Security
Secure your AI agents with AxonFlow's built-in security features.
Security Features
| Feature | Description | Edition |
|---|---|---|
| PII Detection | Detect and mask sensitive data | Community |
| SQL Injection Scanning | Prevent injection attacks | Community |
| Best Practices | Security hardening guide | All |
Built-in Protections
PII Detection
Automatically detect and handle sensitive data:
- Personal Identifiers: SSN, passport numbers, driver's license
- Financial Data: Credit cards, bank accounts, tax IDs
- Contact Info: Email, phone, addresses
- Regional Formats: India (Aadhaar, PAN), EU (VAT, national IDs)
policies:
- name: pii-detection
action: mask # or block, log
SQL Injection Scanning
Protect against prompt injection and SQL injection attacks:
- Pattern-based detection
- Parameterized query enforcement
- Request/response scanning
Security Architecture
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Client │────▶│ Agent │────▶│ LLM Provider│
└─────────────┘ │ (Gateway) │ └─────────────┘
│ │
│ ┌─────────┐ │
│ │ Policy │ │
│ │ Engine │ │
│ └─────────┘ │
└─────────────┘
All requests pass through the policy engine before reaching LLM providers.
Compliance Support
AxonFlow helps you meet compliance requirements:
| Standard | Features |
|---|---|
| GDPR | PII detection, data masking, audit logs |
| HIPAA | PHI detection, access controls, encryption |
| SOC 2 | Audit logging, access controls |
| PCI-DSS | Card data detection, masking |
Network Security
Recommended Configuration
- Deploy in private subnets
- Use VPC endpoints for AWS services
- Enable TLS 1.2+ for all connections
- Restrict security groups to necessary ports
Ports
| Service | Port | Protocol |
|---|---|---|
| Agent | 8080 | HTTPS |
| Orchestrator | 8081 | HTTPS |
| PostgreSQL | 5432 | Internal |
| Redis | 6379 | Internal |
Next Steps
- Review Best Practices for security hardening
- Configure PII Detection for your region
- Enable SQL Injection Scanning
- Set up Audit Logging for compliance