4 — Encryption & supply chain security — data protection, image provenance & vendor assurance.
This section covers the encryption posture of the Layerup AI Agents across every data layer, and the supply chain security controls that govern how the container image itself is built, signed, scanned, and delivered to your private registry.4.1 Encryption standards — your keys, your control
The Layerup agent adheres to your existing encryption standards and operates entirely within encryption key boundaries controlled by your security team. The agent holds no encryption keys of its own.| layer | encryption approach |
|---|---|
| Data in Transit | All communication between the agent container and AWS or Azure managed services uses TLS 1.3. VPC Endpoints and Private Link ensure that traffic never traverses the public internet, providing an additional layer of network-level confidentiality beyond TLS. |
| Application Documents at Rest | Application packets stored in S3 or Azure Blob are encrypted using customer-managed keys (CMK) stored in AWS Key Management Service (KMS) or Azure Key Vault. Your Key Administrators control key rotation schedules and access policies. |
| Agent Memory / Intermediate State | Working memory within an AgentCore microVM or ECS task is ephemeral and discarded at session end. If your team configures persistent intermediate state storage (e.g., to a designated DynamoDB table or Cosmos DB instance), that storage is encrypted using the same CMK framework. |
| Audit Logs at Rest | CloudWatch Logs and Azure Monitor logs are encrypted at rest using AWS KMS or Azure Key Vault keys designated by your team. |
| Key Access | The agent’s IAM Role / Managed Identity is granted only kms:Decrypt or Key Vault Secrets User permissions. It cannot rotate, disable, or delete keys. |
4.2 Supply chain security — provenance from build to production
Layerup maintains a rigorous supply chain security posture for the AI Agents container images. The following documentation is available to your security team upon request under NDA.4.2.1 Software Bill of Materials (SBOM)
A complete SBOM in CycloneDX or SPDX format is published for every released image version, listing every OS package, language runtime, and application library bundled within the container image, along with version numbers and license information. Your security team can:- Validate the SBOM against the image digest before it enters your ECR / ACR.
- Cross-reference the SBOM against your organisation’s approved package lists.
- Import the SBOM into your existing SCA (Software Composition Analysis) tooling.
4.2.2 Image signing — Cosign / Sigstore
The container image is signed using Sigstore/Cosign. Before pulling the image to your ECR or ACR, your team can verify the image signature, confirming that:- The image was built by Layerup’s verified CI/CD pipeline.
- The image has not been tampered with in transit between Layerup’s build system and your private registry.
- The signature is anchored to a specific build identity and timestamp.
4.2.3 CVE remediation SLAs
Layerup commits to releasing patched container image versions within defined SLAs upon disclosure of vulnerabilities affecting the agent’s dependencies:| severity | CVSS score | remediation SLA |
|---|---|---|
| Critical | >= 9.0 | 24 hours |
| High | 7.0–8.9 | 5 business days |
| Medium | 4.0–6.9 | Next scheduled release |
| Low | < 4.0 | Best effort |
4.2.4 Penetration testing
Layerup conducts annual third-party penetration testing against the agent’s container image and orchestration components. The most recent penetration test report is available to your security team under NDA, including:- Scope, methodology, and testing period.
- All findings and severity ratings.
- Remediation status for all identified findings.
4.2.5 SOC 2 Type II
Layerup’s development and build infrastructure is covered by a SOC 2 Type II audit. The most recent report is available to your security team under NDA. The audit covers:- Security (CC6): Logical access controls, change management, and incident response for Layerup’s build and release infrastructure.
- Availability (A1): Uptime and release pipeline reliability.
- Confidentiality (C1): Handling of customer configuration data and SBOM artifacts.
Available Under NDA
SOC 2 Type II Report — Contact your Layerup account team to initiate NDA execution and report access. Available within 5 business days of NDA completion.
Available Under NDA
Penetration Test Report — Annual third-party test results available to your Information Security team under NDA. Includes all findings and remediation evidence.
4.3 Layerup’s internal release pipeline — what runs before your team sees the image
Every container image version released by Layerup passes through the following automated gates before it is made available via AWS Marketplace or ACR mirroring:- Automated unit and integration test suite — greater than 95% code coverage requirement.
- Static Application Security Testing (SAST) — via Semgrep, scanning all application code.
- Dynamic Application Security Testing (DAST) — against a sandboxed test environment.
- SBOM generation — CycloneDX format, cross-referenced against known CVE databases.
- CVE scan — against the final built image before signing.
- Image signing — via Cosign, anchored to Layerup’s build identity.
- Semantic versioning — release tag, changelog publication, and marketplace listing update.