Skip to content
Trust & security

Offensive power, engineered to be safe

ShieldView runs real attacks against real systems — so safety, isolation and accountability are foundational, not afterthoughts. Here's how we protect your data and your environment.

Security posture

How we keep autonomy safe

Encryption everywhere

Data is encrypted in transit and at rest. Credentials and API keys live in an AES-256-GCM encrypted vault, never in plaintext.

Least-privilege access

Role-based access control across a nine-role hierarchy, with per-tenant isolation so one customer can never see another's data.

Sandboxed execution

Offensive actions run in isolated, policy-controlled environments under policy-as-code, with per-tool rate limits.

Human-in-the-loop control

High-risk actions require explicit approval. Kill switches and circuit breakers can halt any agent or the whole platform instantly.

Immutable audit logs

Every agent decision and action is written to a tamper-evident log — complete accountability for security and compliance reviews.

Compliance-aligned

Findings and controls map to the frameworks you report against, so evidence collection is continuous rather than a scramble.

Defense in depth

Every high-risk action passes through six layers

Safety isn't a single setting — it's a sequence. Here's the path every offensive action travels before it ever touches your environment.

  1. 01

    Scoped authorization

    Agents can only touch the assets you've explicitly authorized. Anything outside the defined scope is refused before it starts.

  2. 02

    Policy-as-code guardrails

    Every action is evaluated against policy first — allowed techniques, per-tool rate limits and blast-radius caps — so nothing runs unchecked.

  3. 03

    Human-in-the-loop approval

    High-risk exploitation pauses and waits for your explicit sign-off. Nothing destructive happens without a human in the loop.

  4. 04

    Sandboxed execution

    Approved actions run in isolated, policy-controlled environments with no standing access and full per-tenant isolation.

  5. 05

    Kill switches & circuit breakers

    Any agent — or the entire platform — can be halted instantly, and automated circuit breakers trip on anomalous behavior.

  6. 06

    Immutable audit trail

    Every decision and action is written to a tamper-evident log — fully attributable for security reviews and compliance.

Compliance

Aligned to the 12 frameworks you report on

Continuous testing produces continuous evidence. ShieldView auto-verifies controls from real findings, tracks the rest in an evidence library, and exports auditor-ready packs — including NIST OSCAL — across a dozen frameworks.

SOC 2ISO 27001NIST CSFNIST 800-53PCI-DSSCIS ControlsHIPAAASD Essential 8NZISMNCSC CAFCyber EssentialsITSG-33
Data handling

Your data, handled with care

ShieldView only processes the data needed to test your environment and deliver findings. Engagement data is isolated per tenant and access is governed by least-privilege role-based controls.

Infrastructure spans hardened cloud environments with an optional on-premises appliance for internal testing, connected over a secure overlay network that requires no inbound firewall ports.

For a current list of sub-processors, data-residency options, or to request security documentation, contact our team at sales@shieldview.com.

Responsible disclosure

Security is our craft — we welcome reports from the community. If you believe you've found a vulnerability in ShieldView, please report it to us privately so we can investigate and remediate before any public disclosure. We commit to acknowledging reports promptly and keeping you updated on our progress.

Email security@shieldview.com with details and reproduction steps. Please don't access or modify data that isn't yours, and give us reasonable time to respond before disclosing publicly.