detection systems to continuously watch for suspicious activity or performance degradation across our platform.
  • Incident Response Plan: We have a dedicated incident response plan in place to ensure we can respond swiftly and effectively to any security incident. This plan outlines clear steps for containment, investigation, mitigation, and communication.

Responsible Disclosure

We value the contributions of the security research community. If you believe you have found a security vulnerability in our platform, we encourage you to notify us promptly. Please report any potential issues to security@hexelstudio.com. We are committed to working with the community to verify and address legitimate reports.