Security Practices

Intercis is built for security-first organizations. Our architecture enforces policy outside the agent process, isolates control planes, and provides immutable audit trails. This page details our security posture for CISO and SOC teams conducting due diligence.

Architecture Security

Intercis operates as an external policy enforcement layer, sitting outside the AI agent process. This architectural decision provides a critical security guarantee: a compromised agent cannot disable the control plane.

External Enforcement

  • No code changes required. Agents point to a different API endpoint instead of the LLM provider directly. Intercis sits in the middle, transparent to your application.
  • Control plane isolation. The policy engine, audit system, and enforcement layer run separately from agent infrastructure. Compromise of one domain does not compromise the other.
  • Zero trust enforcement. Every API call requires authentication via the x-intercis-key header. No exceptions, no bypass paths.
  • Immutable verdicts. Once a policy decision is logged, it cannot be modified or deleted. Forensic integrity is guaranteed.

Threat model: Even if an agent is fully compromised (code execution, environment variable access, memory inspection), it cannot interact with LLM APIs without going through the Intercis proxy. The proxy enforces policy regardless of what the agent requests.

Infrastructure Hardening

Proxy — API Intercept

The Intercis proxy runs on Railway, in isolated containerized environments. Each deployment is:

  • Deployed in dedicated containers with resource limits
  • Horizontally scaled behind load balancers
  • Monitored for anomalous memory, CPU, or network behavior
  • Automatically restarted on health check failure

Dashboard — SOC Interface

The Intercis dashboard runs on Vercel, providing real-time policy enforcement and audit visibility:

  • Edge-deployed globally for low-latency access
  • DDoS protection via Vercel's infrastructure
  • Automatic scaling for traffic spikes
  • WAF rules to block malicious payloads

Database — Supabase PostgreSQL

Event logs, policies, and audit trails live in Supabase PostgreSQL with Row Level Security enabled:

  • Row Level Security (RLS): Policies enforce that users can only access their own organization's data, even if they compromise the API key.
  • Encryption at rest: AES-256 encryption for all stored data, managed by Supabase infrastructure.
  • Audit logging: PostgreSQL transaction logs capture all mutations. Append-only event table prevents deletion.
  • Backup strategy: Continuous replication with encrypted backups. Point-in-time recovery available.

Encryption in Transit

TLS Version TLS 1.2+
Protocol HTTPS
Certificate Let's Encrypt (auto-renewal)
HSTS Enabled, 63072000s preload

Security Headers & HTTP Policy

All Intercis endpoints (proxy and dashboard) return security headers that enforce strict policies:

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src 'self'; script-src 'self' cdn.tailwindcss.com fonts.googleapis.com; style-src 'self' cdn.tailwindcss.com fonts.googleapis.com 'unsafe-inline'; font-src fonts.gstatic.com; img-src 'self' data:; frame-ancestors 'none'
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=()

Authentication & Access Control

Proxy API Authentication

Every request to the Intercis proxy must include the x-intercis-key header with a valid API key:

  • Keys are cryptographically signed and rotatable
  • Expired or revoked keys are rejected immediately
  • Key usage is logged for audit purposes
  • Keys are scoped to a specific organization and cannot be shared across deployments

Dashboard Authentication

Dashboard access requires bearer token authentication via OAuth2 / OpenID Connect:

  • Single sign-on (SSO) via your identity provider
  • Role-based access control (RBAC) for team members
  • Session tokens are short-lived and refreshed via secure cookies
  • Multi-factor authentication (MFA) enforced for privileged roles

Database Access Control

Supabase anon key is scoped and restricted via Row Level Security:

  • Anon key can only INSERT into the design_partners table (for waitlist signups)
  • All other tables require authenticated access with RLS policies
  • No admin endpoints are publicly exposed
  • Service role keys (for internal use) are never exposed to client-side code

Policy Engine & Detection

The Intercis policy engine enforces rules across multiple threat categories with a multi-layer detection strategy.

Pattern-Based Detection

48 regex deny patterns across 10 threat categories

The policy engine analyzes tool calls (function names, arguments, environment variable access) against regex patterns that detect:

  • Credential exfiltration: Attempts to read AWS_SECRET_KEY, OPENAI_API_KEY, or similar
  • Network exfiltration: Outbound connections to unknown domains, DNS exfiltration
  • Supply chain attack: Injecting malicious code into package.json, requirements.txt, or Docker builds
  • Privilege escalation: Sudo commands without password, capability addition
  • Container escape: Bind mounts to /var, access to /proc/sys, cgroup breakout patterns
  • Persistence: Cron job injection, SSH key placement, service registration
  • Encoded execution: Base64, hex, or other obfuscation of suspicious commands
  • Destructive shell commands: rm -rf, dd if=/dev/zero, partition wipes
  • Database attacks: DROP TABLE, TRUNCATE, bulk deletion, unauthorized schema changes
  • Infrastructure sabotage: Terraform/CloudFormation destruction, cluster scaling attacks
85.1% detection rate against modern agentic threat payloads

LLM-Based Intent Classifier

After regex patterns, blocked calls are re-evaluated by an LLM-based intent classifier that understands semantic context:

  • Distinguishes between legitimate file operations and destructive intent
  • Detects prompt injection attempts even if obfuscated
  • Identifies tool chaining strategies (combining safe tools into dangerous workflows)
  • Provides natural language explanations for policy verdicts

Prompt Injection Scanner

Dedicated detection layer for prompt injection attacks:

Patterns Detected 13 injection categories
Threat Types 4 primary attack vectors
  • Instruction override: Attempts to replace or override the agent's original instructions
  • Context extraction: Requests to reveal system prompts, credentials, or internal knowledge
  • Role-play attacks: Impersonation of authorized users or admin roles
  • Tool abuse: Attempts to invoke unintended tool combinations or bypass policy

Audit & Compliance

Event Log

Intercis maintains an append-only event log that cannot be modified or deleted:

  • Every API call is logged: Timestamp, agent ID, tool name, arguments, policy verdict, reason
  • Immutable storage: Events written to PostgreSQL with triggers that prevent UPDATE or DELETE
  • Cryptographic signatures: Each event is signed; tampering is detectable
  • Retention: Logs retained for minimum 90 days; configurable up to 7 years

Session Traces

Full forensic replay of agent sessions:

  • Reconstruct exact sequence of tool calls, API responses, and policy decisions
  • Replay mode allows SOC teams to trace root cause of incidents
  • Context captured: agent memory state, LLM temperature, token usage
  • Timeline visualization in dashboard for incident investigation

SOC 2 Type II Roadmap

Intercis is currently building toward SOC 2 Type II certification. Core security controls are in place; audit and assessment are in progress.

Responsible Disclosure

If you discover a security vulnerability in Intercis, please report it responsibly to:

security@intercis.io

We will acknowledge receipt within 24 hours and work with you on a coordinated disclosure timeline.

Do not publicly disclose the vulnerability before we have had the opportunity to patch and release a fix.