Sicherheit und Governance
Daten bleiben in Ihrem Netzwerk.
AI arbeitet innerhalb von Berechtigungen.
ObjectOS ist eine selbst gehostete Runtime auf Ihrer Infrastruktur. Geschäftsdaten, Identitäten, Audit-Logs, Dateien und Secrets bleiben unter Ihrer Kontrolle; AI Agents greifen über kontrollierte Tools auf Objekte zu und erben die Rechte des angemeldeten Nutzers.
- Agent
- inherits user identity
- Tool
- governed access path
- Audit
- approval and evidence
Sicherheitsmodell für AI Agents
Sicherheitsmodell für AI Agents
ObjectOS behandelt das Modell nicht als Administrator. AI arbeitet über deklarative Tools, Eingaben werden validiert, Änderungen werden freigegeben und alle Aufrufe folgen demselben Berechtigungssystem.
- 01
Acts as a user
An agent represents a signed-in user, not an unrestricted service account. If the user cannot see a record, the agent cannot see it either.
- 02
Uses governed tools
Agents call structured query, action, and metadata tools instead of owning a raw database connection or dumping whole tables into prompts.
- 03
Queues changes
Tools that modify metadata or sensitive state enter a pending-action queue so reviewers can inspect the diff before applying it.
- 04
Leaves evidence
Conversations, tool calls, reads, writes, approvals, rejections, and permission changes can be written to audit logs.
Datenresidenz
Datenresidenz
ObjectOS verlangt nicht, Geschäftsdaten in unsere Cloud zu verschieben. Die Runtime verbindet sich mit Ihren Datenbanken, Speichern und Identitätssystemen.
| Daten | Speicherort | Verlässt es das Netzwerk? |
|---|---|---|
| Business records | Your database | No |
| Users, sessions, OAuth tokens | Your database | No |
| Audit logs | Your database | No |
| Uploaded files | Local disk, S3, or R2 | No |
| Secrets and settings | Your secret manager or encrypted settings store | No |
| AI request context | Your chosen model provider or local model | Only if you configure an external model |
Deployment-Grenze
Deployment-Grenze
Die Standardform ist netzwerkfreundlich: eine Node.js Runtime, Ihre Datenbank, Ihre Secrets und Ihr Ingress. Strengere Umgebungen können file-backed Artefakte und Offline-Images nutzen.
VPC / private network
Run in your cloud account or private network with only required HTTP/HTTPS and database connectivity.
Local servers
Run with Docker, systemd, or your own platform while connecting local databases, object storage, and identity.
Air-gapped
Use offline container images and a local objectstack.json artifact with no cloud control plane or public internet requirement.
Local models
Point AI services at Ollama, vLLM, or internal model endpoints to keep business context inside your boundary.
FAQ für Sicherheitsreviews
FAQ für Sicherheitsreviews
Does ObjectOS phone home?
No. Unless you explicitly configure integrations such as OIDC, email, AI providers, webhooks, or external storage, ObjectOS does not phone home, check a license server, or collect telemetry.
What goes to a model provider?
Only the context required for the model task: conversation context, tool definitions, and necessary tool output. You can use an external model or configure a local model endpoint.
How do we limit agent writes?
Use read-only data sources, object permissions, field permissions, action permissions, and approval queues. Agents cannot bypass runtime permissions or silently apply structural changes.
Who owns TLS, database encryption, and secrets?
Those are deployment responsibilities. ObjectOS provides runtime authorization, audit, API key hashing, and settings encryption; your infrastructure owns TLS, at-rest database encryption, backups, and secret injection.
Is it suitable for regulated environments?
ObjectOS provides the technical primitives: access control, audit, data residency, and isolated deployment. Certification depends on your running deployment, not a binary alone.
Nächster Schritt
Sicherheitsreview zuerst, nicht nach dem Pilot.
Bestätigen Sie Datenresidenz, Berechtigungen, Audit-Nachweise und Deployment-Form, bevor AI Agents echte Geschäftsdaten berühren.