Midcore is built with security at every layer — from kernel-level sandboxing to zero-data-retention AI providers. Here's how we protect your most valuable asset.
Every layer of Midcore is built with security as a first-class concern — not an afterthought.
AES-256 at rest, TLS 1.3 in transit. Your code is encrypted from the moment it leaves your machine.
Deny-by-default access controls. Every request is authenticated, authorized, and scoped.
Audit logs for every privileged action. You always know who did what, when, and why.
Built on battle-tested cloud infrastructure with defense-in-depth.
Security controls woven into the product architecture, not bolted on.
33+ verification gates that every release must pass. Security checks are automated and non-bypassable.
Deny-by-default RBAC with tenant-scoped data. Every query is scoped to your organization — no cross-tenant access.
No hardcoded secrets. All credentials are managed via vault with automatic rotation support.
Every privileged action, gate result, and evidence artifact is recorded in an immutable audit trail.
AI agent commands execute in sandboxed environments with kernel-level isolation and network controls.
All API inputs are validated at trust boundaries. Stable error shapes. No injection vectors.
When Privacy Mode is enabled, your code is processed exclusively by LLM providers with zero-data-retention (ZDR) agreements. No code is stored on provider servers beyond the duration of the API request. Codebase indexing uses only obfuscated file paths and embeddings.
How we build and ship Midcore securely.
SBOM generation for every release artifact. Dependency provenance verified. Signed builds.
All changes require peer review. Automated BugBot scans every PR for security vulnerabilities.
8 mandatory hardening rounds for production: identity, audit, secrets, build integrity, data, integration, launch.
We welcome security researchers. Report vulnerabilities to security@midcore.dev for coordinated disclosure.
Meeting the standards your organization requires.
Audit currently underway. Expected completion Q2 2026.
Full compliance with EU General Data Protection Regulation.
Full compliance with California Consumer Privacy Act.
DPA available for enterprise customers upon request.
Found a vulnerability? We take security reports seriously and respond within 24 hours. We ask that you give us reasonable time to address issues before public disclosure.
Contact: security@midcore.dev · See also: Privacy Policy · Terms of Service