kolm
Operational Sign in Get an API key

SEC · CONTROL POSTURE

Security starts at the API boundary.

API behavior in. Device-fit models out. Kolm's security posture is the control layer around that loop: capture boundaries, redaction policy, tenant-scoped events, explicit exports, verifier receipts, hosted security headers, and readiness gates that stay visible until certification or package evidence exists.

Get an API key See our trust posture
  • Boundary · inputs enter as governed API events; unknown schemas stay opaque until an adapter manifest declares structure
  • Hosted headers · CSP, HSTS, frame denial, nosniff, referrer policy, and limited browser permissions
  • Evidence · compile receipts, policy decisions, target recipes, manifests, and governance exports
  • Disclosure · issues route to dev@kolm.ai with reproduction steps and impact
  • Gate · formal compliance and package-channel claims wait for readiness promotion
SEC-01 control-posture.kolm HOSTED · v3.3
CHANNELS
17 families
GOVERNANCE
8 stages
HEADERS
5 controls
DISCLOSURE
dev@kolm.ai
IN SPEC

01 / DATA BOUNDARY

Kolm secures the transition from live API behavior to governed artifact.

The important security object is not a screenshot. It is the path each event takes through capture, classification, redaction, routing, evaluation, compile, target selection, and export.

  • Tenant-scoped intake · every event carries source identity
  • Policy gate before dataset, eval, compile, and export
  • Evidence stays useful for reviewers after it leaves the UI
verify loopEd25519

02 / HOSTED CONTROLS

The public app ships with browser and transport guardrails by default.

These are current web-app controls in the Express and Vercel configuration. They do not replace formal certification; they reduce obvious browser, framing, content-type, and permission risk.

REG · CSP

Default-src self

Scripts, styles, images, fonts, connections, frames, base URI, and form actions are constrained through the configured CSP for the hosted site.

Why it matters. CSP (Content Security Policy) is a browser rule that lists which origins a page may load code from. If an attacker injects a tag pointing at their server, the browser refuses to run it.e.g. <script src="evil.example/x.js"> is blocked before it executes

REG · TRANSPORT

Strict Transport Security

HSTS is configured with a long max age, includeSubDomains, and preload on the Express path and mirrored in deploy headers.

Why it matters. HSTS (HTTP Strict Transport Security) tells the browser to only ever reach the site over encrypted HTTPS, even if a link or a network downgrades it to plain HTTP.e.g. http://kolm.ai is upgraded to https before any byte leaves your machine

REG · CLICKJACKING

Frame ancestors none

The CSP and X-Frame-Options deny framing of the public app by default.

Why it matters. Clickjacking hides the real site inside an invisible frame on an attacker page so a click you think lands on a harmless button actually lands on a sensitive control. Denying framing makes that impossible.e.g. evil.example cannot embed the control center in a hidden iframe

REG · CONTENT TYPE

Nosniff

X-Content-Type-Options prevents MIME sniffing where browsers might otherwise execute mislabeled content.

Why it matters. MIME sniffing is when a browser guesses a file's type instead of trusting the declared one. An attacker can disguise a script as an image to slip past filters; nosniff forces the browser to honor the declared type.e.g. a file served as image/png is never run as JavaScript

REG · REFERRERS

Strict origin when cross-origin

The referrer policy limits what leaves the site when a user follows an external link.

Why it matters. The referrer is the address of the page you came from, sent automatically to the next site. A full address can leak a private path or token. This policy sends only the bare origin off-site.e.g. kolm.ai/trust/abc123 is shared off-site as just kolm.ai

REG · PERMISSIONS

No camera, mic, or geolocation

The permissions policy disables sensitive browser capabilities the compiler site does not need.

Why it matters. A permissions policy is a per-feature allow list the browser enforces. The compiler site never needs your camera, microphone, or location, so those capabilities are switched off outright rather than left to a prompt.e.g. a camera or location request from this origin is denied automatically

02b / ATTACK SURFACE

Who mitigates what, from the attacker to the running model.

Security is shared. The map below follows one path - attacker, supply chain, the kolm boundary, the signed artifact, and your runtime - and marks, with a glyph and a label rather than color alone, where kolm carries the control and where it stays with you.

ATTACK SURFACE / OWNERSHIP, ATTACKER TO RUNTIMElive
Surface on the pathMitigated by
1 · Attacker edits the artifact in transitA man-in-the-middle changes a field after kolm signs it. The Ed25519 signature covers the canonical bytes, so a single changed byte fails verification in the buyer's browser.kolm
2 · Supply chain forges a kolm-styled reportAn attacker re-signs a fake report with their own key. The published issuer keyring exposes it: the embedded key is not one kolm issues.kolm
3 · The kolm boundary itself (capture and compile)Inputs enter as governed API events; unknown schemas stay opaque until an adapter manifest declares structure, and policy gates run before dataset, eval, compile, and export.kolm
4 · The hosted web app (browser surface)The default web controls below (CSP, HSTS, frame denial, nosniff, referrer policy, permissions policy) reduce obvious browser, framing, and content-type risk.kolm
5 · The artifact you receive, verified offlineA buyer checks the signature and issuer in their own browser. There is no kolm server in the trust path, so there is nothing for kolm to quietly return green.you
6 · Your production secrets and key custodyYour API keys, vault, and rotation policy. kolm only ever holds the public half of its own signing key; your secrets stay on your side.you
7 · Runtime defense of the deployed modelLive monitoring and incident response for the model once it runs on your hardware. A report describes a moment and a fixed scope, not runtime defense.you
Shared boundary kolm carries 1 to 4, you carry 5 to 7 marked by glyph and label, not color alone

Scope is contractual. Permission posture, redaction and audit-trail integrity are assessed. Injection is tested and reported, not warranted.

03 / ENTERPRISE SECURITY MODEL

Security has to be visible to platform, AI, and compliance owners at the same time.

The API control center is the operational security console: it exposes channel coverage, collection modes, export modes, governance stages, policy layers, integration coverage, and unknown-schema behavior.

  • Access · API keys, sessions, tenant scope, project boundaries, audit events
  • Policy · retention, redaction, vaulting, routing, eval and compile gates
  • Observability · capture counters, compile jobs, artifacts, channel matrices
  • Exports · governance, SIEM, GRC, warehouse, runtime carry destination context
CONTROL CENTER · console
access keys · sessions · tenant scope control objects
policy retention · redaction · gates first-class
observe capture · compile · integrations inspectable
export SIEM · GRC · warehouse receipt context
Consoleplatform · AI · compliance

04 / CERTIFICATION AND PACKAGE GATES

Security copy must not outrun the readiness ledger.

Security controls can be described as implemented controls. Formal compliance, package-channel, SDK-release, benchmark, and partner-adoption claims remain gated until the readiness ledger is promoted with evidence.

GATE · FORMAL CERTIFICATION

Needs live certification

SOC 2, ISO 27001, HIPAA, GDPR, FedRAMP, SBOM, and SLSA evidence require a live auditor, certification, or signed attestation artifact before public promotion.

GATE · PACKAGE CHANNELS

Needs package release

Installers, SDK packages, browser package metadata, checksums, and release artifacts remain package-release gates until published and verified.

GATE · BENCHMARK CLAIMS

Needs public benchmark data

Public leaderboard claims require reproducible public runs, raw JSON, commands, model versions, hardware, latency, cost, and scoring method.

GATE · EXTERNAL ADOPTION

Needs external partner

Third-party runtime support and neutral stewardship stay unclaimed until outside projects, vendors, or venues publish acceptance evidence.

05 / RESPONSIBLE DISCLOSURE

Report security issues with reproduction steps and impact.

Send hosted-service, API, signing, CLI, evidence-format, or control-plane issues to dev@kolm.ai. Include affected route or object, reproduction steps, expected behavior, actual behavior, and assessed impact.

  • Acknowledge · credible reports move into triage with owner and severity
  • Contain · focus on the boundary involved, from intake to account control
  • Fix · ship a test, audit artifact, or verifier output so it cannot return
  • Communicate · affected customers get scoped impact and follow-up evidence
DISCLOSURE FLOW · dev@kolm.ai
01 acknowledge credible report      triage
02 contain at the boundary           scope
03 fix with a regression check       test + artifact
04 communicate scoped impact         evidence
Triageddev@kolm.ai

VERDICT · IN SPEC

17API data channel families
8governance stages
5hosted header controls
explicitcertification gates
Control-plane security Readiness-gated claims Hosted security headers Responsible disclosure

Put one API namespace under control.

Inspect the channel map, capture policy, egress rule, governance path, compile receipt, and export destinations before trusting any security claim.

Read trust posture Open control center