Security & Trust

Security isn’t a feature bolted onto Neubird — it’s the architectural foundation. Every design decision starts with the question: how do we give teams powerful investigation capabilities without compromising their security posture?

Security Principles

Zero Data Storage

Neubird operates as a fully ephemeral platform. Telemetry data is processed in real-time and held only in memory for the duration of an investigation. Once an analysis session ends, all data is automatically purged. There is no historical data store, no data lake, no telemetry archive.

Read-Only Access

Every connection to your infrastructure uses strictly read-only permissions. This isn’t a policy — it’s architecturally enforced. It is technically impossible for Neubird to modify your systems, configurations, or data.

Metadata-Only LLM Interaction

Your actual telemetry data never reaches an LLM. Neubird uses LLMs as a reasoning guide to generate investigation plans and telemetry retrieval programs. Only metadata — field names, schemas, timestamps, data structure descriptions — is included in LLM prompts. All data processing happens in isolated memory.

Principle of Least Privilege

Each connection is scoped to the minimal set of resources required for analysis. Detailed documentation of required permissions is provided for every integration type.

Temporary Credentials

Neubird exclusively uses short-lived security credentials (e.g., AWS Security Token Service) for cloud access. No long-term credentials are stored in the system.

Customer-Controlled Access

You maintain complete control over permissions. Each integration uses customer-specific external IDs and custom trust policies that you configure. Access can be revoked instantly at any time.

Secure Authentication

Industry best practices for authentication across all supported platforms:

Platform	Authentication Method
AWS	IAM roles with external IDs and custom trust policies
Azure	Registered applications with explicit permission boundaries
GCP	Service accounts with defined scope
Third-party tools	API keys with defined scope and regular rotation

Compliance

• SOC2 Type II certified — audited security controls and processes
• Compliance-ready architecture — aligns with major compliance frameworks and cloud provider best practices

AI Policy

No LLM Training

Your data is never used to train models or shared with external LLM providers. The LLMs serve as reasoning guides — the Neubird engine does the actual data processing in isolated memory.

Explainability

All recommendations include clear rationale and supporting evidence. Every step of the investigation is logged in an audit trail so you can verify Neubird’s reasoning.

Human Oversight

AI serves as an intelligent assistant — critical decisions remain under human control. Neubird provides root cause analysis and recommended actions; your team decides what to do with them.

Continuous Monitoring

Neubird’s AI performance and decision quality are actively tracked and validated. Investigation plans are continuously improved based on outcomes.

Deployment Models

Neubird supports three deployment models to match your security requirements.

Model	Description	Best For
Standard SaaS	Neubird runs in NeuBird’s account. Your telemetry stays in your environment and is queried remotely.	Fastest setup, most teams
Bring Your Own LLM	Application in NeuBird’s account, but you supply your own AWS Bedrock and DocumentDB.	Organizations concerned about LLM data exposure
Private VPC	Fully deployed in your own AWS account via CloudFormation. Data never leaves your environment.	Security-conscious enterprises

Tip

The Private VPC model is used by enterprises with the strictest security requirements. The entire Neubird stack runs within your AWS account — no data crosses account boundaries.