Platform Security
How the DropOps platform protects your infrastructure and data.
Security by Intent
DropOps is designed around deliberate human action at every step, creating a chain of intent that makes unauthorized actions structurally impossible.
- Operator deployment - You generate a unique API key and start the Operator yourself
- Account binding - You authenticate and explicitly link the Operator to your current chat session
- Session initiation - You start every conversation; the AI never initiates
- Change approval - You review and approve every change before execution (read-only exploration is automatic)
- Instant stop - Stop the AI mid-response at any time, or kill the Operator remotely from the UI
Every change requires your conscious choice. The AI freely explores to understand your systems, but modifying them always requires your explicit approval.
The Operator runs as a standard process on your system. Logging out of a remote session kills it. Rebooting the system kills it. You are always in control.
Complete Operator Control
You have multiple independent ways to cancel operations and stop operators:
- Cancel running commands - Click cancel during command execution to immediately terminate the process (SIGKILL to process group)
- Stop AI processing - Click the stop button to halt AI generation and cancel pending operations
- Stop operator remotely - Click the stop icon in the Operator Panel to send a shutdown command over the network
- Revoke API key - Refresh the API key to instantly disconnect the operator and invalidate its credentials
- Kill locally - Press Ctrl+C, logout, or reboot—the operator is a standard process with no persistence
- AWS Cloud Operator - Stop the systemd service, or stop/reboot/terminate the EC2 instance from the AWS Console
No automatic timeouts—long-running operations like terraform apply complete naturally. You decide when to cancel. The operator is just a binary—run it however you prefer (foreground, background, screen/tmux, systemd). It leaves no services, daemons, or open ports when stopped.
Zero Inbound Connectivity
The DropOps Operator initiates all connections outbound. No open ports, no firewall rules, no VPN.
# Traditional approach Internet --[SSH:22]--> Firewall --[VPN]--> Your Server Open ports = attack surface # DropOps approach Your Server --[outbound only]--> DropOps No listening ports. Nothing to attack.
- Outbound TLS 1.3 on port 443 - Works behind NAT, corporate firewalls, and restrictive networks
- No listening ports - Invisible to network scans and reconnaissance
- Mutual TLS (mTLS) - Both client and server authenticate each connection
Human-in-the-Loop Execution
All changes require your explicit approval. The AI proposes modifications, you decide.
- Read-only exploration - When you deploy an Operator, you signal intent for the AI to explore that system. File reads, directory scans, and status checks happen automatically to gather information
- Mandatory approval for changes - File modifications, package installs, service changes, and any state-altering operations require your confirmation
- Complete audit trail - Every request, proposal, decision, and result is logged
No changes execute on your systems without your explicit approval. Read-only operations proceed automatically so you're only engaged when decisions matter.
Authentication
- Google OAuth 2.0 - We never see or store your password
- API keys for Operators - Unique per-operator, non-transferable between machines
- Encrypted sessions - HttpOnly cookies with automatic expiration
Data Protection
- Encrypted in transit - All connections use TLS 1.3
- Encrypted at rest - Sensitive data encrypted with AES-256
- Stripe for payments - Card data never touches our servers
- US data residency - All data stored in United States regions
AI Safety Controls
- Least privilege by default - The Operator runs as the user who launched it, with no ability to elevate its own permissions
- Command blacklist - Dangerous operations are blocked before execution (whitelist mode also available for high-security environments)
- System file protection - Critical system paths are protected from modification
- Output sanitization - Command output is sanitized before AI processing
- Automatic limits - Built-in safeguards prevent runaway operations
We recommend running the Operator as a standard user. Only start with elevated privileges if your specific task requires it.
Infrastructure Security
- HTTPS everywhere - TLS 1.3 with HSTS enforcement
- XSS and CSRF protection - Industry-standard defenses enabled
- Rate limiting - Protection against abuse and denial of service
- Secure secrets storage - Credentials stored in encrypted vaults, never in code
- Internal access controls - All personnel require two-factor authentication
Incident Response
We maintain a documented incident response plan with defined escalation procedures.
| Severity | Detection | Customer Notification | Resolution Target |
|---|---|---|---|
| P1 - Critical | < 4 hours | < 8 hours | < 24 hours |
| P2 - High | < 8 hours | < 24 hours | < 48 hours |
| P3 - Medium | < 24 hours | < 48 hours | < 5 days |
| P4 - Low | < 48 hours | < 72 hours | < 14 days |
- Breach notification - Affected customers notified within 72 hours per GDPR requirements, 24 hours for critical breaches
- Post-incident reporting - Root cause analysis provided within 5 business days of resolution
- Continuous improvement - All incidents feed into security improvements and runbook updates
Business Continuity & Disaster Recovery
| Metric | Commitment |
|---|---|
| Service Availability | 99.9% uptime SLA |
| Recovery Time Objective (RTO) | < 4 hours |
| Recovery Point Objective (RPO) | < 1 hour |
| Backup Frequency | Continuous replication + hourly snapshots |
| Backup Retention | 90 days |
| Geographic Redundancy | Multi-region failover (US) |
| DR Testing | Quarterly failover exercises |
Third-Party Risk Management
We maintain a limited set of vetted subprocessors, each with documented security assessments.
| Subprocessor | Purpose | Data Processed | Compliance |
|---|---|---|---|
| Google Cloud Platform | Infrastructure hosting | All service data | SOC 2, ISO 27001, FedRAMP |
| Stripe | Payment processing | Payment data only | PCI DSS Level 1 |
| Google (Gemini) | AI processing | Session context | SOC 2, ISO 27001 |
- Vendor security reviews - Annual security assessment of all critical vendors
- Dependency scanning - Automated vulnerability scanning of all third-party libraries
- Subprocessor changes - Customers notified 30 days before adding new subprocessors
Logging & Monitoring
- Audit log retention - 7 years for all logs
- Log immutability - Write-once storage prevents tampering or deletion
- Customer log access - Export your complete audit trail from account settings
- Real-time monitoring - 24/7 automated alerting on security anomalies
- SIEM integration - Webhook and API support for forwarding logs to your security tools
Penetration Testing & Vulnerability Management
- Third-party penetration tests - Annual assessment by independent security firm
- Continuous scanning - Automated vulnerability scanning on every deployment
- Critical CVE response - Target: patches deployed within 24 hours for critical vulnerabilities
- High CVE response - Target: patches deployed within 7 days for high-severity vulnerabilities
- Penetration test reports - Executive summary available to enterprise customers under NDA
Network Security Details
- Operator connections - Outbound to operator.dropops.ai:443 only (Redis over TLS)
- Certificate pinning - mTLS certificates are pinned to prevent man-in-the-middle attacks
- Connection heartbeat - 30-second keepalive with automatic reconnection on failure
- No command timeout - Long-running commands complete naturally; you decide when to cancel
- Operator updates - Signed binaries with automatic security patch delivery
Internal Access Controls
- Principle of least privilege - Access granted only for specific job functions
- Quarterly access reviews - All employee access audited and re-certified
- Privileged access management - Production access requires MFA and is time-limited
- Separation of duties - Development, operations, and security roles are segregated
- Background checks - All employees undergo background verification
- Security training - Annual security awareness training required for all personnel
Data Classification & Handling
We collect only what is necessary to provide the service.
| Data Type | Collected | Retention |
|---|---|---|
| Account information | Email, name (from Google OAuth) | Until account deletion |
| Chat history | All conversations with the AI | Until account deletion |
| Operator activity | Commands, approvals, connection times | Until account deletion |
| Audit logs | All actions, approvals, and approver IP addresses | 7 years |
| User preferences | Workflow preferences (non-specific) | Until account deletion |
- Sensitive data redaction - Passwords, API keys, and secrets are automatically detected and redacted from logs
- Data minimization - We do not store file contents, only metadata and diffs when approved
- Customer data isolation - Strict multi-tenant separation with unique encryption keys per customer
We never store passwords (Google OAuth only) or credit card numbers (Stripe handles all payment data). File contents are not persisted.
Operator Security Hardening
Both the Cloud Operator and standalone binary share the same ultra-high security foundation.
- Zero inbound connectivity - All operators initiate connections outbound only. Nothing to attack.
- Binary signing - All Operator binaries are cryptographically signed
- Integrity verification - SHA-256 checksums published for all releases
- Automatic security updates - Critical patches are auto-applied (can be disabled for enterprise)
- Cloud Operator - Pre-configured EC2 AMI with security tools (fail2ban, auditd, Restic) and Zero Standing Privileges—AI requests access only when needed
- Standalone Binary - Lightweight 5MB agent with identical security model. A flexible building block for any environment.
- Memory safety - Operator built with memory-safe practices to prevent buffer overflows
AWS Cloud Operator: Zero Standing Privileges
The Cloud Operator launches with zero access to your AWS resources. When you request something outside its current permissions, the AI asks for approval, grants itself least-privilege access, and executes—all in one step. Revoke any permission anytime.
🔒 Permission Boundary Protection: The IAM role includes a permission boundary that acts as a hard security ceiling. The Operator can never grant itself admin-level permissions like AdministratorAccess, iam:*, *:*, or policies with *Admin* in the name—even if the AI wanted to. It can only grant scoped, least-privilege permissions like ec2:DescribeInstances or s3:GetObject.
- Minimal base permissions - The Operator starts with only the ability to identify what it can reach via AWS SDK—no pre-granted access to your resources
- Intent-based IAM - Permissions are granted through conversation, not JSON policies. You say "Yes" or "No" to plain-English questions
- Just-in-Time Access - Permissions are granted only when needed and can be revoked anytime through conversation
- Permission boundary enforcement - Hard security ceiling prevents escalation to admin privileges, even if requested
- No stored AWS credentials - Uses EC2 instance metadata (IMDS) for AWS credentials—no AWS access keys stored on disk. DropOps platform authentication uses a separate API key from your Operator Panel.
- IMDSv2 enforced - Enhanced instance metadata security prevents SSRF attacks
# DropOps Cloud Operator for AWS Permission Model Permission Boundary (always enforced): DENY: AdministratorAccess, PowerUserAccess, *Admin*, *FullAccess DENY: Wildcard actions in inline policies (Hard security ceiling - cannot be bypassed) Policy 1 - Base (always present): sts:GetCallerIdentity (Who am I?) iam:GetRole, GetInstanceProfile (Self-discovery) iam:SimulatePrincipalPolicy (What can I do?) iam:ListRolePolicies, GetRolePolicy (List own policies) Policy 2 - Self-Escalation (conditional): iam:PutRolePolicy, DeleteRolePolicy (Update own inline policies) iam:AttachRolePolicy, DetachRolePolicy (DropOps-* managed policies only) (Restricted by permission boundary above) Intent-based escalation: AI: "Should I see other EC2 instances?" You: "Yes" AI: Generates and applies ec2:Describe* policy (Permission boundary allows - scoped permission)
Auto-Approved Self-Discovery
Cloud Operators can check their own IAM identity and permissions without requiring your approval. These read-only commands (such as aws sts get-caller-identity and aws iam get-role-policy) help the AI understand what it can do before asking you for additional access.
- Self-discovery only - Commands can only query the operator's own IAM role, not other AWS resources
- No state changes - These commands are strictly read-only with no side effects
- All other commands require approval - Any action beyond self-discovery needs your explicit consent
The Operator can only access what you explicitly authorize through conversation. No pre-configured access to your AWS resources.
Slack Interface Security Coming Soon
Slack integration is coming soon. When available, Slack sessions will work exactly like web sessions—same authentication, same operator binding, same approval workflow.
The Slack interface will include the following security measures:
- Private channels only - Each customer will get their own private channel; customers cannot see each other's channels or conversations
- Account linking required - Your Slack user must be linked to a valid DropOps account before you can interact with operators
- Same approval workflow - Changes require your explicit approval via interactive buttons; read-only operations proceed automatically
- Webhook signature verification - All Slack events verified using HMAC-SHA256 signatures with timestamp validation
- Session isolation - Slack sessions stored separately and cannot access web session data or vice versa
When launched, Slack will be an alternative interface, not a bypass. The same security controls that protect web sessions will protect Slack sessions.
Build & Release Pipeline
Our release process is designed for integrity and traceability:
- Immutable builds - Build artifacts are generated in isolated CI environments and cannot be modified post-creation
- Signed binaries - All releases are cryptographically signed with keys stored in hardware security modules
- Reproducible builds - Build process is deterministic; same source produces identical binaries
- Dependency pinning - All dependencies are version-locked and verified against known checksums
- Automated security gates - Builds must pass vulnerability scanning and security tests before release
Security Testing
We regularly perform internal security validations on Operator releases before distribution. Our testing includes:
- Syscall analysis - strace tracing to detect suspicious system calls (ptrace, privilege escalation, chroot escapes)
- Network verification - tcpdump capture to verify outbound-only connections to expected endpoints
- Runtime monitoring - Falco behavioral analysis to detect anomalous runtime activity
- File system auditing - auditd logging to track all file access patterns
- Malware scanning - Scanned against multiple industry-standard malware and threat-detection engines
We aim to run security validation on every build. Releases with critical failures are blocked pending review.
Compliance Alignment
DropOps is architected to meet enterprise compliance requirements. We implement the controls and practices required by major frameworks, positioning us for formal certification as we scale.
| Framework | Status | Scope |
|---|---|---|
| SOC 2 Type II | Aligned | Security, availability, and confidentiality controls implemented |
| ISO 27001 | Aligned (certification planned 2025) | Information security management system in place |
| FedRAMP | Aligned (certification planned) | Federal security requirements for government customers |
| GDPR | Aligned | EU data protection requirements implemented |
| CCPA | Aligned | California consumer privacy requirements implemented |
| HIPAA | Aligned (BAA available) | Healthcare data protection controls in place |
Note: "Aligned" means we have implemented the required controls and practices. Formal third-party certification is in progress. Documentation available upon request under NDA.
- SOC 2 report - Full audit report available to customers and prospects under NDA
- Data Processing Agreement - DPA available for GDPR compliance
- Security questionnaire - We respond to CAIQ, SIG, and custom questionnaires
Enterprise Security Review Pack
For security-conscious customers, consulting firms, or regulated industries, we offer a comprehensive security review package under NDA:
- Syscall and runtime logs - Sample strace, Falco, and auditd traces from security validation runs
- Network verification reports - tcpdump captures demonstrating outbound-only connectivity
- Sandbox test results - Container isolation and privilege escalation test outcomes
- Software Bill of Materials (SBOM) - Complete dependency inventory with vulnerability status
- SOC 2 Type II report - Full audit report from our independent auditor
- Penetration test executive summary - Findings from our most recent third-party assessment
Request Security Review Pack
Available to customers and qualified prospects. NDA required.
What We Don't Do
Transparency means being clear about boundaries. Here's what DropOps explicitly does not do:
- No persistent file storage - We do not store full file contents; only metadata and diffs when you approve operations
- No remote shell access - The Operator does not include built-in SSH, remote desktop, or backdoor capabilities
- No AI-initiated actions - The AI never starts conversations or executes commands without your explicit request
- No credential storage - We never store your passwords (Google OAuth only) or payment details (Stripe handles all payment data)
- No cross-customer data access - Strict tenant isolation means your data is never accessible to other customers or used for training
Your Data Rights
- Data access - View all data we store about you from your account settings
- Data deletion - Delete your account and all associated data at any time
- Data portability - Export your data in standard formats
Responsible Disclosure
Report Security Issues
Include reproduction steps. We acknowledge within 48 hours and provide resolution timeline within 5 business days.
- Safe harbor - Good-faith security researchers will not face legal action
- Recognition - Researchers credited in our security acknowledgments (with permission)