Enterprise Security

Security built into every layer

Three-layer AI governance, tamper-proof audit trails, cryptographic agent identity, and bring-your-own AI model — built for teams that can't afford to get security wrong.

SOC 2 Type II
Certified
ISO 27001
Certified
3 Layers
AI Governance
34
Granular Permissions
Governance
AI Governance

Every tool call passes three gates

Before any agent action reaches your systems, it must pass through three independent security layers. No single point of failure.

Agent
requests
tool call
1

Tool Classification

Every tool is classified as safe, restricted, or forbidden. Agents only access tools explicitly granted to them.

ReadWriteDestructive
2

Tool Guard

Instant rule checks evaluate parameters before execution. Block or flag based on values, ranges, and business conditions. Zero latency.

Automated · deterministic · instant
3

Policy Shield

AI evaluates natural-language business rules for nuanced decisions. Fail-secure — if evaluation fails, the call is blocked.

AI-evaluated · context-aware · fail-safe
Verified
tool call
executes
Blocked at any gate → agent gets a denial reason, full event logged
< 50ms
Gate 1 + 2 latency
Rule checks add near-zero overhead to tool calls
100%
Fail-secure
If any gate errors, the call is blocked — never allowed by default
Every call
Fully logged
Allowed, blocked, or flagged — every decision is audit-ready
Approvals
Human Oversight

Sensitive actions pause
and wait for your approval

When an agent hits a sensitive operation, execution pauses mid-workflow. Your team sees the full context — what the agent wants to do, with what data, and why — then approves or denies with one click.

7 Approval Categories

Agent changes, tool access, mission execution, data operations, role changes, org settings, and tool data approval — each with its own policy.

Multi-Approver & Escalation

Require multiple sign-offs for high-risk actions. Set timeout rules that escalate to managers if nobody responds.

Tamper-Proof Execution

What was approved is exactly what executes. The payload is hashed at approval time and verified before execution — no modifications in between.

Approval Required
Awaiting
Mission
Employee Offboarding — Step 4 of 6
Requested Action
Revoke all system access for departing employee
User: james.miller@acme.com · Role: Engineering Lead · 14 integrations connected
Agent
IT Security Agent
Tools
okta.deactivate-user + 3
Policy Trigger
Destructive action on user account
Expires
18m remaining
Requested by mission run #3422 of 2 approvers needed · 1 approved
Audit Trail
Audit & Compliance

Every action. Timestamped. Tamper-proof.

Full decision traces for compliance reporting. Search, filter, and export millions of events — ready for your auditors.

Audit Log — Recent Events
Filter ▾
Export
14:22:31doneAccess revokedIT Security Agentokta.deactivate-user · james.miller@acme.com
14:22:18approvedTool call approvedlisa.wang@acme.comOffboarding mission #342 — destructive action
14:22:05pendingApproval requestedIT Security AgentRevoke all access for departing employee
14:21:48flaggedPolicy Shield evaluatedsystemRule: "Destructive actions require manager approval"
14:21:12passedKnowledge check completedHR Compliance AgentEmployee handbook policy §4.3 — exit procedures verified
14:20:01startedMission startedHR system webhookEmployee Offboarding — 6 steps, 3 agents
Showing 6 of 1,847,293 eventsRetention: 7 years · Tamper-proof hash chain

Full Coverage

Auth events, agent operations, integration changes, knowledge updates, approvals, role changes, and every settings modification.

Powerful Search

Search millions of events by user, category, date, or resource. Export filtered results for external auditors in one click.

Execution Replay

Every mission run produces a step-by-step trace — tool calls, inputs, outputs, timing, and cost — replayable at any time.

Bring Your Own LLM
AI Model Routing
Your Infrastructure
Azure OpenAI
● Active
AWS Bedrock
Google Vertex AI
Self-Hosted
Bixie Secure Proxy
Routes requests · No data stored · No training on your data
Encrypted
Bixie Platform
Chat
Agents
Experts
Studio
Zero data retention— Prompts and responses are never stored or used for training
AI Infrastructure

Bring Your Own
AI Model

Keep complete control over your AI infrastructure. Connect models running in your own cloud — Azure OpenAI, AWS Bedrock, Google Vertex AI, or self-hosted endpoints. Your data never leaves your security perimeter.

Private Model Deployment

Connect to models in your own cloud tenant. No data passes through third-party AI providers unless you configure it.

Model Flexibility

Use different models for different agents. Pick the right balance of performance, cost, and compliance for each use case.

Data Sovereignty

Your operational data stays within your control. Choose your region, your provider, your encryption — Bixie adapts.

One Config Switch

Swap providers with a single configuration change. No code modifications, no mission rewrites, no downtime.

Identity
Identity & Access

Fine-grained control over
who can do what

Single sign-on, 5 system roles, custom roles, and 34 granular permissions. Every user sees exactly what they should — nothing more.

Role Permissions Matrix
CapabilityOwnerAdminEditorMemberViewer
Create & edit missions
Run missions
Approve actions
Manage integrations
Upload knowledge
View audit logs
Manage team members
Org settings & billing
Showing 8 of 34 permissions+ Custom roles available on Enterprise

Single Sign-On

Sign in via Okta, Azure AD, or any enterprise identity provider. Domain-based auto-join and enforced SSO.

Multi-Tenant Isolation

Every query is scoped to the organisation. Data isolation is enforced at the infrastructure level, not application-level filtering.

Emergency Access

Break-glass access for critical situations with full audit logging. Time-limited, requires owner approval.

Attestation
Bixie Attest

Cryptographic agent identity.
Zero implicit trust.

Every agent proves its identity before it can call a single tool. Environment verification, scoped access tokens, and an audited tool gateway — your systems never trust an unverified caller.

Prove Environment
Agent provides cryptographic proof of where it's running
Issue Token
Short-lived token with scoped permissions and usage limits
Score Risk
Real-time check on request patterns, timing, and history
Validate & Proxy
Gateway checks token, forwards tool call, logs everything
Audit Recorded
Tamper-proof record in cryptographic hash chain

Trust Levels

VerifiedAll tools accessible
Highest trust — proven secure environment with full cryptographic attestation
AttestedMost tools accessible
Standard — cloud or container identity validated by the platform
Self-DeclaredRead-only tools only
Lower trust — elevated risk monitoring, restricted tool access

Why This Matters

No network-level trust

Even if an attacker is inside your network, they can't call tools without a valid environment proof.

Short-lived by design

Tokens expire quickly. A compromised token has a narrow window before it's useless.

Real-time risk signals

Unusual request patterns, new agents, or anomalous timing automatically trigger stricter checks.

Hash-chained audit

Every record is cryptographically linked. Tampering with any entry breaks the chain and raises alerts.

Data Protection
Data Protection

Encrypted everywhere. Always.

Data in TransitTLS 1.3 on all connections
Data at RestAES-256 encryption on all storage
Secrets & KeysHardware-backed key management
API credentials
Encrypted in Secrets Manager
Encryption keys
Hardware Security Modules
User tokens
Short-lived, auto-rotating
Field-Level Encryption
Sensitive fields encrypted independently within storage
HSTS Enforced
Strict transport security on all connections
Key Rotation
Automatic rotation with zero-downtime re-encryption
Tenant Isolation
Data is physically and logically separated per org
Compliance
Compliance

Independently verified.
Continuously audited.

Our security practices are validated by independent third-party auditors against the toughest industry standards.

SOC 2 Type II

Security, availability, and confidentiality — audited annually

Verified & Current
ISO 27001

International standard for information security management

Verified & Current
GDPR CompliantAustralian Privacy PrinciplesData MinimizationRight to ErasureAnnual Pen Testing

Operational Security

All devices managed with endpoint protection
Phishing-resistant authentication (WebAuthn)
Security training on hire + annually
Risk-based vendor security assessments
24/7 monitoring with incident response SLAs
Secure development lifecycle with mandatory code review
Report Issue
Responsible Disclosure

Found a vulnerability?

We take every report seriously and respond promptly. Responsible disclosure is appreciated — we'll work with you to understand and resolve any issue.

All Bixie products and services are subject to our comprehensive security controls, policies, and certifications. For questions about our security practices, contact support@team.bixie.ai.