Tenant isolation
Every operational record belongs to an organization and every request is authorized against the active membership.
Security controls are layered across tenant access, agent identity, evidence handling, AI processing, and local policy enforcement.
Every operational record belongs to an organization and every request is authorized against the active membership.
Unique per-site keys, timestamps, nonces, body hashes, and idempotency protect the plugin contract.
HttpOnly cookies, server-side sessions, CSRF protection, Argon2id passwords, progressive throttling, and remote logout.
Suspicious-only capture, strict caps, credential removal, output encoding, and 30-day raw-event retention.
Seven-day observation, protected ranges, confidence gates, TTLs, previews, acknowledgements, and rollback.
Only inert HTTP routes—no real shells, SSH, databases, executable payloads, or stored fake-login passwords.
SmartHoneyAI deliberately avoids real SSH, database, shell, or malware-sandbox exposure. It detects application-layer probing through inert WordPress routes, giving teams useful signals without introducing a new attack surface.
Join the controlled pilot and see coordinated threat intelligence across your portfolio.