Imprint
1. Company details
| Registered name | AIEGIS LIMITED |
|---|---|
| Legal form | Private company limited by shares |
| Jurisdiction | Ireland |
| Companies Registration Office (CRO) number | 817392 |
| Registered office address | Killeenboy, Belmont Road, Cloghan, Co. Offaly, R32 H211 |
| VAT number | Not VAT-registered (below Irish Revenue €37,500 services threshold) |
| Director(s) | Chanel Robyn Gerber |
| Website | https://aiegis.ie |
2. Contact
| [email protected] |
All enquiries — general, legal, privacy/data protection, security, and press — route to [email protected].
3. Regulator and dispute resolution
Data protection supervisory authority: Irish Data Protection Commission (DPC). Data subjects who believe their personal data has been processed in breach of the GDPR may lodge a complaint with the DPC at dataprotection.ie or with the supervisory authority in their EU Member State of habitual residence.
Consumer disputes within the EU may also be referred to the EU Online Dispute Resolution platform at ec.europa.eu/consumers/odr.
4. Intellectual property
"aiegis", the aiegis logo, and the product names "Eye", "Identity", "Governance", "Grid", "Agent Passport", and "Harness" are trademarks of AIEGIS LIMITED. Reproduction in a manner that suggests endorsement requires written permission. Open-source components are licensed under their respective licences and are not affected by this notice.
5. Hosting
aiegis.ie is hosted in the European Union. Hosting provider details are available on request from [email protected].
See also: Terms of Service · Privacy Policy · Cookie Policy · Data Processing Agreement
Privacy Policy
check_outbound_endpoints.sh blocks any deviation).
1. Who we are
aiegis is operated by AIEGIS LIMITED (Ireland). Privacy contact: [email protected]. Postal address available on request via that mailbox.
2. What AIEGIS captures
The browser extension and native messaging host capture:
| Field | Source | Stored where | Sent off-device? |
|---|---|---|---|
prompt_redacted | AI-vendor chat box (DOM intercept) or vendor API call (webRequest) | Local SQLite on the capturing machine | No. |
response_redacted | Same as above (response side) | Local SQLite | No. |
ts | Browser clock at capture moment | Local SQLite | No. |
vendor, model_version | Inferred from URL / request payload | Local SQLite | No. |
license_key | From ~/.AIEGIS/license on the capturing machine | Local SQLite (per row) | Sent to aiegis.ie/api/license/check weekly to verify license is still valid. Prompts are not sent. |
tab_title, url | Browser tab metadata | Local SQLite | No. |
Redaction happens in-browser, before the daemon ever sees the prompt. The aiegis browser extension's content script applies PII redaction (email addresses, phone numbers, credit-card patterns, IBANs, etc.) inside the browser tab. The redacted text is then sent via Chrome Native Messaging to the local daemon, which stores it in the local SQLite. The daemon never sees, processes, or transmits unredacted prompt content. The daemon also does not invoke any AI model — local or remote — for post-processing. There is no llama, no OpenAI/Anthropic/Google call from the daemon. Capture → redact-in-browser → store-locally is the entire flow.
3. What AIEGIS does NOT capture
- Anything outside the browsers / pages the customer's IT explicitly enables (default scope:
chat.openai.com,chatgpt.com,claude.ai,gemini.google.com,copilot.microsoft.com). - Personal browsing (Gmail, banking, social media) — content scripts only inject on the AI-vendor domains above.
- Keystrokes outside the AI chat boxes.
- Files, downloads, screenshots.
- Webcam, microphone, location.
- Anything once the extension is disabled in the browser settings.
4. Data flow and policy enforcement (intercept-and-conditionally-block model)
aiegis is not a passive logger. The browser extension intercepts AI service calls before they leave the browser, allowing the customer's policy engine to permit or refuse each prompt. The interception is read-only on prompt content — aiegis never modifies what the user typed before forwarding. The flow for a single prompt:
- Observe. The extension's content script monkey-patches
window.fetch+XMLHttpRequest. When the user submits a prompt to ChatGPT / Claude / Gemini / Copilot, the extension reads the prompt body client-side, in-browser. No data has left the machine yet. - Redact. PII patterns (emails, phone numbers, IBANs, etc.) are masked in-browser before any further step.
- Check policy. The redacted prompt is sent to the customer's
local policy engine (the aiegis daemon's
/api/protectendpoint onlocalhost). The customer configures the policy. - Enforce. If the policy returns BLOCK, the wrapped
fetchcall is refused — the prompt never reaches the AI vendor. If ALLOW, the original (unmodified) request is forwarded to the original vendor URL the user requested (chatgpt.com / api.anthropic.com / etc.). - Log. The redacted copy is sent via Chrome Native Messaging to the local daemon and stored in local SQLite for compliance evidence.
What this means in practice:
- aiegis does NOT redirect AI-service traffic to a proxy. ALLOW'd prompts go directly to the vendor URL the user requested.
- aiegis does NOT modify prompt content before forwarding. The vendor sees exactly what the user typed.
- aiegis DOES have the technical capability to refuse forwarding. This is the BLOCK feature — disabled by default, enabled per customer policy.
- aiegis's own infrastructure receives nothing about the prompt. The
policy check is local (
localhost) and the audit log is local (SQLite).
4.1 Scope of the BLOCK feature (current limitations)
The intercept-and-conditionally-block model applies to chat-input
prompt text — the content the user types into the chat box, or the
JSON body of a direct API call to api.openai.com /
api.anthropic.com / generativelanguage.googleapis.com.
It does not currently apply to:
- File attachments (PDFs, images, .docx, .txt, .csv, code
files, etc.) uploaded via the vendor's attachment UI. These travel in
multipart/form-datarequest bodies which the current content script does not inspect for redaction or policy check. File-content scanning ships in v0.5 — until then, customers should configure their policy to BLOCK on prompt phrases like "summarise the attached" if file leakage is a concern. - Voice / image / video input that the vendor handles outside the standard text-prompt flow.
- Prompts submitted via vendor-native desktop apps (ChatGPT desktop, Claude desktop, Copilot in Word/Excel) that bypass the browser entirely. Native agent coverage ships in v0.5 (Mac) / v0.6 (Windows).
Customers deploying aiegis with the BLOCK feature enabled should review their employees' workflow with these gaps in mind. The compliance UI surfaces these limitations in the in-app deployment checklist.
4.2 Behaviour when the policy engine is unreachable
If the local policy engine cannot be reached for any reason (engine crashed, configuration error, port collision), aiegis defaults to fail-CLOSED for sovereign and enterprise tiers (the BLOCK verdict is returned to the wrapped fetch and the user sees a banner: "aiegis could not verify this prompt. Submission paused. Retry or contact admin.") For SMB tier deployments, the default is fail-OPEN with the event logged and a customer-visible warning. The fail-mode is bound to the license tier claim and is configurable via the deployment policy.
4.3 Threat model: co-installed extensions with debugger access
aiegis protects against the network-layer threats above (data exfiltration,
prompt forwarding, policy bypass). It does not protect against
a malicious co-installed browser extension that has been granted
debugger permission by the user, since such extensions can read
the message traffic of every extension running in the same browser profile.
Customer IT should pin allowed extensions via GPO / Intune / MDM and prevent
users from installing arbitrary "productivity" or "tab-management" extensions
that request debugger permissions. A recommended Edge / Chrome
ExtensionInstallAllowlist + ExtensionInstallForcelist
policy template is on our v0.3.7 roadmap; until then, customer IT can build
their own policy referencing the aiegis extension ID published in the
deployment section of /.well-known/privacy.json.
There are exactly three outbound network calls aiegis itself makes (separate from the user's own AI-service traffic):
| When | To | What's sent | What's NOT sent |
|---|---|---|---|
| License check (weekly + on-launch, v0.3.5+) | aiegis.ie/api/license/check | License key (Bearer header), nothing else | No prompts, no responses, no metadata about captures, no policy decisions |
| Initial license issuance (one-time, install) | aiegis.ie/api/fleet/license/issue | Machine hostname, OS name, customer email (provided by the admin) | No prompts (none captured yet at install) |
| Cross-machine team sync (admin-side, optional) | aiegis.ie/api/team-share | Files the admin explicitly uploads (specs, scripts, policy bundles) | No captured prompts; admin chooses what to upload |
Captured prompts are never sent to AIEGIS LIMITED or any third party.
They live in a local SQLite database on the capturing machine. The compliance
dashboard runs on the customer's own machine and queries the local database
over localhost. AIEGIS LIMITED's infrastructure never sees prompt
content — that's both a policy commitment and a structural property of the
system, verified by static analysis (see check_outbound_endpoints.sh).
5. Edge / Microsoft Add-ons specific disclosure
Per Microsoft Edge Add-ons policy 1.6 and 1.5.3:
5.1 Permissions and why
| Permission | Why we need it |
|---|---|
storage | Persist license key, dashboard endpoint, and the per-customer enforcement flag (aegis_enforce) across browser sessions. |
nativeMessaging | Send captured prompts to the local native host (which writes them to local SQLite). Customer-cloud-only deployment keeps captured data off AIEGIS LIMITED cloud — data_residency property documented at /privacy.json + enforced via static-analysis gate check_outbound_endpoints.sh. |
webRequest | Observe outbound API calls to AI vendors (api.openai.com, api.anthropic.com, generativelanguage.googleapis.com) for prompts that bypass the chat UI (e.g., direct API integrations). |
host_permissions | Inject content scripts on the 5 AI-vendor chat pages above. Each entry is necessary for a specific declared capture path. |
5.2 First-run consent (v0.3.6+)
The extension shows a first-run consent dialog before any capture occurs. Capture is opt-in (administrator policy), and the user can disable enforcement via the popup at any time, even when policy-installed.
5.3 Third-party data sharing
None. aiegis does not share captured data with OpenAI, Anthropic, Google, Microsoft, AIEGIS LIMITED, or any other third party. The data lives on the customer's machine, end of pipeline.
6. Legal basis (GDPR Article 6 / Article 13)
Lawful basis: Article 6(1)(f) — legitimate interest. The customer (the data controller) has a legitimate interest in evidencing AI usage for regulatory compliance (EU AI Act Article 26 record-keeping obligations, ISO 42001 controls).
Data subjects' rights: Employees of customer organisations may request access, rectification, or deletion of records pertaining to them through their employer's compliance officer. AIEGIS LIMITED does not have access to the customer's local database and cannot fulfill these requests directly — only the customer can.
7. Retention
AIEGIS LIMITED retains zero captured prompt data — it never reaches us.
Captured data persists in the customer's local SQLite database
indefinitely, until the customer deletes it. The daemon does not
auto-prune or rotate the database; that decision sits with the customer
and their IT / DPO. A 90-day local-rotation policy is on our v0.4
roadmap as a configurable opt-in. Until then, retention is 100% under
customer control: the database file at
~/Library/Application Support/aiegis/captured.db (Mac),
%LOCALAPPDATA%\aiegis\captured.db (Windows), or
~/.local/share/aiegis/captured.db (Linux) is the
authoritative store.
8. License revocation and account termination
When a license is revoked (admin action), the daemon stamps subsequent
events as license_revoked security events but does not
delete prior captures (Article 26 evidence retention). The customer
retains full local access to their database; AIEGIS LIMITED has no access
before, during, or after revocation.
9. Cookies and tracking on aiegis.ie
The aiegis.ie marketing site uses no third-party trackers, no advertising pixels, and no cross-site cookies. A single first-party session cookie is set on the admin dashboard for authentication only.
10. Machine-readable disclosure
A machine-readable summary of this policy is published at
/.well-known/privacy.json
for enterprise procurement / DPIA tooling. The JSON document mirrors
this page's data-flow tables and is updated when this policy is revised.
/.well-known/privacy.json exposes the data-flow tables on this
page in a structured form (data_flows array, interception_model object,
data_flows_explicitly_NOT_PRESENT). Suitable for bulk import into CSA STAR /
Vanta / OneTrust workflows. A formal JSON Schema definition is on our v0.5
roadmap.
11. Changes to this policy
Material changes are announced 30 days in advance via email to the registered admin contact for each customer. The version number and effective date at the top of this page are authoritative.
12. Contact
- Privacy: [email protected]
- Security: [email protected]
- General: [email protected]
Terms of Service
1. Parties and acceptance
These Terms form a binding agreement between you ("Customer") and AIEGIS LIMITED, a company registered in Ireland (the "Service"). By installing the aiegis daemon, browser extension, SDK, or accessing aiegis.ie services, you accept these Terms. If you do not accept, do not use the Service.
2. The Service
aiegis provides: (a) endpoint visibility software ("Eye"); (b) agent identity issuance ("Identity / Agent Passport"); (c) runtime governance enforcement ("Governance"); (d) an agent-to-agent marketplace ("Grid"); (e) supporting libraries, rule packs, and APIs. Specific feature availability depends on the plan you have selected.
3. Licence
Subject to your compliance with these Terms and payment of applicable fees, aiegis grants you a non-exclusive, non-transferable, revocable licence to use the Service for your internal business purposes. You may not: (i) resell or sublicense the Service; (ii) reverse-engineer non-open-source components; (iii) remove copyright notices; (iv) use the Service to evade your own legal obligations.
4. Customer data
You retain ownership of all data you supply to or process through the Service. aiegis processes Customer data only as described in our Privacy Policy and, where applicable, our Data Processing Agreement. The endpoint product captures prompt data on your device and does not transmit prompt content to AIEGIS LIMITED.
5. Service availability
The hosted components of the Service (aiegis.ie API, Grid registry, policy-pack distribution) target 99% monthly availability on a best-effort basis. Endpoint software functions offline once installed. aiegis may perform maintenance with reasonable notice; emergency security patches may be applied without notice.
6. Fees and payment
Plan pricing is published on aiegis.ie. Subscription fees are billed in advance and are non-refundable except where required by law. aiegis may change pricing with 30 days' written notice; existing paid terms continue at the price quoted at purchase.
7. Term and termination
These Terms commence on first use and continue until terminated. Either party may terminate for material breach with 30 days' written notice if the breach is not cured. On termination, your licence ends, you must stop using the Service, and you may request export of your data within 30 days.
8. Warranties and disclaimers
aiegis provides the Service "as is" without warranty of merchantability, fitness for a particular purpose, or non-infringement, except as required by Irish law. aiegis does not warrant that the Service will be uninterrupted or error-free. Compliance findings, AIVSS scores, and governance decisions are evidence and recommendations — they do not substitute for independent legal advice. AIEGIS LIMITED does not warrant, guarantee or represent that use of the Service will make the Customer compliant with the EU AI Act, the GDPR, or any other law or regulation. The Service is a monitoring and evidence tool; responsibility for the Customer's compliance rests solely with the Customer.
9. Limitation of liability
To the maximum extent permitted by law, aiegis's aggregate liability under these Terms is capped at the fees you paid in the 12 months before the event giving rise to the claim. aiegis is not liable for indirect, consequential, lost-profit, or lost-data damages. Nothing in these Terms limits liability for death, personal injury, fraud, or any liability that cannot lawfully be limited.
10. Indemnity
You will indemnify aiegis against third-party claims arising from (a) your unlawful use of the Service, (b) data you supplied that infringes a third-party right, or (c) your breach of these Terms.
11. Governing law and jurisdiction
These Terms are governed by the laws of Ireland. Disputes are subject to the exclusive jurisdiction of the Irish courts, except that aiegis may seek injunctive relief in any competent court to protect its intellectual property.
12. Changes
aiegis may amend these Terms with 30 days' notice (email or in-product). Continued use after the effective date constitutes acceptance. Material changes affecting your legal rights will be highlighted in the notice.
13. Contact
Legal: [email protected] · Privacy: [email protected] · Security: [email protected]
See also: Privacy Policy · Cookie Policy · Data Processing Agreement · Company info
Data Processing Agreement (DPA)
1. Parties and scope
This DPA is between AIEGIS LIMITED ("Processor") and the customer entity that accepts the Terms of Service ("Controller"). It applies where Processor processes personal data on behalf of Controller in connection with the Service. It does not apply to personal data Processor processes as a controller (e.g. billing contact details), which are covered by the Privacy Policy.
2. Subject matter and duration
Subject matter: provision of the aiegis hosted Service to Controller. Duration: the term of the Controller's subscription plus any retention period required by law. Nature and purpose: governance, identity issuance, registry of agents, retention of audit receipts. Categories of data subjects: Controller's employees, end-users, and AI agents acting on Controller's behalf.
3. Categories of personal data processed
- Account contact details (name, email, role) for Controller's administrators.
- Agent identifiers (DIDs, agent IDs, agent names) issued or registered by Controller.
- Audit-receipt metadata (timestamps, action types, layer attributions, decision outcomes).
- Where Controller routes API traffic through aiegis: only metadata transmitted in API headers; payload content is never required by the Service.
The endpoint capture product (Eye daemon + browser extension) processes prompt content on Controller's own machines and does not transmit prompt content to AIEGIS LIMITED. AIEGIS LIMITED is not the processor for endpoint-captured prompt data.
4. Processor obligations
Processor will: (a) process personal data only on documented instructions from Controller (this DPA + Controller's configuration of the Service constitute those instructions); (b) ensure persons authorised to process the data are bound by confidentiality; (c) take all measures required under Article 32 (technical and organisational security measures, set out below); (d) assist Controller with data subject requests and Articles 32-36 obligations; (e) on termination, delete or return personal data within 30 days (Controller's choice); (f) make available all information necessary to demonstrate compliance with Article 28.
5. Sub-processors
Controller authorises Processor to engage sub-processors. Current sub-processors are listed at aiegis.ie/subprocessors (page may be a sub-section of this DPA where Controller does not maintain an account). Processor will: notify Controller of any intended changes at least 14 days in advance; ensure each sub-processor is bound by data protection obligations no less protective than this DPA; remain liable for sub-processor performance.
6. Security measures (Article 32)
- Transport: TLS 1.2+ (TLS 1.3 preferred) for all hosted API traffic.
- At rest: AES-256 encryption for stored audit receipts and registry data.
- Access control: principle of least privilege; admin access requires multi-factor authentication.
- Cryptographic integrity: Ed25519 signed receipts; tamper-evident hash chain on the Grid ledger.
- Logging: append-only audit logs; logs retained per Article 12 of the EU AI Act where applicable.
- Personnel: confidentiality obligations on all staff with data access.
- Incident response: 72-hour notification to Controller for personal data breaches as defined in Article 4(12).
7. International transfers
Processor's primary infrastructure is hosted in the European Union (Ireland). Where personal data is transferred outside the EEA, Processor uses the EU Standard Contractual Clauses (Commission Decision 2021/914) as the transfer mechanism. Controller may request a copy of the executed SCCs by contacting [email protected].
8. Data subject rights
Processor will assist Controller in responding to access, rectification, erasure, restriction, portability, and objection requests. Where a data subject contacts Processor directly, Processor will forward the request to Controller and not respond substantively unless legally required.
9. Audit
Processor will make available a current audit report (SOC 2 or ISO 27001 once obtained) or, on reasonable notice, allow a Controller-conducted audit limited to relevant systems, no more than once per year, at Controller's cost, subject to confidentiality. For enterprise customers, an extended audit right may be negotiated separately.
10. Liability and indemnity
The liability cap and exclusions in the Terms of Service apply to this DPA, except where Article 82 GDPR imposes joint liability that cannot lawfully be limited.
11. Governing law
This DPA is governed by the laws of Ireland and is subject to the exclusive jurisdiction of the Irish courts, consistent with the underlying Terms of Service.
12. Contact
Privacy / DPA: [email protected] · Security incidents: [email protected]
See also: Terms of Service · Privacy Policy · Cookie Policy · Company info
Data Protection Impact Assessment (DPIA)
aiegis AI Agent Security Platform — GDPR Compliance Assessment
1. Data Processed
| Category | Data Elements | Sensitivity |
|---|---|---|
| Agent Registration | Agent name, type, owner email, API key hash, creation date | LOW |
| Action Logs | Timestamps, action type, target resource, outcome | LOW |
| Compliance Scans | Risk level, EU AI Act article mapping, scan timestamp | LOW |
| Behavioural Baselines | Aggregated metrics (request frequency, error rates) | LOW |
NOT processed: End-user PII, model training data, inference inputs/outputs (unless customer explicitly configures audit logging).
2. Data Storage
- Location: All data stored on customer infrastructure (self-hosted Docker deployment)
- No cloud dependencies: No data transmitted to aiegis servers or third parties
- Database: SQLite (MVP) / PostgreSQL (production) — customer choice
- Encryption: At rest via OS-level encryption; TLS 1.2+ in transit
- Data sovereignty: Customer retains full control — data never leaves their infrastructure
3. Retention Policy
- Action logs: Configurable retention (default: 90 days)
- Agent registry: Indefinite (until customer deletes)
- Audit trail: Immutable for compliance purposes (configurable retention period)
- Customer controls: Full deletion capability via API and admin dashboard
4. GDPR Legal Basis
- Article 6(1)(f): Legitimate interest — security monitoring and regulatory compliance
- Data Processing Agreement (DPA): Template available for enterprise deployments
- No special category data: No biometric, health, political, or other Art. 9 data processed
- No profiling: No automated decision-making about natural persons
5. Data Minimisation
- Only metadata required for governance is collected and stored
- Built-in PII detection layer (Layer 10) actively prevents unnecessary personal data collection
- Customer configures logging verbosity and scope
- Agent inputs/outputs are NOT stored by default — only metadata (timestamps, risk scores, compliance status)
6. Risk Assessment
| Risk Factor | Assessment | Mitigation |
|---|---|---|
| Data breach | LOW | Self-hosted; no external data transmission |
| Unauthorised access | LOW | JWT + API key + RBAC authentication |
| Data loss | LOW | Customer-managed backups; immutable audit logs |
| Cross-border transfer | LOW | No data leaves customer infrastructure |
| Purpose limitation | LOW | Data used solely for AI governance and compliance |
7. DPIA Conclusion
Overall DPIA threshold: LOW RISK
aiegis processes only AI agent operational metadata on customer-controlled infrastructure. No special category data, no profiling of natural persons, no cross-border data transfers. The self-hosted deployment model ensures full data sovereignty and GDPR compliance by design.
DPIA prepared in accordance with GDPR Article 35 and DPC guidance — Last updated: April 2026
Sub-Processors
This document is currently being finalised by AIEGIS LIMITED. The current version is available on request from [email protected].
Security
What this page is
Most AI security vendors run closed Vulnerability Disclosure Programs (VDPs). When a researcher finds a bug, they sign an NDA. The fix ships quietly. The customer never knows their data was exposed for 90 days while a private patch was negotiated.
We don't. aiegis publishes its own audit log within hours of finding a bug.
This page is that log.
2026-04-28 — 14-fix Security Hardening Sweep
Trigger: Internal red-team during scheduled paired-engineer session (Velo + Nel). Found 14 distinct issues across 12 endpoints + 2 anti-patterns.
Time-to-fix: All 14 patched within 4 hours of first finding. Backend re-deployed 6 times during the working day.
Customer impact: Zero. Single-tenant pilot, all findings caught before any external customer was exposed.
| # | Class | Endpoint / Issue | Severity | Fix |
|---|---|---|---|---|
| 1 | dead-man-switch reversal | /api/agents/{id}/release flipped status to ACTIVE then auto-loop reverted to QUARANTINED before customer mac could heartbeat |
HIGH | Patched endpoint to bump last_seen=now() atomically with status flip |
| 2 | unauthenticated info-disclosure | /api/agents/stats returned org-wide counts without auth |
MEDIUM | Depends(require_admin) |
| 3 | unauthenticated cross-agent leak | /api/agents/{id}/activity exposed prompt-injection threats + DOS patterns + customer-internal context |
HIGH | Depends(require_admin) |
| 4 | unauthenticated stale-agent enum | /api/agents/stale enumerated dead/quarantined agents |
MEDIUM | Depends(require_admin) |
| 5 | unauthenticated agent-list | /api/agents/public listed all agents + status |
MEDIUM | Depends(require_admin) |
| 6 | dead-man-switch config disclosure | /api/deadman/config GET leaked timing thresholds (attack-window enumeration) |
MEDIUM | Depends(require_admin) |
| 7 | all-tenant activity leak | /api/activity returned 100 most recent decisions across ALL tenants |
HIGH | Depends(require_admin) |
| 8 | internal codename + path leak | /api/status/full returned "platform": "Project 490" (internal codename) + anchor_dir filesystem path |
HIGH | Depends(require_admin) + codename redacted |
| 9 | operational telemetry leak | /api/integration/health returned per-layer telemetry (queue depth, P95 latency) |
MEDIUM | Depends(require_admin) |
| 10 | scale + test-count leak | /audit returned total scans + threats blocked + internal test count |
MEDIUM | Depends(require_admin) |
| 11 | internal-path disclosure | /api/genesis/anchor returned anchor_dir: /opt/AIEGIS/config/... filesystem path |
MEDIUM | Depends(require_admin) |
| 12 | 200-on-auth-fail | /api/log returned HTTP 200 with {status:"error"} body on bad key — silently looked successful in logs |
MEDIUM | JSONResponse(status_code=401, ...) |
| 13 | 200-on-auth-fail (sibling) | similar pattern at /api/whatever (line 4851) |
MEDIUM | same fix |
| 14 | UI fake-success regression | /agents page rendered fake demo customer data on auth-fail + faked quarantine/release button success |
MEDIUM | Removed demo fallback + replaced with honest "Login required" empty state + error toast |
Industry context
CVE assignments in our category in 2026 so far: - aiegis: 0 CVEs (pre-customer pilot, internal-only) - Microsoft Purview / Azure MCP / Copilot: 7+ CVEs in 6 months - Strac, Nightfall, LayerX, Cyberhaven: 0 published CVEs (closed VDPs)
The 14 issues we patched today are the same class as CVE-2026-32173 (Azure SRE Agent improper auth, CVSS 8.6). Our competitors with closed VDPs likely patched similar issues this week without disclosure. We chose to publish.
Our coordinated VDP commitment
- Detection-to-patch SLA: 24 hours for any finding HIGH or above. Today's 14-fix sweep: 4 hours.
- Public disclosure: within 7 days of patch ship, on this page.
- No NDA required for security researchers. Email [email protected] + we publish your finding (or anonymize per your request).
- Scope: all aiegis.ie endpoints + browser extension + future native binaries.
- Out of scope: social engineering, physical access, customer mac OS-level vulnerabilities.
Why we publish
EU AI Act Article 12 requires logging of AI decisions for traceability. This is the baseline. Our public audit log is a deliberate over-and-above choice — we believe customers buying an AI governance product should be able to verify the governance vendor's own security hygiene.
If you find an issue, email [email protected].
Last updated: 2026-04-28 13:55 IST Next update: on next finding (pre-customer pilot; previously-stated weekly cadence resumes once we exit pre-customer state) Signing key: [public PGP key here once shipped]
Acceptable Use Policy (AUP)
This document is currently being finalised by AIEGIS LIMITED. The current version is available on request from [email protected].