Security by architecture, not by policy

Most platforms protect your data with access control lists and hope for the best. Sprigr Team makes unauthorized access physically impossible through isolated infrastructure, encrypted secrets, and multi-layer defenses that operate independently of each other.

Start Free — No Credit Card

Your data is physically separate

Not row-level security. Not access control lists. Physical separation enforced by infrastructure.

When you create a Sprigr Team workspace, your company receives its own dedicated storage instances. Your agents run as independent stateful processes, each with its own persistent storage. There are zero shared databases. There are zero shared tables. There is no shared query layer between companies.

This is fundamentally different from how most platforms work. The typical approach is a single large database with row-level access controls where a single misconfigured query, a single injection vulnerability, or a single permission error can expose every customer’s data. In Sprigr Team, that scenario is architecturally impossible. Your data does not exist in any storage instance that another company’s agents can reach.

Typical approach

Shared database Row-level access controls One bug away from data leak Must audit every query path Misconfiguration = breach

Sprigr Team

Dedicated storage per company No shared tables Cross-company access is physically impossible Nothing to misconfigure Architecture enforces isolation
Access controls can be misconfigured. Physical separation cannot.

Secrets that are actually secret

The full lifecycle of a credential in Sprigr Team, from storage to runtime injection to output.

Storage: Encrypted at rest in isolated namespaces

Secrets are stored encrypted at rest in isolated per-company namespaces. No other company’s agent, no API endpoint, and no internal service can read the raw values from another company’s namespace. The storage boundaries are enforced by infrastructure, not by application logic.

Injection: Decrypted only at runtime inside isolated sandboxes

When an agent needs a credential to make an API call or connect to a service, the secret is decrypted and injected into an isolated sandbox environment at the moment of execution. The secret exists in memory only for the duration of the task. It is never written to disk, never stored in logs, and never included in database records.

AI-level defense: Platform directives that cannot be overridden

Beyond infrastructure controls, the AI itself has platform-level directives that refuse to extract, encode, transform, or display credential values. These directives are injected at the platform level. They are independent of any company-configured prompts, invisible to end users, and cannot be overridden by user instructions, prompt injection, or social engineering. They cover all encoding forms: base64, hexadecimal, reversed strings, URL encoding, character splitting, and any other transformation. The AI will refuse to write code that extracts credentials, not just warn about it.

Every execution is isolated

A fresh sandbox with no shared state. Every time.

Each code execution creates a fresh, isolated environment. There is no shared memory between agent instances or between companies. There is no filesystem persistence between runs. Each execution starts completely clean.

Network access is controlled and all requests are auditable. Each sandbox receives only the specific credentials authorized for that agent. Execution environments are destroyed after each task completes, leaving no residual data in memory or on disk.

Fresh environment

Every execution starts in a clean, isolated sandbox with no residual state from previous runs.

No shared memory

Zero shared memory between agent instances. Zero filesystem persistence between runs.

Controlled access

Controlled network access and only authorized credentials injected per agent.

Five layers. Zero single points of failure.

Each defense layer operates independently. Defeating one does not compromise the others.

  1. 1

    Infrastructure isolation

    Physical separation of storage and compute per company. Zero shared databases, zero shared query layers. Cross-company access is architecturally impossible.

  2. 2

    Encrypted storage

    Secrets encrypted at rest with per-company encryption boundaries. Decryption occurs only at runtime inside isolated execution environments.

  3. 3

    Runtime sandboxing

    Code execution in isolated environments with controlled access. Fresh instance per execution, no shared state, credentials injected only for authorized tools.

  4. 4

    AI behavioral controls

    Platform-level directives that instruct the AI to refuse credential extraction, encoding, or display. Covers all encoding forms. Cannot be overridden by user prompts or prompt injection attacks.

A prompt injection that tricks the AI past its behavioral controls still faces infrastructure isolation. A vulnerability in sandboxing still faces encrypted storage. Each layer is a complete defense on its own. Together, they create a security posture that no single attack vector can defeat.

How most platforms get it wrong

Most platforms store all customer data in a single shared database, relying on application-level access controls to prevent cross-tenant queries. A single bug in the query layer, a single injection vulnerability, or a single permission misconfiguration can expose every customer’s data at once. This is not a theoretical risk. It is the most common class of multi-tenant security vulnerability in the industry.

Credentials are typically stored as plaintext environment variables or in shared secret management services with software-level access policies. If the application server is compromised, every customer’s credentials are exposed simultaneously. There is no per-company isolation at the storage level.

Few platforms defend against credential leakage in agent output. If an agent is prompted into outputting a credential through social engineering or prompt injection, it appears in logs, API responses, and potentially user-facing interfaces with no automated defense in place.

Almost no platform implements AI-level behavioral controls against credential extraction. Typical AI agent platforms will comply with any sufficiently creative prompt to base64-encode, hex-encode, reverse, or otherwise obfuscate a secret in their output. Without platform-level directives, prompt injection is a reliable attack vector against stored credentials.

The result is a security model that depends entirely on things going right. One misconfigured policy, one overlooked query path, one creative prompt, and the defenses collapse. Sprigr Team is designed so that even when things go wrong at one layer, the others continue to protect your data independently.

Built for compliance

Architecture-level guarantees that simplify your compliance story.

Physical data isolation

Eliminates shared-infrastructure risk entirely. No shared databases to audit for cross-tenant access. Each company’s data lives in its own dedicated storage instances.

Encrypted credential management

Secrets encrypted at rest with per-company boundaries. Runtime injection only inside sandboxed environments. No plaintext credentials anywhere in the system.

Complete audit trail

Every agent action, tool call, and output is logged with timestamps and metadata. Export-ready for compliance review.

No shared infrastructure

Internal services communicate through private bindings, never traversing the public internet. Zero shared databases between companies. Reduces attack surface to near zero.

Security questions

Can employees access my data?

Your data lives in dedicated storage instances that are physically separate from Sprigr’s internal infrastructure. There is no shared database, no internal admin panel that queries customer data, and no back door. Isolation is enforced by the infrastructure itself, not by access policies that could be misconfigured.

What about prompt injection?

Multiple independent defense layers protect against prompt injection: platform-level directives instruct the AI to refuse credential extraction regardless of how the request is phrased, runtime sandboxing limits the blast radius of any single compromise. Even if one layer is bypassed, the others continue to operate independently.

How are secrets encrypted?

Secrets are encrypted at rest in isolated per-company namespaces. Decryption occurs only at runtime inside sandboxed execution environments. Secrets are never stored in plaintext, never written to logs, and never included in API responses or database records.

Is there an audit trail?

Yes. Every agent action, tool invocation, code execution, and message is logged with timestamps, agent identifiers, and execution metadata. Audit data is available through your dashboard and can be exported for compliance review.

What about compliance?

Sprigr Team’s architecture provides physical data isolation, encrypted credential management, complete audit trails, and private internal communication, all of which simplify your compliance posture. Our infrastructure runs on Cloudflare’s global network across hundreds of edge locations. We are working toward formal certifications. Contact us at chris@sprigr.com for details on our current compliance alignment and to discuss your specific requirements.

How is this different from enterprise security tiers?

Most platforms gate security features behind expensive enterprise tiers. You pay more to get isolation, encryption, or audit trails. In Sprigr Team, every account gets the same architecture: dedicated storage, encrypted secrets, runtime sandboxing, and AI behavioral controls. Security is not a pricing tier. It is how the system works.

Read the Documentation →

Ready to see security done right?

Enterprise-grade security included for every account.

Start Free — No Credit Card
Related Team Overview AI Agent Security Multi-Agent Workflows Documentation