KAIRO

Security

How KAIRO protects what you trust to it.

Six security layers, all production-deployed today. Rate limiting, auth, audit logs, input sanitization, database posture, and human-in-loop gates. Encoded in code, not in policy.

Rate limiting

Per-IP token-bucket rate limiting protects every public API route from abuse and runaway costs.

  • In-memory token buckets keyed by IP
  • Resets on a sliding window per route
  • Designed to swap to a distributed key-value store for multi-instance scale

Auth & session

Magic-link authentication backs every protected surface. Admin routes have a second server-side gate.

  • JWT-backed sessions, validated server-side on every request
  • Admin routes use a server-side requireAdmin allowlist (env-overridable)
  • Founders bypass the paywall via an explicit admin-tier entitlement

Audit logs

Every metered tool run writes a structured event. Admin runs are flagged. Free-tier limits are enforced from this same store.

  • usage_events table records tool_run events with user_id, tool key, and timestamp
  • Free-tier metering counts events in real time, not in cache
  • Audit history is queryable for investigation and billing

Input sanitization

Domain inputs are sanitized to block SSRF, private-network targets, and known-bad hosts before any outbound fetch.

  • Blocks 127.0.0.1, 10.x, 172.16-31.x, 192.168.x, link-local, and AWS metadata endpoints
  • Rejects malformed domains, excessive length, and embedded credentials
  • Applied to every tool that takes a domain as input

Database posture

Row-level security on every table. Server actions own writes. The client never holds the service-role key.

  • RLS policies on every user-owned table
  • Service-role key lives only in server-side environment
  • Public reads gated by entitlements, not by trusting the client

Human-in-the-loop gates

Customer-facing, financial, and irreversible actions are gated by the agent accountability system. Encoded in code, not in policy.

  • 601 agents classified into human-gated, human-notified, and auto-execute modes
  • Customer outputs, money decisions, and deletes always require human approval
  • Gates are visible in the agent registry and enforced at the execution layer

Compliance roadmap

Where we are. Where we are going.

KAIRO is a public preview. We are not SOC 2 certified today. We do not pretend to be. Here is the honest staging of what is in place, and what is queued.

NowRate limiting · RLS · audit logs · JWT auth · input sanitization · human-in-loop gates
Q3 2026SOC 2 Type I readiness assessment · documented incident response plan
Q4 2026SSO via Okta or Auth0 · granular RBAC · data residency options
2027SOC 2 Type II audit · BAA support for healthcare-adjacent customers

Disclosure

Found something? Tell us first.

Responsible disclosure: reach our team through the contact channel with a clear reproduction and we will respond within 72 hours. Do not publish a write-up before we have had a chance to fix.

Read the docs