Checking cross-origin isolation…
Security & Trust

Radical Transparency by Default

We practice what we preach. Every build is cryptographically signed, every dependency is tracked, and every claim is verifiable. Welcome to the receipts-first security model.

Browser-Verifiable Build Attestation

This page was built with cryptographically signed proofs. Verify it yourself.

Last updated:
Signed
Version
2.0.0
Environment
production
Commit
6fe0e79
Public key fingerprint
SHA256:349b685e628d2894de982d238bd2b338f6aad29c5d25b7fc31bad9bcf3dc5627
SBOM digest
sha256:6a3f24dbe31f6b80c0ad8a25a9d5a36d51b96e2e35c5f8c1bd6a9edb0f4236be

Security Posture

SBOM: 847 packages
2 medium 5 low
View SBOM
Compliance Frameworks
Last audit: 1/10/2025
SOC 2 Type IIGDPREU AI Act Ready

Quick verification commands

Replace the base URL if you are validating a preview environment. Both commands should output the values shown above.

Verify attestation signature (Node 18+)
export BASE_URL="https://railguard.ai"
node --input-type=module <<'VERIFY'
import { createPublicKey, verify } from "crypto"

const base = process.env.BASE_URL ?? "https://railguard.ai"
const attestation = await fetch(`${base}/.well-known/build-attestation.json`).then((res) => res.json())
const pubKey = await fetch(`${base}/.well-known/public-keys/railguard-build-ed25519.pub`).then((res) => res.text())

const { signature, ...unsigned } = attestation
const message = Buffer.from(JSON.stringify(unsigned))
const publicKey = createPublicKey(pubKey.trim())
const signatureBytes = Buffer.from(signature.signatureBase64, "base64")

console.debug("Verified:", verify(null, message, publicKey, signatureBytes))
VERIFY
Cross-check SBOM digest (OpenSSL)
export BASE_URL="https://railguard.ai"
curl -sS "$BASE_URL/.well-known/railguard-gateway-sbom.json" | openssl dgst -sha256
# Expected digest: sha256:6a3f24dbe31f6b80c0ad8a25a9d5a36d51b96e2e35c5f8c1bd6a9edb0f4236be
Download build attestation JSONDownload all artifacts (.zip)

Attestation and SBOM artifacts are available from /.well-known. Download everything at once via railguard-artifacts.zip or follow the verification guide for deeper instructions.

Our Security Principles

Zero Trust Architecture

Every request is authenticated and authorized. No implicit trust, no exceptions. All access is logged with cryptographic receipts.

Cryptographic Receipts

Every build, deployment, and security event is signed with Ed25519. Receipts are immutable, verifiable, and auditable.

Supply Chain Security

Full SBOM (Software Bill of Materials) for every release. Continuous vulnerability scanning with automated remediation.

Reproducible Builds

Every build is reproducible from source. Given the same inputs, you'll get byte-for-byte identical outputs.

Defense in Depth

Multiple layers of security controls. If one layer fails, others prevent compromise. Continuous monitoring and threat detection.

Compliance by Design

SOC 2 Type II, GDPR, and EU AI Act controls built into every layer. Compliance isn't an afterthought—it's the foundation.

Compliance & Certifications

SOC 2 Type II
Independently audited security controls
GDPR Ready
Data protection and privacy by design
EU AI Act Ready
High-risk AI system compliance

Security Resources

Verification Guide

Learn how to verify our build attestations and cryptographic signatures

Software Bill of Materials

View our complete dependency list and vulnerability reports

Trust Center

Security documentation, compliance reports, and penetration test results

Report a Vulnerability

Responsible disclosure: security@railguard.ai (PGP key available)

Security | Railguard AI | Railguard AI