Security

Trust is not a feature — it’s the foundation.

Every Matrix security decision is architectural. We don’t patch vulnerabilities into a system designed for trust. We start with the threat model and design backwards.

Credential isolation

UWAC vaults OAuth tokens on a per-user, per-tool basis. Credentials are injected at the tool call boundary and never included in any model prompt.

Intent validation

Every intent is validated against a declared permission manifest before execution. Actions outside the permission scope are rejected before the executor sees them.

Sandbox execution

Shell and filesystem tools run in namespaced sandboxes. Resource limits, network policy, and file access are scoped per-agent at the kernel level.

Cryptographic audit trail

Cortex’s Merkle-anchored snapshots and MCL’s EIP-712 receipts produce a tamper-evident record of every agent action that can survive a breach.

Compliance & disclosure

Matrix is SOC 2 Type II compliant for enterprise deployments. Our security posture is reviewed quarterly by an independent third party. We maintain a responsible disclosure program and request that researchers contact security@matrix.ai before publishing findings.

Critical vulnerabilities are patched within 72 hours. Non-critical findings are addressed in the next scheduled release cycle. All resolved CVEs are disclosed publicly within 90 days of remediation.

Create a free website with Framer, the website builder loved by startups, designers and agencies.