Security
ActPass is a control plane that sits between AI agents and the tools they call. Its job is to keep risky actions from executing, so security is the product — not a bolt-on. Here is exactly how it works and what we do and do not claim.
Deterministic, fail-closed enforcement
Every action runs through a deterministic policy evaluator: the same input always yields the same allow / deny / needs-approval decision. Network errors, missing keys, and unverifiable claims always deny — never fail open.
Action Passports (EdDSA)
Actions are authorized by short-lived, goal-scoped Ed25519 (EdDSA) credentials with single-use replay defense and key rotation. Signatures are always verified server-side; client-supplied tenant, tool-hash, and approval fields are treated as hints and independently re-verified.
Encrypted credential vault
Downstream secrets are envelope-encrypted with AES-256-GCM and bound to a scoped, time-limited credential at execution. The broker refuses to store secrets without a configured encryption key.
Tamper-evident evidence chain
Each decision is sealed into an append-only, SHA-256 hash-chained ledger. Reordering or editing any event breaks the chain, and the chain can be independently verified. Exports are signed.
Tenant isolation
The tenant is always resolved from the authenticated principal, never from the request body. One tenant can never read, release, or approve another tenant’s actions.
Compliance status — stated honestly
ActPass is not currently SOC 2, ISO 27001, or HIPAA certified, and we do not display badges for certifications we do not hold. A SOC 2 Type II program is on our roadmap. The architecture above — deterministic decisions, signed passports, an encrypted vault, and a hash-chained evidence ledger — is designed to produce the audit evidence such a program requires. Design partners can request our current security documentation directly.
Responsible disclosure
Found a vulnerability? Email security@actpass.org. We aim to acknowledge reports within two business days. Please give us a reasonable window to remediate before any public disclosure.
See also our Privacy Policy, Terms, and Data Processing Addendum.