Console

AI workflow security

Security controls for private AI Skills.

Keep source on the server-hosted mode path, check access before use, review risky output, and leave audit evidence.

  • Server-hosted mode source stays server-side
  • Access follows membership and roles
  • Governance events are auditable
Create organizationRead docs

Security exhibit

Current controls for hosted source, access, delivery, output review, and audit evidence.

AreaCurrent controlEvidence
Hosted source boundaryServer-hosted mode source bundles stay on the server-hosted mode path.Local sync receives a runnable Skill entry, not source files.
Access controlMembers pass organization, role, Skill access, policy, and plan checks.Access outcomes appear in organization security and audit views.
Delivery modePublic-source mode changes require review before source can sync.Delivery approvals and rejections create governance records.
Output reviewServer-hosted mode output can be blocked when it appears to expose source-like content.Blocked output records include actor, Skill, outcome, and reason.
Audit evidenceAudit summaries keep governance metadata without sensitive payload bodies.Source reads, syncs, approvals, and blocks stay reviewable.

Control areas

Concise controls, current scope, and where reviewers can find evidence.

Hosted execution

Server-hosted mode Skills run through the server-hosted boundary.

Identity and access

Organization membership and Skill access decide use.

Delivery review

Source-sync changes leave approval records.

Output blocking

Risky server-hosted mode output can be blocked before delivery.

Audit logs

Security events keep actor, target, outcome, and reason.

Payload boundary

Prompts, outputs, source bodies, keys, and local paths stay out.

Boundary event trail

Traceable without storing sensitive payloads

Admins can review who acted, which Skill was affected, and why a control allowed or blocked the event.

Prompts, outputs, source bodies, model keys, and local paths stay out of audit summaries.
WhoActionTargetWhen
Security adminSource readPayroll review Skill
Output guardOutput blockedServer-hosted mode output
OwnerDelivery approvedPublic-source mode request