Security
We practice what we preach. Piscium's platform and infrastructure are built with the same security rigor we deliver to our customers, and we're honest about where we are on the journey.
Security Status
Active
All systems operational. Continuous monitoring enabled.
Standards & Posture
OWASP APTS
We align our autonomous testing to the OWASP Autonomous Penetration Testing Standard: a governance standard for operating autonomous pentest platforms safely, transparently, and within defined boundaries.
Certifications in progress
We do not yet hold third-party security certifications. We'll update this page as that changes. We won't claim what we haven't earned.
Data protection
Customer data is encrypted in transit and at rest, with least-privilege access controls and documented handling practices.
Our Security Posture
Encryption, least-privilege access, and continuous validation, applied to our own systems with the same rigor we deliver to customers.
Encryption
Data encrypted in transit (TLS 1.3) and at rest (AES-256).
Access Control
Role-based access control with mandatory multi-factor authentication and least-privilege defaults.
Secure Development
SAST, DAST, and SCA integrated into our CI/CD pipeline. All code reviewed before merge. Dependency updates automated.
Incident Response
Documented incident response plan with defined escalation paths.
Continuous Validation
We continuously validate our own environment using the Piscium platform, following the OWASP APTS safety and transparency requirements.
Related Resources
Have Security Questions?
Our security team is happy to discuss our practices, share our security documentation, or answer vendor security questionnaires.