Platform · Security

Security by Architecture.

Your data never leaves your control.

Security at OpsCanvas isn't a checklist bolted on at the end. The platform was designed from the first line of code around a simple constraint: an AI that operates on your infrastructure must be provably safe, deterministic where it matters, and always subordinate to human approval.

No credentials ever shared with OpsCanvas
No autonomous network scanning
Human approval before any action
SOC 2 Type II certification in process

The Model

No uncontrolled AI exploration. Ever.

Discovery uses approved APIs, approved connectors, and the permissions your engineers already hold. Assessments run as two scoped, deterministic, approval-gated phases: inventory discovery through approved connectors, then deterministic policy checks against that inventory. Oscar never performs open-ended network scanning, and no action executes without explicit human sign-off.

Architectural Guarantees

Eight properties, enforced by design.

These are not policies we promise to follow. They are properties of how the platform is built.

Approved APIs and connectors only

Every signal enters through an approved API or connector. There is no crawling, probing, or scanning path in the product. What isn't approved isn't touched.

Existing permissions only

Oscar operates within the exact permission boundary of the engineer running it. No new IAM roles, no service accounts, no credential handover to a third party.

Deterministic assessments

Assessments are two scoped, approval-gated phases: inventory discovery via approved connectors, then deterministic policy checks. Same inputs, same findings, every time.

Human approval before any action

Oscar analyzes and proposes. Nothing executes without explicit sign-off, and every proposal arrives with its full evidence trail so approvers decide with context.

Decision Traces for everything

Every query, finding, proposal, and approval is logged with its reasoning. Audits and post-mortems read the trace instead of reconstructing the timeline.

Permission-aware reasoning

Oscar understands what each change can affect and what you are allowed to do. It will not propose actions that exceed your permissions or your blast radius comfort.

Where Your Data Lives

Three tiers. One rule: OpsCanvas doesn't see your data.

At every tier, your cloud data, credentials, and operational history stay under your control. The only thing that differs is where the platform runs.

Oscar Ops: your workstation

Oscar runs entirely on the engineer's machine. Cloud data is queried locally and never transmitted to OpsCanvas. Your AI model key stays local and is billed to your own account.

Oscar Pro: hosted, but not your data

Pro is the only OpsCanvas-hosted tier. Even there, we have no access to customer cloud data or credentials. The service receives only the usage and performance metrics required for issue handling and product improvement.

Enterprise: your network, entirely

Enterprise is self-hosted. The server, the central Cloud Intelligence Graph™, all history, and every Decision Trace live on your infrastructure, inside your security boundary.

Compliance

SOC 2, in process and operating as if certified.

OpsCanvas operates in accordance with SOC 2 requirements today, and our Type II certification is in process. Because the architecture keeps customer data out of our hands entirely, the audit surface is unusually small: there is no customer cloud data in our environment to protect, because it never arrives.

Common Questions

Security, answered.

Does OpsCanvas ever see our cloud credentials or data?

No. Oscar Ops keeps everything on the engineer's workstation. Enterprise is self-hosted on your network. Oscar Pro, the only tier we host, receives usage and performance metrics only, never customer cloud data, credentials, or graph contents.

Does Oscar scan our network?

No. Oscar performs no open-ended or autonomous network scanning. Discovery happens through approved APIs and connectors using existing permissions, and assessments run as two scoped, deterministic, approval-gated phases: inventory discovery first, then deterministic policy checks against that inventory.

Can the AI take actions on its own?

No. Oscar analyzes, explains, and proposes. Every action that would change your environment requires explicit human approval, and each proposal is presented with its full evidence trail. In team and Enterprise deployments, role-based controls define who may propose and who may approve.

What is your SOC 2 status?

We operate in accordance with SOC 2 requirements and our Type II certification is currently in process. If your procurement process needs specifics, contact us and we will share the current status and timeline directly.

Which AI model sees our prompts?

The one you choose. Oscar works with your own model account: your API key stays on your machine and you are billed directly by your provider. OpsCanvas never sees your prompts or your model credentials.

Talk to Us

Bring your security team. We like those conversations.

Schedule a demo and walk through the architecture with us: discovery paths, approval gates, data flows, and the deployment model that fits your boundary.