Security Overview

• Security responsibilities are assigned across engineering and operations functions.
• Control design is reviewed against evolving threats, architecture changes, and compliance needs.
• Risk assessments are performed for major platform and infrastructure changes.

• API key authentication and organization-scoped access boundaries.
• Role-based permissions for workspace operations and administrative actions.
• Audit logging for key issuance, usage metering, billing actions, and configuration changes.
• Administrative access is restricted and periodically reviewed.

• Encryption in transit using TLS for API and dashboard traffic.
• Encryption at rest for sensitive persisted records and provider key material.
• Least-privilege operational access and segmented environment boundaries.
• Controlled secrets management and key rotation procedures.

• Rate limiting and abuse controls on gateway request paths.
• Telemetry-driven monitoring for latency anomalies, error spikes, and suspicious activity.
• Dependency and configuration reviews as part of release lifecycle.
• Secure deployment procedures with production change controls and rollback planning.

Security and operational events are logged and monitored to identify anomalous behavior, abuse attempts, and service-impacting failures. Alerting workflows are used for escalation and remediation.

Security events are triaged by severity, contained, investigated, and remediated through documented response procedures. Material incidents are communicated to affected customers according to applicable obligations.

Platform architecture includes redundancy, backup, and recovery practices intended to reduce the risk of prolonged service disruption and data loss.

• Sylica secures core platform infrastructure, service routing, and account boundaries.
• Customers remain responsible for secure key handling, input governance, and downstream application controls.
• Customers should configure least-privilege access and prompt internal data handling policies.

Report security findings to security@sylicaai.com. Please include reproducible details and responsible disclosure expectations.