The defaults a CISO expects, stated plainly

A platform that sells evidence has to hold itself to the same standard. This page states what Helixar’s security posture is, what the evidence chain can and cannot claim today, and where the legal documents live.

Security postureby default
  • Fail-closed by default
  • KMS-backed signing keys
  • Least-intrusion interception
  • Multi-tenant isolation
Verifiable in your own environment under NDA.

Security posture

Fail-closed by default

If inspection or the audit write cannot complete, AI traffic is blocked, not waved through. Security over availability, by design.

KMS-backed signing keys

Audit events are Ed25519-signed with keys held in cloud KMS custody, in-region where residency requires it.

Least-intrusion interception

Only AI-provider traffic is decrypted and inspected. All other traffic passes through untouched, privacy and liability stay contained.

Multi-tenant isolation

Strict org isolation across every data plane, with in-region or fully on-premises deployment options.

SOC 2 Type II, pathway underway, customer preference sets priorityISO/IEC 42001, alignedRBAC · SSO · MFA

The evidence-honesty statement

Helixar’s audit trail is tamper-evident and independently verifiable. Third-party immutability requires external anchoring (RFC-3161), which is built and enabled per tenant at onboarding, we do not describe the trail as “immutable” until anchoring is on in your deployment.

We hold our marketing to the same vocabulary our product UI enforces. If a claim on this site can’t be demonstrated in your environment during a pilot, tell us, that’s a bug in the site, and we’ll fix it.

This candour is deliberate: with a compliance buyer, the product is the evidence. Verify it yourself →