Enterprise-grade security for AI workforces
Headmaster gives organizations full control over what AI agents can see, do, and decide — with encryption, isolation, audit trails, and human approval baked into every layer.
Trust boundary
Every action in Headmaster passes through a trust boundary. Inside the workspace, agents draft, reason, and prepare. Outside the boundary — any action that reaches customers, modifies production data, or calls an external service — requires explicit human approval.
Initiates work, reviews outcomes, and manages workspace membership.
Blocks sensitive actions — emails, data writes, external calls — until an Approver signs off.
Loads context from memory, reasons over tasks, delegates sub-work, and produces drafts for review.
Executes scoped calls inside configured boundaries. Tools are denied by default and enabled per workspace.
How Headmaster protects your organization
Security isn't an add-on — it's the architecture. Every layer of Headmaster is designed so that AI agents operate within boundaries you define, with visibility into every decision they make.
SOC 2 Type II audit-ready
Headmaster maintains controls mapped to SOC 2 Type II trust service criteria — security, availability, processing integrity, confidentiality. Annual audits conducted by an independent CPA firm. Reports available to customers under NDA.
AES-256 encryption at rest
All persisted data — workspace state, memory, credentials, audit logs — is encrypted at rest using AES-256 with keys managed through a dedicated KMS. Encryption keys are rotated automatically and never co-located with the data they protect.
GDPR compliance
Full data processing agreement support, right-to-erasure workflows, and data residency options for EU customers. Subprocessors are enumerated in our DPA. No personal data leaves the processing boundary without documented lawful basis.
Complete audit trail
Every tool invocation, approval decision, credential access, workspace mutation, and role change is recorded in an immutable, queryable audit log. Export via API for SIEM integration or compliance review. 90-day hot retention, cold archive available.
Role-based access control
Four predefined roles — Viewer, Operator, Approver, Admin — each with least-privilege defaults. Viewers observe. Operators draft and execute non-sensitive actions. Approvers gate sensitive actions. Admins manage membership and policy. Custom roles available on Enterprise.
Permissioned tools
Every tool an agent can call — email, filewrite, API request, shell command — is bound to a permission tier. Tools are denied by default until an Admin explicitly enables them for a workspace. No shadow capability surface.
Isolated workspaces per org
Each organization operates in a fully separate workspace: its own memory, credentials, agents, audit logs, and membership roster. Zero data leakage between tenants. Workspace isolation is enforced at the application layer, not just logical separation.
Human-in-the-loop approvals
Sensitive actions — sending emails, modifying production data, transferring funds, deploying code — pause execution until a designated Approver explicitly signs off. Approvers see full context: the agent's reasoning, affected resources, and risk assessment before deciding.
Configurable risk levels
Administrators set per-tool and per-action risk tiers: low, medium, high, and critical. Low-risk actions auto-execute. Medium requires Operator confirmation. High and critical require Approver sign-off. Risk tiers propagate to all agents in the workspace.
Role-based access
Headmaster ships with four roles following least-privilege principles. Every role maps to a specific set of capabilities — no implicit access, no privilege escalation paths.
Viewer
Read-only access to workspace state, agent outputs, and audit logs. Can observe but not trigger actions or approve requests.
Operator
Can initiate agent runs, execute low-risk tools, and draft outputs. Cannot approve sensitive actions or modify workspace settings.
Approver
All Operator capabilities plus the authority to approve or reject actions at the trust boundary — emails, data writes, external API calls.
Admin
Full workspace management: role assignments, tool permissions, risk-tier configuration, audit log access, and integration settings.
Infrastructure & data
Headmaster runs on infrastructure that meets enterprise compliance standards. Data flows, encryption boundaries, and subprocessor relationships are fully documented.
Deployed on Vercel's SOC 2 Type II and ISO 27001 certified infrastructure. Edge functions for low-latency orchestration, serverless compute for agent execution. Vercel handles DDoS mitigation, TLS termination, and CDN distribution.
Headmaster agents run on a purpose-built runtime engine that provides sandboxed execution, structured tool calling, memory persistence, and real-heartbeat monitoring. Engine updates are rolled out with zero-downtime deployments.
All network traffic — API calls, websocket events, agent-to-tool communication — is encrypted in transit using TLS 1.3. HSTS is enforced. Certificate pinning is available for Enterprise customers.
Every authentication event, API call, and admin action is logged with timestamp, actor identity, IP, and user-agent. Logs are shipped to a tamper-evident store and retained per your data retention policy.
Security is the product, not a feature
We offer security briefings for enterprise evaluations — covering architecture, data boundaries, compliance posture, and incident response. Our team can walk through any aspect of the platform in detail.