Security
BRICQS is built on enterprise-grade security infrastructure. This page covers the platform-level controls and the per-project settings you can configure.
Authentication
All API requests are authenticated using Bearer tokens (API keys or short-lived JWTs). The platform uses its own auth backend — no third-party identity provider is embedded in the data path.
Data encryption
- In transit — TLS 1.2+ enforced on all endpoints. HTTP is redirected to HTTPS.
- At rest — Database data encrypted with AES-256. Secret values encrypted at the application layer before storage.
- Model weights — Container images stored in the BRICQS private container registry with no public pull access.
Network isolation
BRICQS deployments run with the following network controls:
- All inbound traffic routes through the BRICQS edge router — direct deployment FQDN access is not advertised.
- Container-to-container traffic within a project uses BRICQS private networking and does not traverse the public internet.
- Egress from containers is unrestricted by default; restrict with outbound traffic rules in the Security settings panel.
Security flags
The Security panel in the console surfaces platform-level security signals for your account:
Governance & audit
Every privileged action — deployments created or stopped, secrets changed, API keys issued or revoked, user roles modified — is written to an append-only audit log. See the Governance docs for querying and exporting the audit log.
Responsible AI content controls
BRICQS deployments run open-weight models on dedicated infrastructure — the platform does not intercept model inputs or outputs. Content filtering, topic restriction, and safety classifiers must be implemented at the application layer (in the calling code or as a custom inference wrapper). The Governance panel supports per-project policy rules that can flag or block audit-logged events by pattern; this is not a real-time inference filter but an audit and alerting mechanism.
Vulnerability disclosure
To report a security vulnerability, email security@bricqsai.com. We respond within 48 hours and follow coordinated disclosure. Do not file public issues for security reports.