Security at NXT AI
We build oversight infrastructure for AI agents. That requires our own security posture to be rigorous, transparent, and continuously improving.
Security Architecture
NXT AI's infrastructure is designed around the principle of least privilege. Glyph Guard operates as a stateless checkpoint layer that inspects agent requests in transit without persisting raw payloads. All inter-service communication is encrypted with TLS 1.3, and internal APIs are authenticated via short-lived, scoped tokens. Our control plane runs on isolated compute with strict network segmentation.
Data Protection
We treat your data as yours. Glyph Guard processes agent requests in real time to evaluate risk and enforce policy, but does not retain the content of those requests beyond the inspection window. Audit logs capture structured metadata (timestamps, risk scores, policy outcomes) rather than raw request bodies. Data at rest is encrypted with AES-256, and encryption keys are managed through a dedicated key management service with automatic rotation.
Compliance
NXT AI is building toward SOC 2 Type II certification and aligns its internal controls with the AICPA Trust Services Criteria. We maintain formal policies for access control, incident response, change management, and vendor risk. As our compliance posture matures, we will publish relevant attestation reports for enterprise customers under NDA.
Responsible Disclosure
If you believe you have discovered a security vulnerability in any NXT AI product or service, we encourage responsible disclosure. Please contact us at security@nxt-ai.net with a clear description of the issue. We ask that you allow reasonable time for remediation before any public disclosure. We do not pursue legal action against researchers who act in good faith.
For security inquiries, contact security@nxt-ai.net