Security Model

AI Controller implements a security model that protects your data and AI interactions. This document explains the key security components and how they work together to create a secure platform for enterprise AI applications.

Security Architecture

AI Controller security functions through multiple integrated layers that collectively protect your environment. The outermost layer starts with network security, which includes TLS/HTTPS encryption and firewalls. Moving inward, we have application security with authentication, authorization, rules engine, and audit logging. Data security provides encryption and hashing to protect information at rest.

flowchart TD
    subgraph SL[Security Layers]
        subgraph NS[Network Security]
            NS1[TLS/HTTPS]
            NS2[Firewalls]
        end

        subgraph AS[Application Security]
            AS1[Authentication]
            AS2[Authorization]
            AS3[Rules Engine]
            AS4[Audit Logging]
        end

        subgraph DS[Data Security]
            DS1[Encryption]
            DS2[Hashing]
        end
    end

    classDef framework fill:#f5f5f5,stroke:#333,stroke-width:1px,color:#000
    classDef network fill:#e1f5fe,stroke:#333,stroke-width:1px,color:#000
    classDef application fill:#e8f5e9,stroke:#333,stroke-width:1px,color:#000
    classDef data fill:#fff8e1,stroke:#333,stroke-width:1px,color:#000
    classDef component fill:#f5f5f5,stroke:#333,stroke-width:1px,color:#000

    class SL framework
    class NS network
    class AS application
    class DS data
    class NS1,NS2,NS3,NS4,AS1,AS2,AS3,AS4,DS1,DS2,DS3,DS4 component

These security layers create multiple lines of defense that work to safeguard your data and AI resources. Each component plays a specific role in the overall security, providing defense against potential threats.

Authentication vs. Authorization

It's important to understand the distinction:

Authentication: Verifies who a user is (login credentials, API keys)
Authorization: Determines what a user can do (permissions, roles, rules)

AI Controller handles both processes, first authenticating the user or application, then applying authorization rules to determine allowed actions.

Network Security

Network security forms the first barrier against unauthorized access to your AI resources. By securing the communication channels between users and the system, we prevent data interception and many common attack vectors.

Transport Layer Security

All communications with AI Controller use TLS encryption to create a secure tunnel for data transfer. The system requires TLS 1.2 or higher for all connections, enforces strong cipher suites by default, and implements certificate validation for all connections. These measures protect your data while it travels between your applications and the AI Controller, preventing eavesdropping and man-in-the-middle attacks.

Network Controls

The platform supports additional network security features to further restrict access. You can implement firewall rules to limit access to specific IP ranges, ensuring that only authorized networks can connect to your AI resources. Network segmentation helps isolate components, containing potential security incidents and reducing their impact. These controls work together with other security measures to create a robust defense against network-based threats.

Authentication

Authentication verifies the identity of users and applications before they can access the system. AI Controller provides flexible authentication options to fit your existing infrastructure and security requirements.

Authentication Methods

The platform supports several authentication approaches to accommodate different use cases and security needs:

API Keys: For application authentication, AI Controller generates cryptographically secure random strings that serve as unique identifiers. These keys are never stored in plaintext but instead as salted hashes in the database. You can scope API keys to specific providers or operations, limiting their access to only what's needed.
Username/Password: For web interface access, users can authenticate with traditional credentials. AI Controller stores only the salted, hashed passwords in the database - the actual passwords cannot be retrieved. This uses the same secure hashing approach as API key storage, protecting them even if the database is compromised.
JWT Tokens: The web interface uses JSON Web Tokens stored in secure HTTP-only cookies for session management. The system uses two types: short-lived access tokens for immediate use and longer-lived refresh tokens for extended sessions. All tokens are signed with secure algorithms to prevent tampering.

For implementation details and additional authentication options, see Access Control.

Authorization Model

Once a user or application has been authenticated, the authorization system determines what resources they can access. This control ensures that users can only interact with the AI resources appropriate for their role and needs.

Role-Based Access Control

The platform implements a RBAC model that organizes access permissions around roles rather than individual users. This model includes:

Users: Individual accounts with unique credentials that identify specific people or services.
Groups: Collections of users that reflect your organizational structure, making it easier to manage permissions for teams or departments.

Rules Engine

The Rules Engine extends the basic RBAC model with dynamic access control based on multiple factors. It considers the user and group identity, as well as the specific model and provider selection requested. This allows for precise governance over AI resource usage, ensuring that access control aligns perfectly with your organizational policies and compliance requirements.

Data Protection

AI Controller includes multiple layers of data protection that work together to safeguard information throughout its lifecycle.

Data-in-Transit Protection

All data transmitted to and from the platform receives strong protection through several mechanisms. TLS encryption secures all HTTP traffic, preventing interception during transmission. Secure connections to database and cache services ensure that internal data movement remains protected. Encrypted communication with AI model providers extends this protection to third-party services, creating end-to-end security for all data flows.

Data-at-Rest Protection

Information stored by the platform benefits from multiple security measures. Provider API keys in the database are encrypted to prevent unauthorized use even if the database is accessed. User passwords undergo secure hashing to ensure they cannot be reversed if exposed. The platform supports database encryption technologies for additional protection and can work with operating system level disk encryption for comprehensive data security.

API Key Security

API keys serve as the primary authentication mechanism for many interactions with the platform. Proper management of these keys is essential for maintaining system security.

Provider API Keys

AI Controller securely manages the credentials needed to access external AI services, centralizing this sensitive information. Keys undergo encryption in the database, preventing exposure even if the database is compromised. They never appear to end users, maintaining strict separation between user interfaces and credential storage. Provider API keys cannot be retrieved once stored - not even by administrators - ensuring maximum security for these sensitive credentials.

This centralized approach improves overall security by removing the need to distribute sensitive provider credentials across multiple applications or teams. It creates a single point of control for managing these important access tokens.

For details on how API keys are managed and secured, see API Key Management.

Platform API Keys

Applications use AI Controller API keys to securely access the platform services. Each key serves a specific purpose and comes with a defined set of permissions that limit what it can do. Like provider keys, these credentials are stored as cryptographic hashes rather than in plaintext, protecting them from disclosure.

Users and administrators can create new keys as needed. Administrators can monitor key usage to detect potential security issues and expire any key immediately if compromised. For additional security, keys can have limitations that restrict them to specific providers or models, preventing unauthorized access to other resources.

Audit and Logging

Comprehensive audit logging captures security-relevant events throughout the system. These logs serve multiple purposes: detecting security incidents, investigating potential breaches, demonstrating compliance, and understanding system usage patterns.

Authentication Events

The system records all authentication activities, creating a detailed trail of system access. API key usage appears in these logs, showing which keys accessed which resources and when. This information proves invaluable for detecting unusual access patterns that might indicate a security problem.

Request Logging

API requests undergo logging with configurable detail levels to balance security monitoring with privacy and storage concerns. Basic request metadata includes timestamp, user identity, and the endpoint accessed. More detailed logs can capture request parameters and headers, response status codes and timing information. When needed for compliance or security investigations, you can access the full request and response content log.

For information on accessing and working with audit data, see Access Control.

Updated: 2025-05-16