安全性是功能,
不是事後補救
VPC 部署、BYOK 加密、24,000+ 項自動化測試、五個合規框架和負責任的揭露政策。安全性內建於 JieGou 的每一層。
Audit-evidence emission is the operating-cost floor: if a workflow can't be instrumented for audit evidence, we won't take it on. Non-negotiable across phases.
The framework underneath
10-Layer Governance — the same framework we use internally and with every customer
The security capabilities below aren't ad-hoc features. They sit inside a 10-layer governance framework — Identity & Access, Audit Trail, Data Governance, Human Oversight, Model Governance, Tool Governance, Compliance, Cost Controls, Observability, and Incident Response — that JieGou uses to operate AI for paying customers and to assess every customer engagement. Same framework on both sides of the table.
Cyber underwriting readiness
Your cyber underwriter is starting to ask about AI.
Industry analysts and broker commentary now identify AI governance maturity as a stated underwriting factor in mid-market cyber renewals. Aon (2026): "Underwriting reviews are now sharply focused on control maturity, vendor dependencies, AI use, and privacy practices." Lockton (Dec 2025): "Underwriters are scrutinizing board and senior management oversight of AI governance."
We've published a free operator-grade brief mapping the 10-Layer framework to the six AI question categories appearing in 2026 mid-market submissions. Anchored on Marsh / Aon / Lockton / NYDFS citations. No vendor-specific premium-discount claims — operator-honest about what documented governance does and doesn't deliver.
SOC 2 Audit Status
SOC 2 Type II audit preparation in progress with Advantage Partners via Vanta. Continuous compliance monitoring active. Operator-honest about being mid-readiness rather than mid-renewal — early-stage lighthouse-era engagements include a documented SOC 2 timeline in the Phase 1 SOW.
Scheduling with certified vendor.
Readiness phase with Advantage Partners.
3–12 month period — starts after readiness confirmed.
基礎設施安全
從第一天起就具備企業級基礎設施
JieGou 部署在您的 VPC 中,具有完整的網路隔離。所有傳輸中的流量使用 TLS 1.3 加密,所有靜態資料使用 AES-256-GCM 加密。我們定期進行滲透測試,並向企業客戶公佈結果。
- AWS VPC 搭配私有子網路
- 所有流量使用 TLS 1.3
- 靜態資料使用 AES-256-GCM 加密
- 定期滲透測試
應用程式安全
24,000+ 項測試。99.18% 覆蓋率。每晚執行。
我們的測試套件執行超過 24,000 項自動化測試,程式碼覆蓋率門檻為 99.18%。夜間對抗性回歸測試在問題到達正式環境前捕捉回歸。每次提交和 PR 都會執行依賴項漏洞掃描。
- 24,000+ 項自動化測試
- 99.18% 程式碼覆蓋率門檻
- 夜間對抗性回歸測試
- 依賴項漏洞掃描
資料安全
您的金鑰、您的資料、您的規則
自帶金鑰(BYOK)加密意味著您的 LLM API 金鑰使用您自己的加密金鑰以 AES-256-GCM 加密。配置資料駐留控制將資料保留在特定區域。自動 PII 偵測和遮蔽防止敏感資料到達 LLM 供應商。欄位層級加密提供精細控制。
- BYOK 加密(AES-256-GCM)
- 可配置的資料駐留控制
- 自動 PII 偵測和遮蔽
- 欄位層級加密選項
合規性
五個框架。一個平台。
JieGou 提供您所在產業所需框架的合規預設。只需一鍵即可啟用 HIPAA、SOX、GDPR 或 PCI-DSS 合規,自動配置資料保留、存取控制、稽核日誌和加密設定。政府客戶可使用 FedRAMP 就緒配置。
- HIPAA 合規預設
- SOX 合規預設
- GDPR 合規預設
- FedRAMP 就緒配置
漏洞揭露
負責任的揭露,透明的溝通
我們維護負責任的揭露政策,並鼓勵安全研究人員回報漏洞。我們在 48 小時內確認所有回報,為已確認的漏洞發佈 CVE,並每季度發佈安全審查報告以確保透明度。
- 回報請寄 security@jiegou.ai
- 48 小時確認 SLA
- 已確認漏洞發佈 CVE
- 每季度發佈安全審查報告
Industry Alert
Why self-hosted doesn't mean secure
The open-source automation platform n8n disclosed 21+ security vulnerabilities in February 2026 — including 7 critical (CVSS 9.4–10.0) and 4 independent remote code execution vectors. Most critically, CVE-2026-25049 bypasses a December 2025 sandbox fix within 3 months — proving the issues are architectural, not patchable. National cybersecurity agencies — Singapore CSA and Canadian CCCS — have issued formal advisories. Censys identified 26,512 exposed n8n instances on the public internet.
JieGou's substrate posture vs unmaintained self-hosted
Self-hosted unmaintained risks
- 3 independent RCE vectors (expression, SQL, task runner)
- Government advisories (Singapore CSA, Canadian CCCS)
- SSO bypass, SQL injection, webhook forgery
- No SOC 2 audit, basic RBAC, no audit-trail integrity
JieGou operating substrate
- Three deployment shapes (managed cloud / VPC / air-gapped on-prem)
- SOC 2 Type II preparation via Vanta; 17 compliance policies approved
- 6 roles, 20 granular permissions, SAML/OIDC, per-agent identity
- Hash-chain audit-trail integrity; GDPR data export/deletion; SIEM export
資料截至 2026 年 2 月