Security
Last updated: May 11, 2026
This page describes the technical and organisational safeguards Agent Etna operates to protect the Service and the data customers entrust to it. The legal handling of personal data is set out in the Privacy Policy; the rules governing what users may do on the Service are set out in the Usage Policy.
Architecture
Sandboxed changes, human approval
Agent Etna never writes directly to a production branch. Every proposed change is committed to a temporary branch in the customer's repository and surfaced as a pull request through the customer's existing review process — branch protection, CODEOWNERS, required reviewers, and CI all run on it the same way they run on every other PR. Merges are performed by the customer, not by Agent Etna.
Cryptographic provenance
Each customer instance is bound to an Ed25519 keypair generated at first connection. Every approved fix is signed with that key, and the signature is verifiable through a public endpoint. The trust root is Sigstore-aligned, so verification does not depend on Agent Etna continuing to operate.
Encryption
- All traffic to and from the Service is encrypted in transit using TLS 1.2 or higher. HTTP is redirected to HTTPS at the edge.
- Customer secrets, including BYOK API keys, are encrypted at rest using AES-256-GCM with keys managed by the underlying cloud provider's key-management service.
- Production databases enforce encryption at rest by default at the storage layer.
Access control
- Authentication is handled exclusively through identity-provider OAuth (GitHub, Google, GitLab) or email magic links. Agent Etna does not store user passwords.
- Sessions are bound to HTTP-only, Secure, SameSite cookies signed with a rotated server secret.
- Internal access to production data follows the principle of least privilege. Production access is granted role-by-role, reviewed quarterly, and revoked on offboarding within twenty-four (24) hours.
- Multi-factor authentication is mandatory for all employees with production access and for the source-control and cloud accounts that operate the Service.
Application security
- Standard security response headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Strict-Transport-Security) are set on every response.
- Per-IP and per-user rate limiting protects authentication, model-consuming, and signup endpoints from abuse.
- All user input crossing a trust boundary is validated; secrets, file paths, and tokens are stripped from error responses before they reach the client.
- Cross-origin requests are restricted to first-party origins.
Software supply chain
- Production dependencies are pinned and reviewed before introduction. Dependency vulnerabilities are scanned daily and triaged against a defined severity SLA.
- All commits to the production branch must pass code review and an automated test suite. Direct pushes to the production branch are blocked.
- Build and deployment workflows run on ephemeral runners. Production secrets are never exposed to non-production environments.
Model and prompt safety
- Customer code and prompts are sent to model providers only as needed to fulfil the request. We do not enter into training partnerships that use customer data, and customer data is not used to train any model we ship.
- Only the context relevant to the current operation is sent to a model; full repositories are not transmitted in a single request.
- The Service ships with an adversarial test suite (informed by the OWASP LLM Top 10) that customers can run against their own agents.
Monitoring and incident response
- Production logs and audit events are collected, retained, and reviewed. Anomalous-access alerts route to an on-call engineer.
- The incident-response process is documented internally. Customer-impacting incidents are communicated through email or a public status notice within seventy-two (72) hours of confirmation, with a written post-mortem to follow.
Compliance
Agent Etna is preparing for SOC 2 Type II attestation; an in-progress letter is available to enterprise customers under NDA. We support customer Data Processing Addenda for engagements that fall under the GDPR, the UK GDPR, or analogous regimes.
Customer responsibilities
Security is a shared responsibility. Customers should: (a) restrict the OAuth scopes and repositories they grant to the minimum necessary; (b) protect their account credentials and rotate them on personnel change; (c) review every PR opened by Agent Etna before merging; (d) keep their own model-provider API keys, when used as BYOK, in good standing; and (e) report suspected compromise without delay.
Vulnerability disclosure
If you believe you have found a security vulnerability in the Service, report it to contact@agentetna.com. Please include enough detail to reproduce. We will acknowledge receipt within two (2) business days and provide an initial assessment within ten (10) business days. We commit to good-faith handling and will not pursue researchers who follow this process. Findings of material impact are eligible for a discretionary reward; the rates are kept current at our responsible-disclosure page.
Scope: the Service at agentetna.com and our public APIs. Out of scope: denial-of-service tests, social engineering of employees, physical attacks, and findings already known to Agent Etna.
Contact
Security reports: contact@agentetna.com. Compliance and customer security: contact@agentetna.com.
Agent Etna, Inc.
2261 Market Street, STE 36246
San Francisco, CA 94114
United States