Security guide
AgentCorp is built to keep your data isolated and your agents in check, but security is shared. This guide covers what the platform does for you and the handful of things you control that make the biggest difference.
What the platform does
A few protections are on by default and worth understanding:
- Tenant isolation — your data is scoped to your workspace with row-level security, so no other customer can read it.
- Encryption — data is encrypted in transit (TLS) and at rest.
- Human approvals — sensitive and outbound actions pause for you to confirm the recipient and message body before they run.
- Prompt-injection defense — untrusted content agents read is framed defensively so a malicious document or email can't easily hijack an agent.
- OAuth for integrations — connected tools use scoped tokens, never your passwords, and are revocable.
For our formal posture and sub-processor list, see the privacy policy and trust center.
Protect your account
- Turn on multi-factor authentication (sign-in is handled by Clerk, which supports it) and encourage your team to do the same.
- Use a strong, unique password or a trusted SSO provider; never share logins.
- Sign out of shared or public devices, and review active sessions periodically.
- Be alert to phishing — AgentCorp will never ask for your password by email.
Apply least privilege
Give each person the smallest role that lets them do their job. Keep the owner role to the few who genuinely need billing and destructive control; most people should be members. Remove access promptly when someone leaves. Roles are covered in the admin guide.
Review connected apps
Every integration is a door into one of your tools. Review connected apps on a regular cadence, disconnect anything unused, and grant only the scopes an agent actually needs. When you disconnect in AgentCorp, also consider revoking the app in the provider’s own security settings for belt-and-braces assurance. Details are in the integrations guide.
Set spend caps and watch usage
Runaway automation shows up as runaway spend, so your credit balance doubles as a safety signal. Watch the balance and low-credit warnings, be deliberate about who can trigger heavy operations, and use top-ups rather than a permanent plan jump for one-off spikes. The billing guide explains metering and controls.
Report a security issue
For account-specific concerns — a suspected compromise, unexpected activity — reach us fast through the support guide.
Invite teammates, manage roles and seats, control integrations and spend.
Connect Gmail, Outlook, Notion, your CRM, Slack, WhatsApp, and Mercury.
Write clear instructions, use approvals well, and get reliable output.
Reach us in-app or by email, file a good bug report, and check status.