Sicherheit

Sicherheit ist grundlegend,
kein nachträglicher Gedanke.

Wenn KI-Agenten Software im Auftrag Ihrer Nutzer bedienen, ist Sicherheit kein Feature — es ist die Architektur. Jede Schicht von Deck basiert auf Isolation, Verschlüsselung und Zero-Trust-Prinzipien.

SOC 2 Typ II GDPR HIPAA PCI-DSS

Jeder Agent läuft in vollständiger Isolation

Each Computer Use session spins up a dedicated, ephemeral virtual machine. Nein shared memory, no shared filesystem, no shared network. By default, when the task completes, the VM is destroyed — including all browser data, cookies, and cached credentials. For workflows that require it, persistence can be enabled per session, giving you full control over what stays and what gets wiped.

Agent AIsolated VM

Agent BIsolated VM

Agent CIsolated VM

Agent DDestroyed

Verschlüsselung auf jeder Ebene

All data is encrypted in transit with TLS 1.3 and at rest with AES-256. Credentials stored in the Deck vault are encrypted with per-tenant keys — even Deck engineers cannot access your users' passwords. API keys are hashed and never stored in plaintext.

In transitTLS 1.3

At restAES-256

CredentialsPer-tenant keys

API keysHashed, never plaintext

Zero-Trust-Zugriffskontrollen

Only those who need access get it. Multi-factor authentication, SSO/SAML support, and role-based access controls ensure your data is managed by the right people. Every access event is logged, monitored, and auditable. Internal access to production systems requires approval and is time-limited.

✓ Multi-factor authentication

✓ SSO / SAML support

✓ Role-based access controls

✓ Time-limited production access

✓ Full audit trail

KI-Agenten-spezifische Schutzmaßnahmen

Computer Use agents introduce unique security considerations. Deck addresses them at the infrastructure level: agents operate in sandboxed VMs with no internet access beyond the target application, actions are bounded by configurable policies, sensitive operations require human approval, and every click is recorded for full session replay and audit.

Ausführung in Sandbox

Kein seitlicher Netzwerkzugriff. Agenten können nur die Zielanwendung erreichen.

Aktionsrichtlinien

Definieren Sie, was Agenten tun können und was nicht. Blockieren Sie Löschungen, begrenzen Sie Ausgaben, fordern Sie Genehmigungen an.

Sitzungswiedergabe

Jede Agentensitzung wird aufgezeichnet. Wiederholen Sie jeden Lauf, um genau zu sehen, was passiert ist.

Kontinuierliche Compliance und Überwachung

Our systems undergo continuous monitoring to proactively detect and prevent security threats. We maintain a thorough audit trail for all key actions, ensuring transparency and accountability.

Vorfallreaktion

Documented response plan. Clients are informed immediately. Containment and resolution within hours, not days.

Penetrationstests

Annual third-party penetration tests. Findings are remediated and verified before the next cycle.

Datenaufbewahrung

At end of service, all customer data — including backups — is permanently deleted. Nein recoverable copies.

Infrastruktur

Hosted on enterprise-grade cloud infrastructure. All subprocessors are vetted against our security standards.

Fragen?

Trust Center → [email protected]

Sicherheit ist grundlegend,kein nachträglicher Gedanke.