Penetration Testing

Third-party penetration testing practices and report availability.

Annual Penetration Testing

Future AGI engages independent third-party security firms to conduct comprehensive penetration tests on an annual basis. These assessments are performed by qualified professionals who are not affiliated with Future AGI, ensuring an objective evaluation of our security posture.

Scope

Each penetration test covers the following areas:

Application Security

  • Authentication and session management
  • Authorization and access control (RBAC enforcement across roles)
  • Input validation and injection resistance across all API endpoints
  • Business logic vulnerabilities in evaluation workflows, guardrail configurations, and dataset management
  • Cross-tenant data isolation

Infrastructure Security

  • Network segmentation and firewall rule effectiveness
  • Cloud configuration review (AWS VPC, IAM policies, S3 bucket policies)
  • Container and orchestration security
  • Secrets management and key storage

API Security

  • REST API endpoint security across all platform services (tracing, evaluations, guardrails, Command Center, datasets, annotations)
  • SDK authentication and authorization
  • Rate limiting and abuse prevention
  • Webhook delivery security

Continuous Vulnerability Scanning

Between annual penetration tests, Future AGI maintains continuous security monitoring through:

  • Automated dependency scanning — All third-party libraries and container base images are scanned for known vulnerabilities on every build
  • Static application security testing (SAST) — Code is analyzed for security issues as part of the CI/CD pipeline
  • Dynamic application security testing (DAST) — Automated scanning of running services to detect runtime vulnerabilities
  • Infrastructure scanning — Regular assessment of cloud configurations against CIS benchmarks and AWS security best practices

Critical and high-severity findings from continuous scanning are triaged and remediated within the same SLA timelines as our incident response process.

Report Availability

Penetration test report summaries are available to customers on Boost, Scale, and Enterprise plans under a mutual Non-Disclosure Agreement (NDA). Reports include:

  • Executive summary of findings
  • Severity classification of identified vulnerabilities
  • Remediation status for all findings
  • Testing methodology and scope confirmation

To request a copy of our most recent penetration test report, contact sales@futureagi.com.

Questions?

Reach out to our security team.

security@futureagi.com

Request documents

SOC 2 report, DPA, pen test summary.

Request documents →