Skip to main content
Neo is built for enterprise security teams who need powerful AI capabilities without compromising on data protection. We understand that security professionals handle sensitive information daily: vulnerability details, source code, infrastructure configurations, and proprietary business logic. That’s why privacy and security are foundational to everything we build.

Our privacy commitment

We do not train or fine-tune on your data. Your prompts, code, vulnerability findings, and all outputs remain exclusively yours.
Our privacy principles are non-negotiable:
  • No model training: Your data is never used to train, fine-tune, or improve our models. What you share with Neo stays with Neo and is not fed back into any learning pipeline.
  • Zero data retention at model level: We partner with LLM providers under zero data retention policies and data training agreements. No data is stored or used for training at the model provider level.
  • Data isolation: Each organization’s data is logically isolated. There is no cross-tenant access or data leakage between customers.
  • Retention controls: You can specify custom data retention and auto-deletion policies. Generated artifacts and conversation history follow your organization’s data lifecycle requirements.
  • Audit transparency: Access logs and usage records are available for your compliance and audit requirements.
For enterprise deployments, we offer additional controls including dedicated infrastructure, custom data residency requirements, and integration with your existing security and compliance frameworks.

Secure-by-design architecture

Neo’s architecture is purpose-built for security operations. Every component is designed with defense-in-depth principles, ensuring that agents operate within controlled boundaries while still delivering powerful capabilities.

Isolated sandbox execution

All agent execution happens within isolated sandbox environments. Scripts and payloads run in ephemeral containers with no access to host systems, and each execution environment is fresh and destroyed after task completion. Network access, system calls, and resource usage are strictly controlled, ensuring agents cannot reach beyond their designated scope without explicit configuration. Application testing and reconnaissance happen within defined target boundaries, with scope constraints preventing unintended access to out-of-scope systems. Binary analysis and decompilation run in isolated environments with no network access, ensuring potentially malicious code cannot exfiltrate data.

Access control principles

Neo implements strict access control at every layer:
  • Explicit grants: Agents only access secrets and endpoints that are explicitly granted. No implicit permissions or default access.
  • Workflow boundaries: Clear separation between different workflows ensures that one task cannot access data from another unless explicitly shared.
  • Scoped credentials: Environment variables and API keys are injected at runtime and scoped to specific tasks. Credentials are never written to disk or logged.

Enterprise security features

For enterprise deployments, Neo provides additional security capabilities:

SSO & Identity

SAML and OIDC integration with your identity provider. Role-based access control with custom permission policies.

Audit Logging

Comprehensive audit trails for all agent actions, API calls, and data access.

Network Controls

VPC peering, private endpoints, and IP allowlisting. Keep all traffic within your network perimeter.

Compliance

SOC 2 Type II certified. EU-US Data Privacy Framework (DPF) and UK Extension to EU-US DPF compliant.

Questions?

If you have security or privacy questions, reach out to our team. We’re happy to discuss our architecture, provide security documentation, or schedule a technical deep-dive with your security and compliance teams.