Security
Last updated: 1 February 2025
Our Security Approach
Security is a first-class concern at EngineVult AI. We apply defence-in-depth across our infrastructure, AI systems, and client deployments. Security requirements are defined at the outset of every project — not added retrospectively.
Infrastructure Security
All EngineVult AI infrastructure uses: TLS 1.3 for all data in transit, AES-256 encryption for data at rest, network segmentation and firewall rules, regular vulnerability scanning and patching, multi-factor authentication for all system access, and centralised audit logging with anomaly detection.
AI System Security
Our AI deployments are designed with specific protections against: prompt injection attacks, model extraction attempts, data poisoning, unauthorised API access, and adversarial inputs. All AI system access is authenticated and rate-limited. Model outputs are filtered and monitored for anomalous behaviour.
Responsible Disclosure
If you believe you have discovered a security vulnerability in any EngineVult AI system, please disclose it responsibly by emailing security@enginevult.ai. We commit to acknowledging your report within 48 hours, investigating promptly, and keeping you informed of our response. We do not pursue legal action against good-faith security researchers.
Incident Response
EngineVult AI maintains a documented incident response plan. In the event of a security incident affecting personal data, we will notify affected clients within 72 hours as required by UK GDPR, and support notification to the ICO where required.
Contact Security Team
security@enginevult.ai — for responsible disclosure and security enquiries.