Security Overview
How AI Red Team Labs approaches access control, data handling, and platform hardening.
Access Control
- Subscription gating enforced server-side for
/api/redteam/*
- Requests require a user identity header today (upgrade path to JWT / magic link)
- Stripe webhooks validated with signature verification
Data Handling
- Safe Evaluation Mode: focuses on defensive validation and controls
- Reports can be generated locally in-browser (downloadable HTML/JSON)
- Recommended: do not include real secrets in prompts or context
Platform Hardening (Roadmap / In Progress)
- Nginx security headers + rate limiting
- JWT/magic-link auth
- Audit logs + report retention options (enterprise)