Our Approach to Security
AegisWire is built by engineers who believe security is an engineering discipline, not a marketing exercise. We design for adversarial conditions, build with cryptographic rigour, and tell you honestly what we have and what we do not. This page documents our real security posture — not aspirations disguised as capabilities.
Security Architecture
The cryptographic and architectural foundations of AegisWire are purpose-built, not inherited from commodity VPN toolkits.
Hybrid Post-Quantum Key Exchange
ML-KEM + X25519 hybrid key exchange protects every session against harvest-now-decrypt-later attacks. Both classical and post-quantum components must succeed for key agreement.
AEAD Transport Encryption
All data in transit is protected by authenticated encryption with associated data. Nonce management, anti-replay windows, and anti-amplification are built into the wire protocol.
Per-Stream PCS Ratchet
Post-compromise security with automatic key ratcheting per stream. Compromise of one session key does not expose past or future traffic. Forward secrecy is structural, not optional.
Signed Policy Enforcement
Policies are cryptographically signed at the control plane and verified at every gateway. Unsigned or tampered policies are rejected. No policy drift, no unauthorized overrides.
CBOR Wire Format
Canonical CBOR encoding for deterministic serialisation. Wire format is compact, unambiguous, and supports canonical byte-level verification for cryptographic operations.
Tenant Isolation
Each customer tenant operates with dedicated control plane resources, isolated database, and separate secrets. Cross-tenant data leakage is structurally prevented, not policy-gated.
Security Practices
What we do in practice, every day, as part of the engineering process.
Secure Development Lifecycle
Code review on every change. Static analysis with gosec and staticcheck in CI. Type-safe languages (Go, Rust) with strict compiler settings. No unsafe defaults in production paths.
Dependency Management
Automated dependency scanning. SBOM generation for every release. Pinned dependency versions. Known-vulnerability monitoring with automated alerts.
Fail-Closed Design
Authentication, authorisation, and policy enforcement fail closed. If a security check cannot complete, the request is denied. No silent fallback to permissive mode.
Least Privilege
Services run with minimum required permissions. IAM roles are scoped to specific operations. No shared credentials between components. Secrets are managed through dedicated secret stores.
Structured Logging & Audit
All security-relevant operations produce structured audit logs. Sensitive data is never logged. Logs include correlation identifiers for incident tracing. Audit trails are append-only.
Reproducible Builds
Build process produces identical outputs from identical inputs. Every release artifact is cryptographically signed. Signature verification is part of the client update path.
Assurance Status
We do not claim certifications we have not earned. This is an honest account of where we stand.
Honest Assessment
AegisWire is an early-stage security product built with genuine cryptographic engineering and enterprise-grade architecture. Our security programme is founder-led with internal adversarial testing. We are transparent about what we have achieved and what remains on our roadmap.
SOC 2 Type II
Readiness programme in progress. Engineering controls are designed with SOC 2 trust service criteria in mind. Formal audit engagement planned.
ISO 27001
ISMS documentation and controls are being formalised. Information security management practices are documented and followed. Certification engagement planned.
External Penetration Test
Third-party penetration test engagement is being scoped. Internal adversarial testing is performed continuously by the founding team.
GDPR Data Subject Rights
Data export and deletion endpoints operational. DPA acceptance required at signup. Sub-processor list published. ITLOX LTD is registered in England & Wales.
Vulnerability Disclosure Policy
Published disclosure policy with safe harbour. Dedicated security contact. 48-hour acknowledgement commitment.
Signed Releases & SBOM
Every container image is cryptographically signed using cosign keyless signing (Sigstore) with GitHub Actions OIDC identity. SPDX SBOM is generated with Syft and attached as an in-toto attestation. Signatures are recorded in the Sigstore transparency log for independent verification.
Data Handling
How we protect, store, and manage your data throughout its lifecycle.
Encryption at Rest
All stored data is encrypted at rest using AES-256. Database volumes, backups, and object storage use server-side encryption with managed keys. Encryption is not optional.
Encryption in Transit
All API traffic uses TLS 1.3. Tunnel traffic uses the AegisWire AEAD transport with hybrid post-quantum key exchange. No unencrypted communication paths exist in the platform.
Tenant Data Isolation
Each tenant has a dedicated database. Cross-tenant queries are structurally impossible. Control plane resources are provisioned per-tenant with separate secrets and credentials.
What We Store
Subscription and billing data, metering events, audit logs, device enrollment records, and policy configurations. We do not store, inspect, or log tunnel traffic content.
Data Retention & Deletion
Audit logs are retained per your tier’s retention policy. Account deletion removes all associated data. GDPR data export endpoint is operational for data portability requests.
No Traffic Inspection
AegisWire never inspects, logs, or stores the content of tunnel traffic. We see metadata required for routing and metering only. Packet-level privacy is the default operating mode.
Deployment Options
Choose the trust boundary that matches your requirements. All deployment models run the same security architecture.
Managed Cloud
Fully managed by AegisWire. Dedicated per-tenant control plane provisioned automatically. We handle infrastructure, updates, and operational monitoring.
- Dedicated tenant database
- Automated provisioning
- Managed updates and patches
Self-Hosted
Deploy on your own infrastructure. Full control over data residency, network boundaries, and operational procedures. Same software, your trust boundary.
- Your infrastructure, your rules
- Data residency control
- Sovereign deployment support
Hardware Appliance
Pre-configured hardware with local PostgreSQL, full user management, and hardware-bound licensing. Connects to the platform via phone-home heartbeat.
- Air-gap capable operations
- Hardware-bound licensing
- Local data processing
Customer Security Reviews
We welcome customer security reviews as part of procurement due diligence. If you are evaluating AegisWire for a regulated environment, we will work with your security team to provide the information you need.
What we can provide
- Architecture documentation and security design overview
- Completed security questionnaires (CAIQ, SIG, or your own format)
- Data processing addendum and privacy documentation
- Technical discussion with the engineering team
To initiate a security review, contact us directly.
security@aegiswire.com