Questions about how we handle your data?
We're happy to walk through the architecture in detail before you sign up.
We built the infrastructure around that principle — not as a feature, but as a constraint. Here's exactly what that means in practice.
Most AI platforms act as a pass-through — your requests go through their servers, where they can see what you're sending and potentially log it. That's a non-starter for businesses handling client data, financial information, or anything sensitive.
With Coworkforce, your LLM API keys are stored on your dedicated VM. Every AI call your agents make goes directly from your server to the model provider — not through us. We never see your prompts, your responses, or your data in transit.
We support any OpenAI-compatible API. Most customers use Claude (Anthropic), GPT-4 (OpenAI), or a popular self-hosted local LLM runtime — running on their own hardware, with 12,000 instances already deployed worldwide and no outbound data at all.
This isn't a privacy policy clause. It's a structural guarantee — enforced by how the platform is built, not by a promise we're asking you to trust.
These are real vulnerabilities from 2025–2026. We track them so you don't have to — and so we can make sure none of them affect your team.
A tool-calling vulnerability in a widely-used agentic framework allowed malicious content returned by a tool to override agent instructions. Affected deployments with external data sources — web search, document ingestion, and similar integrations.
An adversarial prompt technique caused an agent to reveal contents of its system prompt — including API credentials that had been embedded directly. Our architecture separates credentials from agent instructions entirely.
A loop in tool-calling logic caused runaway API consumption. Without rate limiting at the infrastructure level, a single compromised workflow could exhaust an account's API budget in minutes.
A research scan discovered over 12,000 publicly-accessible instances of a popular self-hosted local LLM runtime with no authentication. Anyone on the internet could query them, view their configuration, or send arbitrary prompts. Proper network isolation is not optional for agentic infrastructure.
Every decision in this table was made to reduce the attack surface and protect your data.
| Component | Our approach | Status |
|---|---|---|
| LLM API keys | BYOK — stored only on your VM, never transmitted to Coworkforce servers | Enforced |
| Compute isolation | Dedicated VM per customer. No shared infrastructure, no cross-tenant data paths | Enforced |
| Agent action logs | Every tool call, every output, every state change is logged with timestamps | Enforced |
| Dependency management | All components pinned to reviewed versions. No auto-updates from public registries | Enforced |
| Network ingress | HTTPS only, TLS 1.2+. All workspace subdomains go through authenticated reverse proxy | Enforced |
| Model training on your data | None. No data from your workspace is used to train shared models | Never |
| Agentic permission scope | Each agent's tool access is explicitly configured. No implicit permissions | Customer-defined |
| SOC 2 certification | In progress. Target certification date: Q4 2026 | In progress |
Coworkforce agents can take real actions in your systems: reading and writing files, sending emails and messages, calling APIs, and modifying data. These are real-world effects, not simulations. An agent that has been granted access to your email can send emails. An agent with database access can modify records.
We build guardrails into the platform — permission scoping, audit logging, rate limiting, and human-in-the-loop checkpoints where appropriate. But guardrails are not a substitute for judgment. You are responsible for reviewing what permissions you grant, what tools you enable, and what workflows you configure. If you give an agent access to something it shouldn't have, the platform will not stop it from using that access.
The April 2026 incident referenced on our homepage — where an AI agent with database write access deleted 12,000 records — happened because the company granted permissions without reviewing what "agentic mode" actually allowed. The platform's guardrails were present. The human oversight was not. The outcome was catastrophic.
We tell you this not to scare you away from AI agents, but because we think the honest answer is more useful than a promise that everything is safe. AI agents are powerful tools that benefit from careful human oversight. They work best when the humans running them understand what they're authorizing.
If you're uncertain about a workflow, ask us before you enable it. That's what the support relationship is for.
Coworkforce is not liable for data loss, unauthorized actions, or business disruption resulting from agent workflows you have explicitly authorized, configured, or approved. Our liability is limited to what is set out in your service agreement. This statement does not constitute legal advice.
We're happy to walk through the architecture in detail before you sign up.