trust & security

We touch sensitive systems. Here is how we protect them.

Causal Security connects to systems you own to find real, exploitable risk. That access is a responsibility we engineer for: how Cipher acts, what it can reach, and what we keep.

how Cipher operates

Human-in-the-loop

Sensitive actions pause for a person. Cipher proposes; a reviewer approves before anything with real-world effect runs.

Hard-stop kill-switch

Any reviewer halts any running Cipher task in under 100 ms, with out-of-band confirmation.

Least-privilege access

Access is scoped to the engagement and time-boxed. Cipher sees what it needs to reason, and no more.

your data

We hand back findings, not your source.

We connect to a system you own, securely, and hand back validated, exploitable findings with the context to fix them.

You get
  • Validated, exploitable findings
  • The exploit path, demonstrated
  • The fix, with system context
We keep

Only the graph.

Architecture and findings, so the next review starts where the last one ended. Zero retention is supported on request.

compliance posture

Building toward the controls you operate under.

SOC 2 Type II · in progressISO 27001 · in progressHIPAAGDPR

Specific compliance, residency, or deployment requirements? Let's talk.

responsible disclosure

Found an issue in our systems?

We are a security research team, and we treat inbound reports the way we want ours treated: promptly, in good faith, and with credit. Reach us at security@causalsecurity.com.

The ask

See what Cipher finds on a system you own.