SECURITY

Security

Lakesis treats security as a product feature, not a bolt-on. This page summarizes our security architecture, compliance posture, data protection, and vulnerability response. The full security whitepaper is available under NDA.

Last updated 2026-05-25

1. Our position

Lakesis serves finance, government, healthcare, and advisory customers — all with high data-compliance bars. Security is the floor of our product, not a marketing line. Our commitments:

  • Customer data never leaves the customer-authorized compliance perimeter
  • Lakesis does not use customer data to train general-purpose models for other customers
  • All agent invocations, model IO, and prompts are auditable and traceable
  • Full private deployment supported — no data needs to leave your premises

2. Architecture-level security

2.1 Sandbox isolation

Each tenant runs in an isolated Docker sandbox with sandbox-scoped token encryption, strict network and filesystem isolation. Agent execution is bounded by resource quotas and timeouts, preventing malicious or runaway code from escaping.

2.2 Encryption

  • In transit: TLS 1.3 end-to-end, HSTS enforced
  • At rest: AES-256 for databases and object storage
  • Key management: KMS-managed, customer-managed keys (CMK / BYOK) supported
  • Sensitive fields: field-level encryption and automatic masking

2.3 Deployment shapes

Four deployment shapes per compliance requirement:

  • On-premises private: GPU cluster / internal K8s / single host — data never leaves your premises
  • Dedicated cloud: Alibaba / Tencent / Huawei dedicated instances
  • Hybrid: inference in private VPC, control plane in cloud
  • SaaS: Lakesis multi-tenant cloud (suitable for low-sensitivity scenarios only)

3. Access control

3.1 Authentication

  • SSO / OAuth 2.0 / OIDC, integrated with enterprise IdP (LDAP / AD / Okta / Lark)
  • 2FA configurable as mandatory
  • API keys rotated periodically, scoped to least privilege

3.2 Authorization & governance

RBAC + ABAC permissions. Supports user / department / document / field-level access control. Data visibility follows the principle of least privilege; agents pass authorization checks before invocation.

3.3 Audit

All agent invocations, model IO, prompt content, and user actions generate tamper-evident audit logs. Retention is configurable (default 365 days); logs can be exported to customer SIEM (Splunk / Alibaba Cloud SLS, etc.).

4. Data lifecycle

  • Collection: strictly within authorized scope, never beyond customer-configured connectors
  • Processing: within the customer's compliance perimeter, with configurable model routing policy
  • Storage: per customer retention policy (configurable 30 days to indefinite)
  • Deletion: hard delete supported (meets GDPR / PIPL right-to-erasure)

5. Compliance and certifications

Current posture (status noted per item):

  • PIPL (China Personal Information Protection Law): compliant by design, annual internal review
  • DSL (China Data Security Law): compliant by design
  • MLPS 2.0 (等保) Level 3: assessment in progress
  • ISO 27001: certification in progress
  • SOC 2 Type II: planned, for international customers
  • GDPR: applicable for EU customer engagements

Detailed certification reports and pen-test reports available under NDA — request from [email protected].

6. Model safety

6.1 Multi-model routing safety

When routing to external LLMs (Claude / GPT / Gemini), data paths must conform to customer compliance. Sensitive data can be force-routed to customer-private models to ensure it never leaves the intranet.

6.2 Prompt injection and adversarial inputs

Defenses against prompt injection, unauthorized tool calls, and prompt leakage are built-in at the system level: tool-call allowlists, input filtering, output review, exception routing.

6.3 Output control

Agent outputs are constrained by business rule engines and human review hooks. Critical actions (orders, payments, contract signing) are not permitted to be executed by agents alone by default — they require explicit confirmation by an authorized user.

7. Vulnerability response

If you discover a security vulnerability in the Lakesis platform or website, please disclose responsibly:

  • Email [email protected] (PGP encryption supported — public key at /security.txt)
  • Include description, reproduction steps, and impact assessment
  • We will confirm within 48 hours and remediate or coordinate disclosure within 90 days
  • We commit not to pursue legal action against good-faith security researchers

We do not currently operate a public bug bounty program, but acknowledge critical reports individually.

8. Incident response

In the event of a security incident, we commit to:

  • Notify affected customers within 72 hours (meets PIPL / GDPR)
  • Provide root-cause analysis and remediation timeline
  • Cooperate with regulatory investigations as needed

9. Contact

Security incidents: [email protected]

Compliance inquiries: [email protected]

Enterprise assessments: [email protected] — security whitepaper, SIG / CAIQ answers on request