Enterprise Security for AI Agent Platforms

Why AI Agent Security Is Different

AI agents introduce a new class of security challenges that traditional application security frameworks don't fully address. Agents make autonomous decisions, call external APIs, process sensitive data, and execute code — all with minimal human oversight. A security breach in an AI agent doesn't just leak data; it can take actions with real-world consequences.

Agent Builder Platform is built from the ground up with enterprise security requirements in mind. Here's how the security model works.

Sandboxed Execution

Every agent on Agent Builder Platform runs in a fully isolated sandbox. This means:

• Process isolation — Each agent runs in its own container with no shared memory or filesystem access to other agents
• Network isolation — Agents can only reach explicitly whitelisted external endpoints
• Resource limits — CPU, memory, and execution time are capped per request to prevent runaway processes
• Ephemeral environments — Containers are destroyed after each execution, leaving no residual data

This architecture ensures that even if an agent is compromised through prompt injection or a malicious tool, the blast radius is contained to a single request within a single sandbox.

Secrets Management

How Credentials Are Stored

API keys, database passwords, and other sensitive credentials are stored in an encrypted vault — never in agent code, environment variables, or logs. The platform uses AES-256 encryption at rest and TLS 1.3 in transit. Secrets are injected into the agent's sandbox at runtime and are never written to disk.

Least-Privilege Access

Each agent is granted access only to the specific secrets it needs. A customer support agent doesn't have access to your payment processing credentials, even if both run on the same platform. Secret access is audited and logged.

Role-Based Access Control (RBAC)

Agent Builder Platform provides granular RBAC for team collaboration:

• Viewer — Can see agent configurations and dashboards but cannot modify anything
• Developer — Can build, test, and iterate on agents in staging environments
• Deployer — Can promote agents from staging to production
• Admin — Full access including billing, security settings, and user management

Roles can be assigned per workspace, per agent, or globally across the organization. All role changes are logged in the audit trail.

Audit Logging

Every action on the platform is recorded in an immutable audit log:

• Agent deployments, configuration changes, and rollbacks
• Secret access and modifications
• User authentication events and role changes
• Agent execution logs including inputs, outputs, and tool calls

Audit logs are retained for a configurable period (default: 1 year) and can be exported to your SIEM system for centralized security monitoring.

Compliance Frameworks

SOC 2 Type II

Agent Builder Platform's infrastructure is SOC 2 Type II certified, covering security, availability, processing integrity, confidentiality, and privacy. Annual audits are conducted by independent third-party assessors.

Data Residency

For organizations with data sovereignty requirements, deploy agents to specific regions. Data processed by an agent in the EU region stays in the EU — including logs, conversation histories, and cached responses.

GDPR and CCPA

The platform provides built-in tools for data subject access requests, right to deletion, and consent management. Personal data processed by agents can be automatically tagged, tracked, and purged on request.

Securing the AI Layer

Beyond infrastructure security, Agent Builder Platform protects the AI layer itself:

• Prompt injection detection — Incoming requests are scanned for known injection patterns before reaching the model
• Output filtering — Agent responses are checked against content policies before being returned to users
• Model access controls — Restrict which models each agent can use, preventing accidental use of expensive or non-compliant models

Get Enterprise-Grade Security

Security shouldn't be an afterthought. With Agent Builder Platform on Oya.ai, enterprise security is built into every layer — from the sandbox to the audit log. Start building secure agents today.