Skip to main content

Security

Crawbl is built for organizations that need strong security controls over AI agent behavior.

Trust Model

Three trust levels govern what the system can do on a user's behalf.

Read-only. Crawbl reads and summarizes but cannot change external systems.

Zero Trust Architecture

PrincipleImplementation
Never trust, always verifyAll requests authenticated, all services verify each other
Least privilegeComponents get minimum permissions needed
Explicit verificationNo implicit trust based on network location
Assume breachSegmentation limits blast radius
Authentication and trust boundaries through the Crawbl platform
Click diagram to zoom

Internal service communication is mutually authenticated and encrypted.

Secret Management

All secrets are stored externally -- never in Git.

Secret TypeStorageAccess
API KeysManaged secrets serviceAuto-synced to runtime
OAuth TokensManaged secrets servicePer-user, encrypted
Database CredentialsManaged secrets serviceInjected via K8s secrets
TLS CertificatesAutomated cert managementAuto-renewed
Secret flow from managed secrets service into Kubernetes workloads
Click diagram to zoom

Secrets are automatically rotated where possible, scoped to specific workspaces, and audited for access.

Network Security

Agent runtimes have no direct internet access.

Network path into the orchestrator and isolation of user runtimes
Click diagram to zoom

Internal service communication is mutually authenticated and encrypted. Network policies restrict traffic to authorized paths only.

This is enforced at the network level. Even a compromised agent pod cannot reach external services -- all outbound access goes through the orchestrator, which enforces permissions and logs every call.

Compliance

  • Audit trail -- Every action logged with timestamp, user identity, action type, and result
  • Data residency -- Deploys in your infrastructure; no data leaves your environment
  • Certifications -- Designed to support SOC 2 Type II, HIPAA, GDPR, and ISO 27001

Deep Dive