Security at TaskHawk

Kevros is a security product. Our own security practices reflect the same engineering rigor. Cryptographic enforcement, tamper-evident evidence chains, and fail-closed design ensure that AI governance decisions are verifiable and unbridgeable.

Kevros Security Architecture

Post-Quantum Signatures

NIST-standardized post-quantum cryptographic signatures ensure resistance to quantum computing attacks. Every critical state transition is cryptographically attested.

Sandboxed Enforcement

Core enforcement logic runs in isolated sandboxes, providing memory safety and isolation while maintaining verifiable determinism.

Hash-Chained Evidence

Tamper-evident evidence chains link every decision and enforcement action. Immutable, append-only, and cryptographically verifiable.

Fail-Closed Enforcement

By design, the system denies all access on validation failure. No permissive fallbacks. AI decisions only proceed with full cryptographic proof.

Tenant Isolation

Complete cryptographic isolation between tenants. Control planes are logically and physically separated at the infrastructure level.

Network Isolation

Azure Virtual Networks, private endpoints, and network security groups enforce strict traffic policies. No implicit trust relationships.

Security Pillars

Kevros Security Architecture

  • NIST-standardized post-quantum signatures for cryptographic enforcement primitives
  • Sandboxed enforcement for deterministic, auditable execution
  • Hash-chained evidence for tamper-evident decision records
  • Fail-closed enforcement gates - no permissive fallbacks on validation failure
  • Cryptographic attestation of every state transition and governance decision

Infrastructure Security

  • Azure-native deployment with multi-region redundancy and automatic failover
  • AES-256 encryption at rest across all data stores and backups
  • TLS 1.3 encryption in transit for all network communication
  • Complete tenant isolation with dedicated cryptographic contexts
  • Network isolation via Virtual Networks, private endpoints, and NSGs

Evidence Chain Integrity

  • Append-only, immutable evidence chains for all enforcement decisions
  • Tamper-evident design with cryptographic verification of chain continuity
  • Verifiable without source code access - transparency built into cryptographic proof
  • Hash-linked evidence creating an unbreakable chain of custody
  • Compliance-ready audit trails with cryptographic non-repudiation

Identity & Access Management

  • Microsoft MSAL (Microsoft Authentication Library) for enterprise directory integration
  • JWT token-based authentication with configurable expiration
  • Personal Access Tokens (PAT) for programmatic access with fine-grained permissions
  • Role-based access control (RBAC) for organizational workflows
  • Multi-factor authentication (MFA) support via Azure AD

Engineering Rigor

Formal Verification

Core cryptographic and enforcement logic undergoes rigorous formal verification using TLA+. State space exploration ensures correctness across all possible execution paths.

Coverage: Critical enforcement paths verified

Third-Party Security Audits

Regular third-party security assessments and penetration testing by specialized security firms. Infrastructure, cryptography, and control plane design all undergo independent review.

Contact us for latest audit reports

Security Vulnerability Reporting

We welcome responsible security disclosures from the security research community. If you discover a potential vulnerability in Kevros or our infrastructure, please report it to us directly rather than through public channels.

security@taskhawktech.com

Please provide a detailed description of the vulnerability, affected systems, timeline, and proposed remediation. We will acknowledge receipt within 48 hours and work with you on a coordinated disclosure timeline.

Our Commitment:

  • Acknowledge all reports within 48 hours
  • Coordinated disclosure with reasonable timeline for remediation
  • No legal action against good-faith security researchers
  • Recognition program for responsible disclosures

Security Inquiries

For security-related questions, compliance information, or to discuss our security practices:

security@taskhawktech.com

TaskHawk Systems, LLC
Security Team
United States