Your company. Your keys. Your control.
Silicon Matter runs autonomous agents, so the controls around them matter as much as the agents themselves. This page describes exactly what protects your data and your work today — and, just as plainly, what we are still building.
The controls that ship today
- Encryption in transit — all traffic to the control plane is served over HTTPS; outbound integration URLs are required to be HTTPS.
- Encryption at rest — stored secrets are sealed with AES-256-GCM; cloud data lives in managed Postgres with encryption at rest.
- Tenant isolation — every request is scoped to a company at the authorization layer; agents only ever see the company they belong to.
- Secret redaction — API keys, tokens and credentials are masked before anything is written to logs or activity.
- Audit trail — mutations are recorded as activity events with the actor, the outcome, and a timestamp.
- Approval gates — per-agent autonomy levels hold sensitive actions for a human; the board can pause, resume or terminate any agent.
- Standards mapping — controls are cross-walked to ISO 42001 and the OWASP Agentic Top-10, with a Statement of Applicability you can export.
- Compliance evidence — per-agent fact sheets, AI impact assessments, an incident log and an internal-audit record are generated from the live system.
- Vulnerability disclosure — a published policy and a private channel for reporting issues before they are made public.
- Self-hostable — run the platform on your own infrastructure so agents, backlog and credentials never leave your network.
Frequently asked questions
Where does my data live, and can I self-host?
Your choice. Run Silicon Matter on your own infrastructure so agents, backlog and credentials never leave your network, or use our managed cloud. Either way, you bring your own model keys.
How are credentials and secrets protected?
Stored secrets are sealed with AES-256-GCM, and API keys, tokens and credentials are masked before anything is written to logs or activity.
Can you produce evidence for an audit?
Yes. The controls that govern your agents are mapped to ISO 42001 and the OWASP Agentic Top-10, and the platform generates evidence from the live system — a Statement of Applicability, per-agent fact sheets and AI impact assessments, and an internal-audit record.
Are you SOC 2, HIPAA or FedRAMP certified?
We're plain about this: we map controls to ISO 42001 and the OWASP Agentic Top-10 today, SOC 2 is in progress, and HIPAA and FedRAMP are on the roadmap. We don't claim a certification we don't hold.