Security & compliance

Trust, proven.

Security, compliance, and data protection — with the live evidence to back every claim. See exactly how EvalGuard safeguards your AI data and meets enterprise requirements.

View SLA

Contact security

SOC 2 evidence engineISO 42001 mappedEU AI ActGDPR

Compliance posture

control evidence · live

Live

SOC 2Live

86%

ISO 42001Mapped

92%

EU AI ActAnnex IV

100%

OWASP LLM Top 1010 / 10

100%

99.95%SLA uptime

<2.57msfirewall p95

33frameworks

evidence sha256 · 90+ providers verified · tamper-checked

SEC-01 · Reliability

Performance & reliability

Numbers are published, not claimed. Each link lands on a page with reproducible methodology.

Firewall latency benchmark

Sub-3ms p95 across 20,000 runs. Per-layer breakdown, sample prompts, reproducible commands. Re-run on your hardware.

View benchmark

Service-level agreement

Per-tier uptime + p95 latency commitments + support response times. 99.95% on Enterprise, 99.5% on Pro.

Verify compliance document

Auditor utility — paste any downloaded Annex IV / SoA / audit-bundle / evidence row, server recomputes the canonical SHA-256 hash, confirms tamper-detection. No data stored.

Verify document

SEC-02 · AI security

AI-specific security

Purpose-built security features for AI/LLM applications — not retrofitted from traditional AppSec.

Shadow AI Detection

Detect unauthorized AI usage across your org. Monitor which models employees use, flag PII in outbound prompts, and block unapproved providers in real-time.

AI Security Posture Management (AI-SPM)

Discover all AI models deployed, map data flows, detect misconfigurations, and get a unified posture score with actionable recommendations.

Smart AI Copilot

Auto-analyze scan results, prioritize findings by risk, suggest step-by-step fixes with code examples, and map GDPR/HIPAA/OWASP compliance impact.

250+ Red Team Attack Plugins

Automated adversarial testing with prompt injection, jailbreak, PII extraction, data exfiltration, and 40+ attack strategies — mapped to OWASP LLM Top 10.

adaptive · multi-turnUCB1 bandit

Turn 1

resisted

Turn 2

resisted

Turn 3

breached

5-Layer LLM Firewall

Real-time input/output scanning with PII redaction, injection detection, toxicity filtering, topic restriction, and content moderation.

AI Gateway with SSRF Protection

Route LLM traffic through a secure proxy with DNS rebinding protection, rate limiting, cost tracking, and automatic trace logging.

SEC-03 · Compliance

Compliance & reference

Deep-dive references: regulator-specific control mappings, model + incident transparency.

Compliance overview

All 33 frameworks we map controls against — OWASP, NIST AI RMF, EU AI Act, ISO 42001, ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, FedRAMP and more. Per-framework evidence bundles on request.

View compliance map

HIPAA control mapping

5 categories of HIPAA controls (Administrative §164.308, Technical §164.312, AI-Specific, Breach §164.400-414, Privacy §164.500-534) with "what we ship" vs "your responsibility" columns. BAA on request.

View HIPAA posture

AI incident log

Public log of model + platform incidents, root-cause writeups, and remediation timelines. Transparency by default — not just post-mortems for the ones that hit the news.

View incident log

Model coverage matrix

Per-provider, per-model support matrix: what's tested, what passes p95, what's gated for production. 90+ providers, 200+ scorers, refreshed nightly.

View coverage

SEC-04 · Frameworks

Compliance frameworks

EvalGuard is built to meet the most rigorous AI security and compliance standards.

OWASP LLM Top 10

Full coverage of all 10 LLM-specific vulnerability categories

evidence · live147 / 147 controls

CC6.1Logical accessevidence

CC7.2Threat detectionevidence

CC8.1Change mgmtevidence

NIST AI RMF

Aligned with the NIST AI Risk Management Framework

MITRE ATLAS

Adversarial threat landscape coverage for AI systems

EU AI Act

Aligned with EU AI Act risk assessment requirements

ISO 42001

AI management system standard alignment

India DPDP

Aligned with India's Digital Personal Data Protection Act, 2023

HIPAA

Aligned with HIPAA controls for healthcare AI

SEC-05 · Platform

Security features

Enterprise-grade security built into every layer of the platform.

AES-256-GCM encryption

All data encrypted at rest and in transit. Bring Your Own Key (BYOK) supported for enterprise customers.

Encrypted secrets & tenant isolation

Credentials — API keys, BYOK key material, and integration configs — are encrypted at the application layer before persistence. Prompt, response, and evaluation content is stored to power your dashboards and protected by AES-256-GCM encryption at rest and row-level tenant isolation.

security posture · live

OWASP LLM Top 1010 / 10

Risk posturelow

Open findings0

Role-based access control

Granular RBAC with predefined roles (Admin, Editor, Viewer) and custom role support for enterprise plans.

Audit logging

Comprehensive audit trail for all user actions, API calls, and configuration changes with tamper-proof storage.

SEC-06 · Infrastructure

Infrastructure

Flexible deployment options to meet your organization's requirements.

Self-hosted option

Deploy EvalGuard in your own infrastructure with our Helm charts and Docker images. Full air-gapped support.

gateway · live1 API

requestroute gpt-4o→claudecache servedfirewall clean200 · 41ms

Data residency

Configurable data residency with region-specific storage. Choose from US, EU, or APAC regions.

Encryption in transit

All communication between components is encrypted in transit using TLS 1.3.

SEC-07 · Roadmap

Certifications roadmap

We ship controls and evidence ahead of each audit. Here's exactly where every framework stands — shipped, in audit, or planned.

Controls shipped

6 of 7 roadmap frameworks

Independent audits land 2027 — controls + evidence ship first.

OWASP LLM Top 10

Control mappings shipped

OWASP Agentic AI Top 10

Control mappings shipped

SOC 2

Evidence engine live; third-party attestation on roadmap — see /trust/compliance

ISO 42001

Control registry + SoA engine live; certification target Q4 2026

EU AI Act (Annex III)

Control registry + Annex IV generator live

HIPAA

Data-handling implemented; attestation Q2 2027

ISO 27001

Planned — follows SOC 2 attestation

Talk to us

Questions about security?

Our security team is available to discuss your requirements, provide compliance documentation, or schedule a security review.

Contact Security Team View Pricing

security@evalguard.ai