AI-Harness logo
Security & Governance

Built for risk, compliance, and execution teams.

From approvals to audit trails, AI-Harness embeds governance into daily operations. Every action is traceable, every policy enforceable, and every outcome measurable, so scaling AI never becomes a compliance liability.

Request trust & security briefContact security team
Security & governance
Six pillars of control

Defense in depth, across every layer.

A layered security model, designed with CISOs, legal, and operations leaders in mind.

Identity & Access

SAML / OIDC SSO, SCIM provisioning, role-based access, and fine-grained permission scopes across every resource.

Complete Audit Trail

Immutable log of every prompt, tool call, data access, and decision, searchable and exportable for audit and review.

Approval Workflows

Human-in-the-loop gates for high-impact actions. Configurable thresholds by role, value, risk score, or outcome category.

Policy Enforcement

Apply domain-specific policy packs to agents, from content and PII handling to financial thresholds and regulatory rules.

Observability

Live telemetry on agent behavior, cost, and quality. Export to your SIEM, data warehouse, or observability stack.

Flexible Deployment

Cloud, private cloud, VPC, or on-prem. Bring your own models, your own keys, your own data residency.

Compliance

Aligned with the standards your legal team already trusts.

SOC 2 Type II

Annual audit, available under NDA

ISO 27001

Certification on roadmap 2026

GDPR & CCPA

Data subject rights & DPA included

HIPAA

BAA available on Enterprise

PCI-aware

Controls for regulated payments workflows

EU AI Act-ready

Policy packs & risk classification support

Data handling

Your data, on your terms.

Your organization decides where data lives, which models see it, and how it's handled. AI-Harness never uses customer data to train models, and never co-mingles tenants.

  • We do not train on your data, ever.
  • No tenant co-mingling. Strict isolation at every layer.
  • Customer-managed encryption keys on Enterprise.
  • Private networking and customer VPC deployments available.
Encryption in transit
TLS 1.3 across every network boundary
Encryption at rest
AES-256 with customer-managed keys (Enterprise)
Data residency
US, EU, UK, APAC, customer-selectable
Tenancy isolation
Strict tenant isolation, per-customer encryption contexts
Secrets management
First-class secret vault, rotation, scoped access
Model provider choice
Use your approved models, OpenAI, Anthropic, Bedrock, Azure, self-hosted
Agent Governance

Human-led execution with guardrails teams can trust.

AI-Harness keeps people in control with budget, policy, and approval controls enforced at the platform layer. Agents support your teams and operate within the rules you set.

  • Budget ceilings per agent, team, or workspace
  • Automatic throttling when an agent approaches its limit
  • Policy packs for industry-specific guardrails
  • Approval thresholds by value, risk, or category
  • Full session replay of any agent's decisions
  • Reversible actions, roll back any agent change
Trust center

All the documentation your team needs.

Available to prospects under NDA. Customers get continuous access in-product.

SOC 2 Type II Report

Available under NDA

Security Whitepaper

Technical and control overview

DPA & Subprocessor List

Up-to-date GDPR-aligned DPA

Questionnaires

CAIQ, SIG, custom responses

Request trust documents

AI at enterprise scale, without the enterprise risk.

Every action auditable. Every policy enforceable. Every deployment in your control.

Start freeTalk to an expert

Your own instance in minutes · $10 free credits · No credit card · SOC 2-ready controls