Built secure by default.
ProductLobster handles product evidence, customer signals, and strategic decisions. The discipline that protects them ships before the methodology does. Here's what's in production today — including the OAuth-first agentic surface — and the enterprise controls still ahead.
What protects your product data today.
- Shipped
Content quarantine before any model reads
Every uploaded document, every customer transcript, every email body, every chat turn is validated and quarantined before a model sees it. A hostile document or a prompt-injection payload in someone's email cannot escalate into your product's state.
- Shipped
Prompt-injection defense in depth
Three layers: prompt-level instruction (every user input is wrapped with a defense instruction so the model ignores injected commands), output leakage detection (we scan generated text for leaked system prompts or proprietary methodology and block it), and knowledge leak prevention (only validated items land in your Product Brain).
- Shipped
Workspace isolation
Each workspace is per-user. Cross-workspace data access is impossible at the ORM layer: every service function takes a userId and asserts ownership internally. Route-layer auth is defense-in-depth, not the only defense.
- Shipped
Clerk auth (SOC 2 Type II provider)
Authentication is handled by Clerk, a SOC 2 Type II-certified identity provider. Session tokens are short-lived. Password reset and 2FA are standard.
- Shipped
Encrypted at rest, in transit
Postgres at rest is encrypted. Your Product Brain storage is encrypted. All traffic is TLS. Document uploads pass through size and MIME-type validation before any extraction runs.
- Shipped
We do not train on your data
Your product evidence, your customer signals, your decisions stay in your workspace. They are never used to train models we ship to other customers. The methodology improves; your data doesn't leave.
- Shipped
OAuth-first agentic surface
The agentic surface (native MCP server + plob CLI) ships the way it should have been built across the category: OAuth-first authentication and short-lived API keys, no static shared secrets, read-only by default, with each write scope an explicit opt-in.
- Shipped
Scoped permissions per workspace
A Brain command call from an external agent sees only the workspace its connection is bound to. The binding and scope set are re-validated on every call, and revocation takes effect on the next call. No cross-workspace leakage. No 'one token reads everything.'
- Shipped
Audit log per Brain command
Every Brain command call (actions, reads, and writes — including denied attempts) is recorded with timestamp, agent identity, and workspace. You can audit who asked what, when, from where.
Enterprise controls we haven't built yet.
The OAuth-first agentic surface, scoped per-workspace permissions, and per-command audit logging already ship today (see above). What remains is the enterprise tier.
- Coming soon
SSO + SAML for enterprise
Phase 3 territory. If you need SSO, audit logs at the enterprise level, or SAML today, ProductLobster is not yet the right fit. We'll add these when the buyer profile warrants them.
OWASP ASI coverage.
The OWASP Agentic Security Initiative defines the threat surface for LLM-enabled software. ProductLobster maps to the top items in production today.
ASI01: Prompt injection
Defense in depth: input wrapping with defense instruction, output leakage detection, Product Brain validation gate.
ASI02: Insecure output handling
Output is structured, validated, and rendered with sandbox restrictions on prototype output (iframe sandbox without same-origin).
ASI06: System prompt leakage
Three-tier risk scoring on Product Brain deposits; pattern-match detection on generated output before it reaches the user.
ASI08: Vector and embedding weaknesses
Circuit breakers on retrieval; content validation gate before any Product Brain deposit; never-throw service contract isolates upstream failures.
Found something?
Responsible-disclosure reports go to security at productlobster dot ai. We respond within one business day. We don't run a public bug bounty at private-beta scale; that's Phase 3 territory.