Is Areebi SOC 2 certified?

Areebi deploys entirely inside your infrastructure, so your existing SOC 2 controls cover the runtime environment. Areebi provides the audit logging, access controls, and policy enforcement you need to demonstrate compliance to your auditor. SOC 2 Type II certification for Areebi's own corporate controls is planned for 2026; we will publish the attestation when it is complete.

Where is Areebi data stored?

All data stays within your infrastructure. Areebi deploys as a self-hosted Docker image - on-premises, in your VPC, or air-gapped. No prompts, responses, or documents are sent to external servers.

Does Areebi sign BAAs for HIPAA compliance?

Because Areebi runs entirely within your environment, the traditional BAA model does not apply. Your organization maintains full control of all protected health information. Areebi provides HIPAA-specific DLP patterns and audit controls.

Public security artifacts

Public threat models

We publish architecture and threat models for the four critical layers of the Secure AI Control Plane. Every model walks through attack paths + the controls that mitigate them, anchored in the OWASP Top 10 for LLM Applications and the NIST AI 600-1 GenAI Profile.

Threat models below are scheduled to publish across Q3-Q4 2026. Subscribe to be notified when each lands.

AI Workspace Threat Model

Planned release: Q3 2026

Prompt injection, jailbreak chains, indirect prompt injection via retrieved documents, data exfiltration via tool-call abuse, system-prompt leakage. Maps each vector to detection + control plane mitigations.

Status

Drafting Q2 2026

Maps to Areebi capabilities

DLP enginePolicy engineAudit trail

DLP Engine Threat Model

Planned release: Q3 2026

False positive / false negative analysis, redaction integrity, sensitive-pattern detection in adversarial inputs, regex bypass paths, encoding evasion. Threat model walkthrough of detection-to-decision pipeline.

Status

Drafting Q2 2026

Maps to Areebi capabilities

Real-time DLPAudit fact emission

Policy Engine Threat Model

Planned release: Q3 2026

Policy bypass paths, role escalation through edge cases, time-of-check vs time-of-use, conflicting-policy resolution, signed-policy integrity, policy-as-code supply chain.

Status

Drafting Q3 2026

Maps to Areebi capabilities

Policy engineIdentity-aware access

Audit Trail Threat Model

Planned release: Q4 2026

Immutability guarantees, audit log injection / forging, gap-detection between expected and recorded events, tamper-evident chaining, export integrity for regulator review.

Status

Drafting Q3 2026

Maps to Areebi capabilities

Audit trailCompliance export

Why we publish

Threat models in public, not behind NDAs

Every CISO evaluating an AI security vendor wants to see the threat model. Most vendors gate it behind sales calls. We don't.

Public threat models mean independent researchers can review our architecture before we ever talk to them. That changes the diligence trajectory of every prospective customer.
Anchored in real standards. Each model maps to OWASP Top 10 for LLM Applications + NIST AI 600-1 GAI Profile + ISO/IEC 42001 controls. No bespoke taxonomies.
Updated with the product. A published threat model is a living document. Areebi engineering is on the hook for keeping it accurate, with public diffs every release.
Coordinated disclosure friendly. Vulnerabilities discovered against the published model get our public CVE response treatment via /security.txt.

Subscribe or talk to us

Get notified when each threat model publishes

Subscribe for releases Talk to our security team

For coordinated disclosure of vulnerabilities, see security.txt.

Taking longer than expected.

Reload the page

Public threat models

Threat models below are scheduled to publish across Q3-Q4 2026. Subscribe to be notified when each lands.