安全性是功能,
不是事后补救
VPC 部署、BYOK 加密、24,000+ 项自动化测试、五个合规框架和负责任的揭露政策。安全性内建于 JieGou 的每一层。
Audit-evidence emission is the operating-cost floor: if a workflow can't be instrumented for audit evidence, we won't take it on. Non-negotiable across phases.
The framework underneath
10-Layer Governance — the same framework we use internally and with every customer
The security capabilities below aren't ad-hoc features. They sit inside a 10-layer governance framework — Identity & Access, Audit Trail, Data Governance, Human Oversight, Model Governance, Tool Governance, Compliance, Cost Controls, Observability, and Incident Response — that JieGou uses to operate AI for paying customers and to assess every customer engagement. Same framework on both sides of the table.
Cyber underwriting readiness
Your cyber underwriter is starting to ask about AI.
Industry analysts and broker commentary now identify AI governance maturity as a stated underwriting factor in mid-market cyber renewals. Aon (2026): "Underwriting reviews are now sharply focused on control maturity, vendor dependencies, AI use, and privacy practices." Lockton (Dec 2025): "Underwriters are scrutinizing board and senior management oversight of AI governance."
We've published a free operator-grade brief mapping the 10-Layer framework to the six AI question categories appearing in 2026 mid-market submissions. Anchored on Marsh / Aon / Lockton / NYDFS citations. No vendor-specific premium-discount claims — operator-honest about what documented governance does and doesn't deliver.
SOC 2 Audit Status
SOC 2 Type II audit preparation in progress with Advantage Partners via Vanta. Continuous compliance monitoring active. Operator-honest about being mid-readiness rather than mid-renewal — early-stage lighthouse-era engagements include a documented SOC 2 timeline in the Phase 1 SOW.
Scheduling with certified vendor.
Readiness phase with Advantage Partners.
3–12 month period — starts after readiness confirmed.
基础设施安全
从第一天起就具备企业级基础设施
JieGou 部署在您的 VPC 中,具有完整的网路隔离。所有传输中的流量使用 TLS 1.3 加密,所有静态资料使用 AES-256-GCM 加密。我们定期进行渗透测试,并向企业客户公布结果。
- AWS VPC 搭配私有子网路
- 所有流量使用 TLS 1.3
- 静态资料使用 AES-256-GCM 加密
- 定期渗透测试
应用程式安全
24,000+ 项测试。99.18% 覆盖率。每晚执行。
我们的测试套件执行超过 24,000 项自动化测试,程式码覆盖率门槛为 99.18%。夜间对抗性回归测试在问题到达正式环境前捕捉回归。每次提交和 PR 都会执行依赖项漏洞扫描。
- 24,000+ 项自动化测试
- 99.18% 程式码覆盖率门槛
- 夜间对抗性回归测试
- 依赖项漏洞扫描
资料安全
您的金钥、您的资料、您的规则
自带金钥(BYOK)加密意味着您的 LLM API 金钥使用您自己的加密金钥以 AES-256-GCM 加密。配置资料驻留控制将资料保留在特定区域。自动 PII 侦测和遮蔽防止敏感资料到达 LLM 供应商。栏位层级加密提供精细控制。
- BYOK 加密(AES-256-GCM)
- 可配置的资料驻留控制
- 自动 PII 侦测和遮蔽
- 栏位层级加密选项
合规性
五个框架。一个平台。
JieGou 提供您所在产业所需框架的合规预设。只需一键即可启用 HIPAA、SOX、GDPR 或 PCI-DSS 合规,自动配置资料保留、存取控制、稽核日志和加密设定。政府客户可使用 FedRAMP 就绪配置。
- HIPAA 合规预设
- SOX 合规预设
- GDPR 合规预设
- FedRAMP 就绪配置
漏洞揭露
负责任的揭露,透明的沟通
我们维护负责任的揭露政策,并鼓励安全研究人员回报漏洞。我们在 48 小时内确认所有回报,为已确认的漏洞发布 CVE,并每季度发布安全审查报告以确保透明度。
- 回报请寄 security@jiegou.ai
- 48 小时确认 SLA
- 已确认漏洞发布 CVE
- 每季度发布安全审查报告
Industry Alert
Why self-hosted doesn't mean secure
The open-source automation platform n8n disclosed 21+ security vulnerabilities in February 2026 — including 7 critical (CVSS 9.4–10.0) and 4 independent remote code execution vectors. Most critically, CVE-2026-25049 bypasses a December 2025 sandbox fix within 3 months — proving the issues are architectural, not patchable. National cybersecurity agencies — Singapore CSA and Canadian CCCS — have issued formal advisories. Censys identified 26,512 exposed n8n instances on the public internet.
JieGou's substrate posture vs unmaintained self-hosted
Self-hosted unmaintained risks
- 3 independent RCE vectors (expression, SQL, task runner)
- Government advisories (Singapore CSA, Canadian CCCS)
- SSO bypass, SQL injection, webhook forgery
- No SOC 2 audit, basic RBAC, no audit-trail integrity
JieGou operating substrate
- Three deployment shapes (managed cloud / VPC / air-gapped on-prem)
- SOC 2 Type II preparation via Vanta; 17 compliance policies approved
- 6 roles, 20 granular permissions, SAML/OIDC, per-agent identity
- Hash-chain audit-trail integrity; GDPR data export/deletion; SIEM export
资料截至 2026 年 2 月