Security

Built secure by default.

ProductLobster handles product evidence, customer signals, and strategic decisions. The discipline that protects them ships before the methodology does. Here's what's in production today — including the OAuth-first agentic surface — and the enterprise controls still ahead.

Shipped

What protects your product data today.

  • Shipped

    Content quarantine before any model reads

    Every uploaded document, every customer transcript, every email body, every chat turn is validated and quarantined before a model sees it. A hostile document or a prompt-injection payload in someone's email cannot escalate into your product's state.

  • Shipped

    Prompt-injection defense in depth

    Three layers: prompt-level instruction (every user input is wrapped with a defense instruction so the model ignores injected commands), output leakage detection (we scan generated text for leaked system prompts or proprietary methodology and block it), and knowledge leak prevention (only validated items land in your Product Brain).

  • Shipped

    Workspace isolation

    Each workspace is per-user. Cross-workspace data access is impossible at the ORM layer: every service function takes a userId and asserts ownership internally. Route-layer auth is defense-in-depth, not the only defense.

  • Shipped

    Clerk auth (SOC 2 Type II provider)

    Authentication is handled by Clerk, a SOC 2 Type II-certified identity provider. Session tokens are short-lived. Password reset and 2FA are standard.

  • Shipped

    Encrypted at rest, in transit

    Postgres at rest is encrypted. Your Product Brain storage is encrypted. All traffic is TLS. Document uploads pass through size and MIME-type validation before any extraction runs.

  • Shipped

    We do not train on your data

    Your product evidence, your customer signals, your decisions stay in your workspace. They are never used to train models we ship to other customers. The methodology improves; your data doesn't leave.

  • Shipped

    OAuth-first agentic surface

    The agentic surface (native MCP server + plob CLI) ships the way it should have been built across the category: OAuth-first authentication and short-lived API keys, no static shared secrets, read-only by default, with each write scope an explicit opt-in.

  • Shipped

    Scoped permissions per workspace

    A Brain command call from an external agent sees only the workspace its connection is bound to. The binding and scope set are re-validated on every call, and revocation takes effect on the next call. No cross-workspace leakage. No 'one token reads everything.'

  • Shipped

    Audit log per Brain command

    Every Brain command call (actions, reads, and writes — including denied attempts) is recorded with timestamp, agent identity, and workspace. You can audit who asked what, when, from where.

Still ahead

Enterprise controls we haven't built yet.

The OAuth-first agentic surface, scoped per-workspace permissions, and per-command audit logging already ship today (see above). What remains is the enterprise tier.

  • Coming soon

    SSO + SAML for enterprise

    Phase 3 territory. If you need SSO, audit logs at the enterprise level, or SAML today, ProductLobster is not yet the right fit. We'll add these when the buyer profile warrants them.

OWASP ASI coverage.

The OWASP Agentic Security Initiative defines the threat surface for LLM-enabled software. ProductLobster maps to the top items in production today.

  • ASI01: Prompt injection

    Defense in depth: input wrapping with defense instruction, output leakage detection, Product Brain validation gate.

  • ASI02: Insecure output handling

    Output is structured, validated, and rendered with sandbox restrictions on prototype output (iframe sandbox without same-origin).

  • ASI06: System prompt leakage

    Three-tier risk scoring on Product Brain deposits; pattern-match detection on generated output before it reaches the user.

  • ASI08: Vector and embedding weaknesses

    Circuit breakers on retrieval; content validation gate before any Product Brain deposit; never-throw service contract isolates upstream failures.

Found something?

Responsible-disclosure reports go to security at productlobster dot ai. We respond within one business day. We don't run a public bug bounty at private-beta scale; that's Phase 3 territory.

Try a workspace built on this discipline.

Start with your product