Trust & Security

Security & Compliance Posture

Memory without evidence is liability.
Here is how we earn the trust of SOC/CTI buyers, CISOs, and GRC leads.

"Memory without evidence is liability. Here's how we earn the trust."
FedRAMP Moderate — Phase 4 underway Last updated: 2026-05-29 · Changelog →
1 · FedRAMP Moderate Posture
Phase 0 — Initiation ✓ Phase 1 — Documentation ✓ Phase 2 — Testing ✓ Phase 3 — SAR ✓ Phase 4 — Authorization (in progress)

20 NIST 800-53 Rev 5 Moderate baseline families assessed. 36+ findings ranked and remediated. Traceability matrix complete. Phase 4 remediation in progress.

Honest about deferred items: Azure hosting is the primary cloud boundary, but ThreatRecall is not FedRAMP Authorized today. For CUI or federal workloads, use the self-hosted deployment inside your approved boundary until the Azure authorization package is complete.

Finding PT-2 (Meta Pixel on authentication pages) was closed 2026-05-29. Authentication surfaces are first-party only — no Meta Pixel, no Google Fonts CDN, no third-party analytics. Strict CSP enforced on all /auth/* paths. CI gate #11 (scripts/check-auth-trackers.js) blocks re-introduction.

ACAccess Control
ATAwareness & Training
AUAudit & Accountability
CAAssessment & Authorization
CMConfiguration Management
CPContingency Planning
IAIdentification & Authentication
IRIncident Response
MAMaintenance
MPMedia Protection
PEPhysical & Environmental
PLPlanning
PSPersonnel Security
PTPII Processing & Transparency
RARisk Assessment
SASystem & Services Acquisition
SCSystem & Comms Protection
SISystem & Info Integrity
SRSupply Chain Risk Management
PMProgram Management
2 · SDLC Enforcement — 13 CI Gates

Every push to main runs all 13 gates

Automated enforcement before merge. Each gate blocks the build on failure. Agent-enforced pre-push checks; GitHub Actions workflow coverage expanding.

  • 01
    Dependency audit scripts/check-npm-audit.js — offline advisory check against pinned CVE table; blocks on any unaccepted high/critical finding in production deps. Supply chain audit last clean: 2026-06-03. Accepted residual: inflight@1.0.6 (deprecated, no CVE, not in HTTP path — pulled by bcrypt→node-pre-gyp→glob@7; tracked for removal).
  • 02
    SAST scan Static analysis — bandsaw for injection, XSS, broken auth patterns
  • 03
    Secret detection Prevents AWS keys, tokens, credentials from entering the repo
  • 04
    License compliance Flags GPL/AGPL deps; blocks copyleft from entering supply chain
  • 05
    Container image scan Trivy scan on Docker image — blocks known CVEs in base layers
  • 06
    IaC policy check Checks infrastructure-as-code against security baselines
  • 07
    CodeQL analysis GitHub's semantic code analysis — covers OWASP Top 10 + CWE Top 25
  • 08
    Performance regression gate Latency comparisons on key routes — regressions classified as bugs
  • 09
    Auth tracker enforcement No third-party trackers on /auth/* or trust surfaces (PT-2, CI gate #11)
  • 10
    Supply chain hygiene npm run check:audit — offline CVE table check runs on every guard pass. Direct deps pinned to known-safe versions; package.json overrides force safe transitive versions for path-to-regexp, cookie, body-parser, qs, cross-spawn, and glob. New high/critical advisories added to scripts/check-npm-audit.js before merge — no silent accumulation of debt.
  • 11
    Auth tracker gate scripts/check-auth-trackers.js — asserts zero third-party tracker or CDN script tags appear in /auth/* responses. FedRAMP PT-2 control. Blocks deploy if any tracker pixel is detected on login or MFA pages.
  • 12
    Status page SLO check scripts/check-status.js — verifies /status/api returns HTTP 200 with all required SLO fields (p95 read/write latency, uptime, incident list). Catches missing SLO instrumentation before it reaches prod.
  • 13
    Seed-pack smoke test scripts/seed-pack-smoke.js — loads all CTI seed packs (APT29/Volt Typhoon/HAFNIUM, Scattered Spider) into an ephemeral tenant, asserts node counts, non-null TLP + seed_source on every row, and ≥1 evidence-backed recall result per pack. Blocks deploy if any seed pack fails to load or produces malformed data.
3 · Data Handling & TLP/CUI Controls

CUI, TLP:AMBER, and TLP:RED content never reaches the LLM

Control enforced at two points: ingest time (classification on write) and query time (filter on read). The enforcement is structural — the recall pipeline sends only the analyst's plain-text query string to the LLM. Node content, evidence records, and incident data are returned directly from PostgreSQL and are never passed through the LLM.

Sent to OpenAI on recall
Plain-text query string only (e.g. "APT29 lateral movement TTPs"). Used for structured intent extraction (nlToStructuredQuery) and embedding generation. Nothing else.
Never sent to OpenAI
Node names, descriptions, properties · Evidence record raw content · Incident data · Claim records · STIX bundles · TLP:AMBER or TLP:RED nodes (any field)
Ingest pipeline enforcement
Every node written to kg_nodes must carry a tlp field (WHITE/GREEN/AMBER/RED). Nodes without a TLP marking are staged and require explicit classification before commit. Ingest batch audit trail stored in ingest_batches.
Query-time filter
Recall API reads kg_nodes.tlp and excludes AMBER/RED nodes from result set before building the response. The LLM never receives the full result set — only the query string for intent extraction.
Tenant isolation
Row-level security policies on all tables enforce tenant isolation at the database layer. Per-workspace key scoping ensures a workspace's data is never visible to another.
Self-hosted / air-gapped path
Set OLLAMA_BASE_URL to your local endpoint. All LLM calls stay on your infrastructure. Air-gapped mode disables LLM entirely (structured keyword search only).
OpenAI data retention
OpenAI does not use API data for model training. 30-day retention applies. Enterprise Data Exclusion available for Pro/Enterprise customers.
4 · Audit & Provenance

Every memory has a chain of custody

All analyst interactions are written to the audit_logs table — write-once enforced by DB triggers (UPDATE and DELETE are blocked). Every memory node carries source, confidence, TLP, timestamp, and linked evidence IDs. Corrections and rejections are tracked with a full version history.

Signed CSV + JSONL export
Export audit logs in CSV or JSONL format via /docs/api#tag/Audit. Each row includes event_id (immutable UUID), timestamp, user_id, action, resource_type, resource_id, TLP marking, and user_agent. Rows cannot be altered or deleted — enforced at the DB layer.
Evidence provenance
Every node in the knowledge graph has source, source_type, tlp, confidence, ingested_at, and linked_evidence_ids. Analysts can expand any result to see the full evidence chain in the Evidence Panel.
Memory corrections
Corrections are logged in memory_corrections (reject/correct/merge). Pre-change state is snapshotted in memory_versions with version_number and changed_by. 24-hour rollback window via /api/admin/rollback-correction/:id.
System sentinel rows
Unauthenticated AI agent requests (API key-authenticated) are logged with a system sentinel user so every automated action is attributable. Token hash stored per session; sessions table enables per-session revoke and revoke-all.

Audit API endpoints →

5 · Authentication & Access

Controls in place

Login rate limiting
4 failed attempts → 15-minute lockout per email+workspace combination. Reset on successful login. Tracked in login_attempts table.
Password reset
Single-use SHA-256 hashed tokens, 24h expiry. Multi-workspace email discovery (same email across workspaces). Invalidation on use — audited in audit_logs.
OAuth — Google & GitHub
Social login available. Both providers supported. JWT session with token hash stored in sessions table for per-session revoke.
Token invalidation
Per-session revoke and revoke-all supported. API key authentication for AI agents (key_hash, name, last_used_at, revoked_at). Session table enables immediate invalidation on employee offboarding.
Workspace discovery
Password reset supports multi-workspace email lookup — same email can exist across tenants; user is presented the correct workspace.
TOTP 2FA (optional)
Time-based OTP via authenticator app. Enforceable per-user or per-workspace. totp_secret stored encrypted. Can be required for analyst role or enforced org-wide.
6 · Performance as a Security Property

Instrumented, tracked, enforced

Latency is measured per-route by middleware/perf.js — p50/p95/p99 sampled in 5-minute in-memory buckets, persisted hourly to perf_samples. Queries exceeding SDLC thresholds are logged to slow_queries with parameterized query text, duration, route, and top-5 stack frames. Performance regressions are classified as bugs.

<200ms
p95 read latency
Threshold: 200ms. Exceeding queries logged to slow_queries table. Recall search p95 <1ms on demo dataset.
<500ms
p95 write latency
Threshold: 500ms. Ingest and correction writes tracked. N+1 queries are caught by schema lint in CI gate.
Additional perf commitments: All list endpoints are paginated (no unbounded result sets). Connection pooling via pg-pool. No N+1 queries in routes — enforced via schema lint in CI gate #8.
7 · Responsible Disclosure

Vulnerability reporting

security@threatengram.com

Inbox
security@threatengram.com — monitored by the engineering team. Response within 1 business day.
Disclosure
90-day coordinated disclosure. We ask that you give us 90 days to fix before public disclosure. Good-faith researchers credited in our security changelog unless anonymity is requested.
Safe harbor
Good-faith researchers following this policy will not face legal action or account termination. We do not have a formal bug bounty program yet — acknowledged and on the roadmap.
In scope
app.threatrecall.ai, api.app.threatrecall.ai, *.threatengram.com, *.threatrecall.ai
Out of scope
Third-party services we integrate with (Azure, Postmark, OpenAI, Stripe) — report to the respective vendor. Denial-of-service testing. Social engineering. Physical security.
8 · Sub-processors & Infrastructure

Who handles what — and the honest gaps

Full list as of 2026-05-29. Updated when sub-processors change.

Sub-processor Region Purpose Data category
Azure App Service
azure.microsoft.com 		East US 2 Application hosting — Express web service app traffic logs ATO not claimed
Azure Database for PostgreSQL
azure.microsoft.com 		East US 2 Primary database — tenant data, KG, audit logs, incidents CTI nodes evidence incidents audit logs user accounts
Postmark
postmarkapp.com 		US Transactional email — onboarding drip, password reset, pilot confirmations email addresses no CTI content
OpenAI
openai.com 		US Query intent extraction and embedding generation on recall — query strings only search query strings no node content no CUI
Stripe
stripe.com 		US Subscription billing and payment processing billing data no CTI content
FedRAMP note: ThreatRecall cloud is not FedRAMP Authorized today. Azure is the target hosting boundary, but an ATO is not claimed until the authorization package is complete. For workloads requiring an authorized CSP boundary today, use the self-hosted deployment.
9 · What We Do Not Claim

Honesty is the trust signal

We won't tell you we have certifications we don't. Here's the current ground truth:

  • ✗ Not claimed
    SOC 2 Type II — Not done. Not in progress. Do not ask us.
  • ✗ Not claimed
    ISO 27001 — Not done. Not in progress.
  • ✗ Not claimed
    FedRAMP Authorized (ATO) — Phase 4 in progress. Do not represent us as authorized. We will update this page immediately upon authorization.
  • ✗ Not claimed
    FedRAMP Authorized SaaS — Azure hosting work is in progress, but ThreatRecall is not authorized. Self-hosted deployment is the path for federal/CUI workloads today.

Questions? Apply for the pilot.

30-day Design Partner Pilot. No charge. You keep the data. Export everything on exit.

Start pilot →
← Pricing Compare Integrations Security questionnaire → Changelog →