Built secure by default.
ProductLobster handles product evidence, customer signals, and strategic decisions. The discipline that protects them has to ship before the methodology does. Here's what's in production today, and what lands when the agentic surface ships.
What protects your product data today.
- Shipped
Content quarantine before any model reads
Every uploaded document, every customer transcript, every email body, every chat turn is validated and quarantined before a model sees it. A hostile document or a prompt-injection payload in someone's email cannot escalate into your product's state.
- Shipped
Prompt-injection defense in depth
Three layers: prompt-level instruction (every user input is wrapped with a defense instruction so the model ignores injected commands), output leakage detection (we scan generated text for leaked system prompts or proprietary methodology and block it), and KG leak prevention (validated knowledge items only land in your Product Brain).
- Shipped
Workspace isolation
Each workspace is per-user. Cross-workspace data access is impossible at the ORM layer: every service function takes a userId and asserts ownership internally. Route-layer auth is defense-in-depth, not the only defense.
- Shipped
Clerk auth (SOC 2 Type II provider)
Authentication is handled by Clerk, a SOC 2 Type II-certified identity provider. Session tokens are short-lived. Password reset and 2FA are standard.
- Shipped
Encrypted at rest, in transit
Postgres at rest is encrypted. Hindsight KG storage is encrypted. All traffic is TLS. Document uploads pass through size and MIME-type validation before any extraction runs.
- Shipped
We do not train on your data
Your product evidence, your customer signals, your decisions stay in your workspace. They are never used to train models we ship to other customers. The methodology improves; your data doesn't leave.
What ships with the agentic surface.
When the MCP server ships, it ships the way it should have been built across the category. The discipline carries forward from the hosted-app side, where it's already shipping today.
- Coming soon
OAuth-first authentication (when MCP ships)
When the MCP server ships, it ships the way it should have been built across the category: OAuth-first authentication, no static credentials, read-only by default, scoped permissions per workspace, every Brain command call audit-logged.
- Coming soon
Scoped permissions per workspace
A Brain command call from an external agent will see only the workspace its OAuth token is scoped to. No cross-workspace leakage. No 'one token reads everything.'
- Coming soon
Audit log per Brain command
Every Brain command call (queries and actions) will be recorded with timestamp, agent identity, workspace, and result hash. You can audit who asked what, when, from where.
- Coming soon
SSO + SAML for enterprise
Phase 3 territory. If you need SSO, audit logs at the enterprise level, or SAML today, ProductLobster is not yet the right fit. We'll add these when the buyer profile warrants them.
OWASP ASI coverage.
The OWASP Agentic Security Initiative defines the threat surface for LLM-enabled software. ProductLobster maps to the top items in production today.
ASI01: Prompt injection
Defense in depth: input wrapping with defense instruction, output leakage detection, KG validation gate.
ASI02: Insecure output handling
Output is structured, validated, and rendered with sandbox restrictions on prototype output (iframe sandbox without same-origin).
ASI06: System prompt leakage
Three-tier risk scoring on KG deposits; pattern-match detection on generated output before it reaches the user.
ASI08: Vector and embedding weaknesses
Circuit breakers on retrieval; content validation gate before any KG deposit; never-throw service contract isolates upstream failures.
Found something?
Responsible-disclosure reports go to security at productlobster dot ai. We respond within one business day. We don't run a public bug bounty at private-beta scale; that's Phase 3 territory.