Security & Governance
Learn about Kubiya's security features, access controls, and governance capabilities
Security & Governance
Kubiya provides comprehensive security and governance features to ensure your agents operate within defined boundaries and comply with your organization's security policies.
Security Architecture
Kubiya's security architecture is designed with multiple layers of protection:
Authentication & Identity
Kubiya supports various authentication methods to secure agent access:
- Single Sign-On (SSO): Integration with common identity providers (Okta, Azure AD, Google)
- OAuth/OIDC: Standard authentication protocols for secure access
- API Keys: Secure programmatic access
- MFA Support: Additional security layer for sensitive operations
Agents inherit the permissions of the authenticated user, ensuring actions are tied to user identity.
Authorization & Access Control
Fine-grained authorization controls determine what actions users and agents can perform:
Role-Based Access Control
- Administrator: Full platform management
- Developer: Create and modify agents and tools
- Operator: Use agents and view results
- Viewer: View-only access to specific resources
Resource-Level Permissions
- Control which users can access specific agents
- Restrict tool availability to certain agents
- Limit knowledge source access to authorized agents
- Enforce department or team-based separation
Approval Workflows
For sensitive operations, Kubiya provides built-in approval mechanisms:
Secure Tool Execution
Tools operate with strict security controls:
- Isolated Execution: Containerized environments separate tool operations
- Least Privilege: Tools use the minimum permissions required
- Secret Management: Secure handling of credentials and tokens
- Network Controls: Restricted network access based on need
Audit & Compliance
Comprehensive tracking of all agent and user activities:
- Detailed Audit Logs: Record all actions, changes, and approvals
- Usage Analytics: Track agent usage patterns and request types
- Conversation Logging: Option to retain full conversation history
- Compliance Reports: Export logs for regulatory requirements
Data Protection
Kubiya implements several data protection measures:
- Data Encryption: Encryption for data at rest and in transit
- Data Retention: Configurable retention policies for conversations and logs
- PII Handling: Tools for identifying and protecting personal information
- Data Sovereignty: Options for regional data processing and storage
Security Best Practices
When setting up and using Kubiya:
- Follow the principle of least privilege: Grant minimal permissions needed
- Implement approval flows for destructive or sensitive operations
- Regularly review access rights and remove unused accounts
- Audit tool actions periodically to verify proper usage
- Test security controls as part of agent deployment
Always verify tools handle sensitive information appropriately, especially when integrating with critical systems.
Governance Features
Beyond basic security, Kubiya provides governance capabilities:
Usage Quotas
- Limit API calls per user or team
- Control resource consumption
- Prevent abuse or runaway processes
Content Policies
- Filter sensitive information in responses
- Prevent sharing of confidential data
- Enforce appropriate language and tone
Operational Control
- Centrally manage agent deployments
- Standardize tool configurations
- Control agent model versions
Enterprise Security Features
For enterprise environments, Kubiya offers additional security capabilities:
- SAML Integration: Enterprise identity provider support
- Private Deployments: Fully isolated Kubiya environments
- Custom Security Modules: Integration with existing security tools
- VPC Connectivity: Secure connection to private networks
- Compliance Certifications: Documentation for common compliance frameworks
Security Response
Kubiya's approach to security incidents includes:
- Automated detection of unusual patterns
- Immediate notification of security concerns
- Ability to revoke access or disable components
- Regular security updates and patches
Next Steps
- Learn about agent capabilities
- Explore tool management
- Discover knowledge integration