Security
Security & governance by design
Permissioned tools, audit logs, isolation boundaries, and human approval gates so AI remains controllable and defensible in production.
Controls that enterprise teams expect
Xong is designed to run safely across sensitive workflows and regulated environments.
RBAC & least privilege
Role-based access and scoped permissions across data, tools, workflows, and sessions.
Audit logs
Every tool call and decision is logged inside the session trace for accountability.
Encryption
Encryption in transit and at rest; secure secret handling for integrations.
Isolation boundaries
Per-customer segmentation; dedicated environments available when required.
Human approval gates
HITL checkpoints for high-impact actions with clear evidence and reviewer notes.
Data scopes & redaction
Control what agents can access; optional redaction for sensitive data paths.
Practical security notes
You can expand this page with your specific certifications (ISO 27001, SOC 2, etc.) when ready.
- Deployment flexibility: cloud, on-prem, dedicated single-tenant, or hybrid.
- Tool boundaries: WebKit tools define what actions are possible; Orchestrator enforces validation.
- Traceability: sessions connect every output to evidence sources and downstream actions.
- Governed lifecycle: model versions, rollout policies, and change logs.
Security review
Want a security & deployment deep dive?
We will walk through data residency, access control, auditability, and how tool boundaries keep automation safe.