Security

Security and privacy are the product. Nyx is engineered so that sensitive data is protected at the point it leaves your organization, and so that every decision is provable to an auditor.

Privacy by design

Intent analysis and anonymization run on-device, prompts are not sent to a third-party classifier. Mathematical k-anonymity generalizes sensitive data so individuals can't be re-identified, while preserving the context the model needs.

Encryption

Data is encrypted in transit (TLS) and at rest (AES-256), with keys managed independently. Policies and control commands distributed to the fleet are Ed25519-signed and verified before they are applied.

Tamper-evident audit

Every enforcement decision is recorded in a cryptographically hash-chained audit trail, so any in-place change is detectable by re-verification , evidence ready for SOC 2, GDPR, HIPAA, PCI-DSS, EU AI Act, NIS2 and ISO 27001.

Sovereign deployment

Nyx runs cloud-hosted, on-premise, or fully air-gapped. In sovereign and air-gapped deployments no telemetry leaves your enclave; policy updates arrive via signed, offline channels.

Responsible disclosure

If you believe you've found a security vulnerability, please report it to contact@nyxai.io. We appreciate coordinated disclosure and will work with you on a timely fix.