Built for enterprise trust.
How we handle data, credentials, access and incidents — in plain language, no compliance theater. Everything on this page is in the public documentation.
Six security pillars
Each one runs in production today and is documented — cards link to the corresponding doc.
Encryption and vault
TLS on all traffic. Credentials (API keys, database passwords, ERP tokens) never live in configuration — they live in the vault with AES-256-GCM encryption.
View documentationTenant isolation
Each customer is a completely isolated workspace: its own agents, data, secrets and telemetry. Every API call is validated against the tenant — no lateral leakage.
View documentationBYOK — your key, your control
Use your own OpenAI, Anthropic, Google and xAI keys. Your keys are never shared across tenants; if they fail, the managed pool takes over as contingency.
View documentationOn-premise without VPN
Zihin Tunnel connects your ERP and databases via outbound WebSocket (port 443) — no inbound firewall ports. Credentials are resolved inside your network and never leave it.
View documentationRBAC — roles and permissions
Four roles (owner, admin, editor, viewer) with an explicit permission matrix. JWT and API keys go through the same role check on every operation.
View documentationAudit and telemetry
Every execution records session, tool calls, costs and latencies — queryable in the console and via the telemetry API. What the agent did is never a black box.
View documentationPolicies the agent cannot ignore
Contextual Security Policies (CSP) are enforced on every execution — not a PDF of good intentions. Five types cover the full cycle, and guardrails like iteration limits and tool blocking are enforced by the runtime, not merely suggested to the model.
Schedule
Restrict when the agent operates: business hours, weekdays, timezone. Outside the window, it doesn't run.
Behavior
Tone, language, must-dos and must-nots — including blocking specific tools and iteration limits enforced by the runtime.
Data
Access restrictions on sensitive fields and entities — the agent only touches what policy allows.
Origin
Restrict where the agent can be triggered from: allowed IPs and domains.
Custom
Your own rules in flexible JSON for whatever is specific to your operation.
Scope inheritance
Policies flow from broad to narrow scope — the most specific wins. Define once at tenant level, refine per team, agent or user.
tenant → team → agent → user
Full types, scopes and rule examples are in the documentation: Contextual Security Policies
Questions every security team asks
Where are my systems' credentials stored?
In the platform vault, encrypted with AES-256-GCM — never in configuration files or schemas. With Zihin Tunnel it's even better: internal systems' credentials are resolved inside your network and never leave it.
Do I need to open firewall ports to connect my ERP?
No. Zihin Tunnel uses an outbound WebSocket connection on port 443 (same as your browser). No inbound ports, no VPN, no firewall changes.
Can I use my own OpenAI or Anthropic key?
Yes — BYOK for OpenAI, Anthropic, Google and xAI. With your key configured, agents use it directly without consuming your quota; if the key fails, the managed pool takes over as automatic contingency.
How do I control what an agent can and cannot do?
Two layers: RBAC controls what people and API keys can do on the platform; Contextual Security Policies (CSP) control what the agent can do at runtime — schedule, behavior, data, origin — with runtime-enforced guardrails like tool blocking and iteration limits.
What gets recorded for each execution?
The full session: phases, tool calls, tokens, costs and latencies. All queryable in the console and via the telemetry API — auditing isn't an optional feature, it's the default.
I found a vulnerability. How do I report it?
Write to contact@zihin.ai with the subject [security]. We respond within 72 hours, validate the proof of concept and coordinate disclosure. Good-faith researchers face no retaliation.
Compliance and corporate governance questions? See the Enterprise page
Responsible vulnerability disclosure
If you found a vulnerability, write directly to contact@zihin.ai. We commit to responding within 72 hours, validating the proof of concept and coordinating disclosure. We do not weaponize copyright or fraud laws against researchers acting in good faith.
contact@zihin.aiDue diligence underway?
DPA, security questionnaires and conversations with our engineering team.
This site uses cookies.
Essential cookies are always on so the site works. Analytics cookies only activate with your consent. Learn more