Security posture

GRIFF AI is designed around bounded authority: scoped agent identity, explicit policy decisions, risk tiers, human approval for high-risk operations, and append-only custody evidence.

Current controls

• Hardened edge runtime for public API and demo surfaces.
• Scoped storage for tenant metadata, fast configuration, and durable evidence blobs.
• Single-writer chain heads for audit integrity.
• Controlled media custody pipeline for evidence assets.
• Private secret management for production integrations.

Owner-gated production controls

• Production identity, messaging, billing, media, and partner integrations are handled through the private data room.
• Customer-specific control evidence is available under NDA for qualified security and procurement reviews.
• Public pages intentionally avoid publishing secret, provider, or readiness details.