WorkSwarm
Trust Center - Confidential
Version 1.0
Updated 2026-05-08
Securityv1.0 · Updated 2026-05-08 · 8 pages
Security Overview
Executive summary of WorkSwarm's security architecture, controls, and compliance posture.
Prepared by Chief Information Security Officer, WorkSwarm, Inc.
Contents
- Executive Summary
- 1. Security Architecture Principles
- 2. Infrastructure Security
- 3. Identity & Access Management
- 4. Data Protection
- 5. AI Safety & Agent Security
- 6. Secure Software Development Lifecycle
- 7. Vendor & Sub-processor Management
- 8. Compliance & Certification Status
- 9. Audit Logging & Evidence
- 10. Contact
Executive Summary
WorkSwarm is a chat-native operating system that orchestrates human teams and specialist AI agents to execute complex business workflows. Because our platform processes sensitive customer data - including PII, financial records, healthcare information, and proprietary business strategy - security is not a feature; it is the architecture itself.
This document provides a comprehensive overview of WorkSwarm's security posture, covering infrastructure, identity, data protection, AI safety, vendor management, and compliance. It is intended for CISOs, security teams, and procurement officers evaluating WorkSwarm for enterprise deployment.
1. Security Architecture Principles
WorkSwarm's security architecture is built on five foundational principles that govern every design decision:
- •Defense in depth: No single control protects any asset. Every layer - network, identity, data, application, AI - has independent security controls that assume the adjacent layer may be compromised.
- •Zero trust: Every request is authenticated, authorized, and encrypted regardless of network location. Internal services use mTLS. There is no trusted network perimeter.
- •Least privilege: Users, agents, and services receive the minimum permissions required for their function. Permissions are scoped per tenant, per workspace, and per operation.
- •Tenant isolation: Customer data is logically isolated at the storage, compute, and network layers. Cross-tenant data access is architecturally impossible without breaking multiple independent controls.
- •Fail secure: When a security control fails, the system denies access by default. Circuit breakers halt operations rather than allowing degraded-security operation.
2. Infrastructure Security
WorkSwarm is deployed on AWS and GCP with a warm disaster recovery configuration.
| Control | Implementation | Standard |
|---|---|---|
| Cloud provider | AWS (primary), GCP (warm DR) | SOC 2 Type II, ISO 27001, FedRAMP High |
| Network isolation | Dedicated VPC per environment, private subnets, no public-facing databases | NIST CSF PR.AC-5 |
| DDoS mitigation | AWS Shield Advanced + WAF with custom rule sets | NIST CSF PR.DS-4 |
| Edge security | CloudFront with TLS 1.3, HSTS, certificate pinning for mobile clients | ISO 27001 A.13.1 |
| Internal communication | mTLS between all services, service mesh with Istio | Zero Trust Architecture (NIST SP 800-207) |
| Availability | 99.95% SLA, multi-AZ deployment, automated failover | ISO 22301 |
| Disaster recovery | RTO 4 hours, RPO 15 minutes, quarterly DR tabletop exercises | NIST CSF RC.RP-1 |
3. Identity & Access Management
WorkSwarm implements enterprise-grade identity management with support for federated authentication and granular authorization.
| Capability | Details |
|---|---|
| SSO integration | SAML 2.0 and OpenID Connect. Compatible with Okta, Azure AD, Google Workspace, OneLogin, PingIdentity, and any compliant IdP. |
| User provisioning | SCIM 2.0 for automated user lifecycle management. Create, update, deactivate users from your IdP. |
| Multi-factor authentication | Required for all enrolled accounts. Supports TOTP (Authenticator apps) and WebAuthn/FIDO2 passkeys (platform authenticators and hardware keys), enforced at login. Push notification via supported IdPs. |
| Session management | Configurable session duration (default 8 hours). Automatic timeout after 30 minutes of inactivity. Forced re-authentication for sensitive operations. |
| Authorization model | RBAC (Role-Based Access Control) with ABAC (Attribute-Based Access Control) overlay. Roles: Owner, Admin, Member, Guest, AI Agent. Custom roles supported on Enterprise tier. |
| Privileged access | JIT (Just-In-Time) elevation for admin operations. All privileged actions logged with full audit trail. Break-glass procedure requires dual approval. |
| API authentication | OAuth 2.0 bearer tokens with configurable scopes. API keys with IP allowlisting. Token rotation enforced every 90 days. |
4. Data Protection
Customer data protection spans encryption, residency, retention, and deletion controls.
| Control | Cloud Tier | Private Tier | On-Prem Tier |
|---|---|---|---|
| Encryption at rest | AES-256-GCM, WorkSwarm-managed keys | AES-256-GCM, customer KMS (BYOK) | Customer HSM (HYOK) |
| Encryption in transit | TLS 1.3 (external), mTLS (internal) | TLS 1.3 + customer-managed certificates | Customer infrastructure |
| Encryption in use | AWS Nitro Enclaves for sensitive computation | Confidential VMs (AMD SEV-SNP) | Customer-managed TEE |
| Key management | AWS KMS, automatic rotation every 365 days | Customer AWS/GCP/Azure KMS | Customer HSM, customer-controlled rotation |
| Data residency | Customer selects: India (Mumbai/Hyderabad), EU (Ireland/Frankfurt), US (Virginia/Oregon) | Customer-selected region | Customer premises |
| Data retention | Customer-configurable (30 days to 7 years). Default 1 year for workspace data, 7 years for audit logs. | Customer-configured | Customer-configured |
| Data deletion | Cryptographic deletion within 30 days of request. Backup purge within 90 days. | Same | Customer-controlled |
5. AI Safety & Agent Security
As an AI-native platform, WorkSwarm implements comprehensive controls around AI agent behavior, data handling, and output validation.
- •No training on customer data: WorkSwarm contractually prohibits the use of customer data for model training. All LLM provider DPAs include explicit no-training clauses. Prompts are redacted of PII before leaving the platform.
- •Output validation: Every LLM response passes through a validation pipeline: schema validation (correct format), allowlist checking (permitted actions only), content filtering (no harmful content), and PII detection (no customer data leakage).
- •Tool gating: AI agents can invoke tools (APIs, databases, external services). High-blast-radius tool calls - those that modify data, send communications, or commit funds - require explicit human gate approval before execution.
- •Token limits and circuit breakers: Per-call token caps prevent cost runaway. Per-agent daily limits prevent recursive loops. Circuit breakers halt execution after configurable failure thresholds.
- •Agent audit trail: Every agent action is logged with full context: input prompt, output response, tools invoked, gate decisions, latency, token usage, and cost. Logs are immutable and exportable to customer SIEM.
- •Model provider isolation: WorkSwarm supports multiple LLM providers (Anthropic Claude, Google Gemini). Customers can restrict to specific providers based on data sovereignty or contractual requirements.
- •Bias and safety evaluation: Quarterly evaluations using industry-standard benchmarks. Results published in the AI Safety Evaluation Summary (available Q4 2026).
6. Secure Software Development Lifecycle
WorkSwarm follows a rigorous SDLC with security integrated at every stage.
- •Threat modeling: Conducted for every new feature using STRIDE methodology. Updated quarterly for existing features.
- •Code review: All code changes require peer review with security-focused checklist. Automated SAST scanning on every pull request.
- •Dependency management: Software Bill of Materials (SBOM) generated for every release. Automated vulnerability scanning of all dependencies. Critical CVEs patched within 24 hours.
- •DAST and penetration testing: Automated DAST scanning in staging environments. Annual external penetration test by an independent firm. Quarterly internal red team exercises.
- •Secure deployment: Immutable container images, signed and verified before deployment. Infrastructure as Code with security policy enforcement. Canary deployments with automatic rollback on anomaly detection.
- •Incident response: Documented incident response plan tested quarterly. Severity classification (P0-P4) with defined SLAs. Post-mortem published within 14 days of resolution.
7. Vendor & Sub-processor Management
WorkSwarm maintains a formal vendor management program for all sub-processors with access to customer data.
- •Due diligence: Security assessment before onboarding. SOC 2 Type II or equivalent required. Annual reassessment.
- •Contractual controls: Data Processing Agreements (DPAs) with all sub-processors. Audit rights retained. Sub-processing restrictions enforced.
- •Customer notification: 30-day advance notice before any new sub-processor goes live. Customers can object; unresolved objections allow penalty-free termination.
- •Ongoing monitoring: Continuous monitoring of sub-processor security posture. Quarterly review of access permissions. Annual DPA renewal and compliance verification.
8. Compliance & Certification Status
WorkSwarm is actively pursuing industry-standard certifications to provide independent verification of our security controls.
| Certification | Status | Target Date |
|---|---|---|
| SOC 2 Type I | In progress - readiness assessment underway | Q1 2027 |
| SOC 2 Type II | Planned - observation period follows Type I | Q3 2027 |
| ISO 27001 | In progress - gap assessment complete | Q2 2027 |
| ISO 27017 (Cloud Security) | In progress - bundled with 27001 | Q3 2027 |
| ISO 27018 (Cloud Privacy) | In progress - bundled with 27001 | Q3 2027 |
| HIPAA | BAA available - self-attested with control evidence | Available now |
| DPDP Act 2023 | Compliant - consent, DSR, breach notification implemented | Available now |
| GDPR | Compliant - DPA, SCCs, ROPA available | Available now |
9. Audit Logging & Evidence
WorkSwarm produces legally admissible audit logs suitable for regulatory examination and litigation hold.
- •Immutable logs: Every event is written to an append-only log store. Events cannot be modified or deleted by any user, including WorkSwarm administrators.
- •Hash-chaining: Each log entry includes a cryptographic hash of the previous entry, creating a tamper-evident chain. Any modification breaks the chain and is detectable.
- •HSM signatures: Log batches are signed using Hardware Security Module-backed keys, providing non-repudiation.
- •Legal admissibility: Logs are exportable with Indian Evidence Act Section 65B certificates for Indian courts and US Federal Rules of Evidence 901/902(13) self-authentication for US courts.
- •SIEM integration: Real-time log streaming to customer SIEM platforms: Splunk, Microsoft Sentinel, Sumo Logic, Elastic, Datadog. Standard CEF and OCSF formats supported.
- •Retention: 7-year default retention for audit logs. Customer-configurable. Logs stored in immutable S3 buckets with Object Lock.
10. Contact
For security inquiries, vulnerability reports, or to request additional documentation:
Security Team: security@workswarm.ai
Trust Center: trust@workswarm.ai
DPO: dpo@workswarm.ai
Vulnerability Disclosure: We welcome responsible disclosure of security vulnerabilities. Please email security@workswarm.ai with details. We commit to acknowledging receipt within 24 hours and providing a resolution timeline within 72 hours.
Disclaimer:This document is provided for informational purposes and represents WorkSwarm's current security posture and planned controls. Legal templates are provided as starting points and should be reviewed by your legal counsel before execution. Certification timelines are targets and subject to change based on auditor availability and assessment outcomes.
© 2026 WorkSwarm, Inc. · Confidential · workswarm.ai/trust
Security Overview
8 pages · PDF