Security at AKRUM

Security is not a feature at AKRUM. It is the product. Every line of code we write, every architectural decision we make, and every vendor we rely on is evaluated against a single question: does this preserve the cryptographic and operational integrity our customers depend on? This page describes how we approach that responsibility.

1. The AKRUM Cellular Automata Entropy Engine

The core of every AKRUM product — from our encrypted file engine to our AI agent APIs — is a patented Cellular Automata entropy engine. Unlike conventional pseudo-random number generators, which produce statistically random output from a deterministic algorithm, our entropy engine generates randomness from the emergent dynamics of cellular automaton state spaces. The result is randomness that is auditable, reproducible only when explicitly seeded, and not vulnerable to the structural weaknesses that have repeatedly compromised conventional RNGs across the industry. We publish entropy benchmarks comparing AKRUM output against legacy RNGs through our Entropy Benchmark Lab product so customers can verify our claims independently.

2. Cryptographic Standards

All AKRUM cryptographic operations use modern, peer-reviewed, standards-compliant algorithms. By default, files are encrypted with AES-256-GCM (or ChaCha20-Poly1305 on devices where AES hardware acceleration is unavailable). Authenticated encryption is mandatory throughout the platform — no unauthenticated modes are exposed in any production code path. Key derivation uses Argon2id for password-derived keys and HKDF-SHA-256 for key material derived from high-entropy sources. Public-key operations use Curve25519 / Ed25519 where appropriate.

3. Zero-Knowledge Architecture

Files you encrypt with AKRUM and store in your AKRUM Vault are encrypted client-side, in the browser or SDK, before they reach our infrastructure. The encryption keys never leave your device in plaintext, and they are not transmitted to or stored on AKRUM servers. AKRUM cannot decrypt, scan, index, or share your encrypted content. If you lose your decryption key, we cannot recover it — and that is the point.

4. Transit Security

All connections to AKRUM are protected with TLS 1.3. Certificates are issued by recognized public certificate authorities and audited through Certificate Transparency. HSTS is enforced. We do not accept connections over plaintext HTTP except for redirects to the secure equivalent.

5. Storage Security

Data at rest in our infrastructure is encrypted with AES-256-GCM using keys managed by our cloud provider's hardware security modules. Backups are encrypted with the same standards. Customer data is logically isolated by tenant and protected by row-level security policies that are continuously evaluated against potential bypass paths.

6. Access Controls

Access to AKRUM production systems is restricted to a small number of authorized AKRUM employees with a documented operational need. All employee access requires multi-factor authentication. Privileged operations are audit-logged and reviewed on a recurring basis. Access is revoked immediately on role change or departure. We follow the principle of least privilege at every layer.

7. AI Agent APIs and Customer Data

Our AI Agent APIs are designed to operate on metadata, schemas, and structured inputs rather than on the plaintext of your encrypted content. Where an agent requires access to data you have explicitly submitted to it (for example, a smart contract source file submitted to the AI Crypto Compliance Agent), that submission is processed in a transient inference context, is not retained beyond what is necessary to return a response, and is never used to train AI models for AKRUM or any third party.

8. Subprocessors and Vendor Management

We use a deliberately small number of vetted subprocessors. Each is contractually bound to data protection and security obligations consistent with our own. A current subprocessor list is maintained and made available to customers on request to security@akrum.io. We review subprocessor security posture on an annual basis at minimum.

9. Vulnerability Disclosure

If you believe you have discovered a vulnerability in any AKRUM product, please report it to security@akrum.io. We will acknowledge receipt within two business days, validate the report, and provide updates on remediation. We do not pursue legal action against security researchers who act in good faith, respect user privacy, and follow coordinated disclosure norms. We are working toward a formal bug bounty program and will publish details when it launches.

10. Incident Response

We maintain documented incident response procedures covering detection, containment, eradication, recovery, and communication. In the event of a security incident that affects customer data, we will notify affected customers without undue delay and in accordance with applicable law, providing the information necessary for customers to assess and respond to the impact.

11. Compliance Posture

AKRUM is actively working toward third-party attestations that reflect the security posture described above, including SOC 2 Type II and ISO 27001. We will publish certifications as they are completed. For customers in regulated industries — healthcare, financial services, public sector — we offer deployment options (dedicated cloud and on-premises) that support stricter compliance requirements. Contact security@akrum.io to discuss your specific framework.

12. Reach the Security Team

Vulnerability reports, security questions, customer security reviews, and audit requests:

security@akrum.io

For PGP-encrypted communications, our public key is available on request.