Security at HELIX.
An autonomous agent that runs real exploits has to be safe to point at production. Every action HELIX takes passes through layered guardrails, runs in an isolated environment, and is recorded in an immutable audit log, so the only thing that reaches your systems is exactly what you authorized.
A 6-layer guardrail engine
Every single tool call the agent makes is checked, in order, by all six layers before it touches a target. If any layer objects, the action does not run. You set the aggressiveness; the engine enforces the boundaries.
1 · Scan mode
You choose the aggressiveness per engagement, passive, safe, or full. Passive only observes, safe runs non-intrusive checks, and full enables active exploitation. The selected mode constrains what every downstream agent is allowed to attempt.
2 · Scope respect
A hard, in-scope allow-list defines exactly which hosts, paths, and assets are fair game. Anything outside that list is blocked at the call boundary, the agent cannot wander off-target, follow an out-of-scope redirect, or expand the engagement on its own.
3 · Destructive-action blocking
A pattern detector inspects each action and stops anything that would destroy data or saturate a service, mass deletes, drops, table truncation, or floods. Proving a vulnerability never requires breaking the system, so HELIX refuses to.
4 · Budget cap
Each engagement carries a hard ceiling on LLM spend. When the cap is reached the engagement pauses cleanly rather than running away. Costs are bounded and predictable before a single agent starts work.
5 · Rate limiting
Request pacing keeps traffic well within what a target can absorb. HELIX deliberately throttles itself so an assessment never degrades the availability of the very system you are trying to protect.
6 · Human-in-the-loop
Production targets require explicit human approval gates. The recommended path is staging first, then production, and a person reviews and authorizes before the agent acts against anything live.
Evidence containment & isolation
Proving a finding means capturing just enough to demonstrate exploitability, and not one byte more. HELIX is built to handle sensitive evidence carefully from the moment it is captured to the moment you review it.
Isolated execution environments
Every action the agent takes runs inside an isolated execution environment, separated from other engagements and from the control plane. Tools execute in contained sandboxes rather than directly on shared infrastructure.
Minimal evidence capture
Evidence is truncated to the minimum needed to prove exploitability. Reproducers and proofs-of-concept capture what corroborates the finding, not bulk exports of your data, keeping sensitive material out of the report wherever possible.
Encrypted in transit and at rest
Data is encrypted in transit with TLS and at rest with AES-256. Findings, reproducers, and HTTP traces are protected wherever they are stored and whenever they move between components.
Immutable audit log
HELIX keeps a full, immutable audit log of agent actions and the underlying HTTP traces. Every decision the agent made and every request it sent is recorded, so an engagement is fully reconstructable after the fact.
Tenant isolation
Each tenant runs in fully isolated execution environments. There is no cross-tenant access by design, one organization's engagements, agents, and data are never reachable from another's.
Findings and proofs-of-concept are only accessible to authenticated members of your own organization. Access to engagement results is scoped to your org and gated behind authentication, so sensitive exploit details never leave the boundary of the team that authorized the work.
Responsible disclosure
Security is the entire premise of this product, and we treat our own posture the same way we treat our customers'. If you believe you have found a vulnerability in HELIX, we want to hear from you.
Please send reports to hello@helixsecurity.app. We commit to acknowledging your report, investigating it promptly, and working with you in good faith toward a resolution. We ask that you give us reasonable time to remediate before any public disclosure and that you avoid accessing or modifying data that is not your own while testing.
Compliance posture
HELIX is building its security program toward SOC 2 Type II and ISO 27001. These frameworks shape how we design controls, handle data, and operate the platform as we mature.
We are early and honest about it: we do not claim either certification today. Security documentation, including details of our controls and architecture, is available under NDA for enterprise evaluations. If you need to review our posture as part of a procurement or risk process, reach out to hello@helixsecurity.app.
Evaluating HELIX for your org?
We will walk you through the guardrail engine, our architecture, and the security documentation under NDA.