AithrexAithrex
Security

How Aithrex handles security.

Security is an engineering property at Aithrex, not a marketing line. Here is how we build it into everything we ship, and how each product, Infratrix, the Observability Platform, and the Resume Parser, treats your data and your cloud.

Trust is engineering, not marketing.

We do not list certifications we have not earned. Instead we describe how we build and run, so your security team can verify each property for themselves. These commitments hold across every product we ship.

Review

Reviewed, line by line

Nothing ships until it has been read and understood in review. Branch protection means no merge without it, on every repository, for every product.
Accountability

AI with accountability

We build with AI to move fast, but we own every line. If it is in a product, one of us can explain exactly what it does and why.
Least privilege

Scoped by default

Whatever a product needs to touch, it touches with the narrowest access that works, granted from documented templates and revocable by you at any time.
Honesty

Only what is true

We claim what we have built and name what is still in development. No invented metrics, and no certifications we have not earned.

Infratrix runs inside your AWS account.

Infratrix, our flagship, reads your account as a connected graph and proposes changes. Every part of that runs in your account, under access you grant and can revoke. Here is the model in detail.

Boundary

In-account by default

Agents run inside your AWS account. There is no third-party data plane that holds your resource state, workload data, or logs. We connect to your account; your data does not leave it.
Access

Scoped IAM, least privilege

Discovery uses a read-only role. Writes happen under tightly-scoped, action-class roles you create from a documented template. Every role is reviewable in your console and revocable at any time.
Control

Customer-held kill switch

A single IAM revocation halts every Infratrix action across your account. There are no bypass paths, no shadow credentials, and no SaaS-side credentials backing up the trust path. We test it on every onboarding.
Evidence

Audit trail, no surprises

Every proposed plan, applied change, and inverse operation is written to an audit log destination you own. Infratrix does not keep a side ledger of your applies.
What it reads

Explicit about scope, not vague about it.

Architecture-aware reasoning needs resource metadata, not application data. Below is what the Infratrix agent reads, what it does not read, and what it never applies without.

We read
  • Resource metadata: VPCs, subnets, route tables, security groups, IAM roles/policies, S3 buckets, EC2/EKS/RDS configuration
  • Cost & usage signal from Cost Explorer and CloudWatch metrics needed for the finding
  • VPC flow log shape (path-level, not packet content) where you've already exported it
We do not read
  • Application data inside S3 buckets, RDS rows, or any workload payloads
  • Secrets, parameter store values, KMS plaintext, or anything that decrypts customer data
  • CloudTrail entries unrelated to the resources we're reasoning about
We never apply without
  • A plan reviewed by your team
  • An action-scoped IAM role you've authorized
  • A stored inverse operation attached to the change
The IAM model

Two roles, both yours.

Onboarding creates two IAM roles in your account from a documented Terraform template. InfratrixDiscoveryRole is read-only and used for graph construction. InfratrixActorRole is scoped per-action-class and is only assumable to apply a plan you have explicitly approved.

Both roles live in your account. There is no cross-account trust granted to a long-lived Infratrix-side identity for production writes, every write session is short-lived and audit-logged.

The full template, including comments on every Action, is shared during onboarding and reviewed before any role is created.

infratrix-discovery.policy.jsonread-only
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "InfratrixDiscoveryReadOnly",
      "Effect": "Allow",
      "Action": [
        "ec2:Describe*",
        "ec2:Get*",
        "vpc:Describe*",
        "elasticloadbalancing:Describe*",
        "iam:Get*",
        "iam:List*",
        "s3:GetBucketLocation",
        "s3:ListAllMyBuckets",
        "s3:GetBucketTagging",
        "cloudwatch:GetMetricData",
        "ce:GetCostAndUsage"
      ],
      "Resource": "*"
    }
  ]
}

Excerpt. The actor role uses a separate template with per-actionCondition blocks.

The kill switch

One revocation. Everything stops.

The trust path is the IAM role. There is no second credential, no SaaS-side backup, no support-engineer bypass. If you delete the two roles, every Infratrix agent loses access to your account immediately.

We test this on every onboarding. A successful kill-switch drill is part of the go-live checklist, before any production write role is created.

your terminalhalts all
# One command halts every Infratrix action in this account.
aws iam delete-role --role-name InfratrixDiscoveryRole
aws iam delete-role --role-name InfratrixActorRole

Tested on every onboarding. Documented in the runbook your team keeps.

Your telemetry never leaves your cloud.

The Observability Platform is built bring-your-own-cloud. It runs inside your own account, so the data it watches stays in the environment that owns it. It is in development, and we will publish the same depth of detail we give Infratrix, IAM scope, data paths, and controls, before it is generally available.

Cloud-resident

Runs in your own cloud

The platform is deployed bring-your-own-cloud, into the account you already own. There is no vendor data plane collecting your telemetry on the side.
Residency

Your telemetry stays put

Logs, metrics, and traces remain in the account that produced them. Nothing has to be shipped to Aithrex for the product to work.
In boundary

Agentic triage, in place

Agentic triage and explanation are designed to run against your telemetry inside your account, never by exporting it out.

Candidate data, under the same practice.

The Resume Parser & Job Finder turns a resume into structured data and matches it to roles, which means it handles candidate information. It is built and operated under the company-level practices above: reviewed code, least-privilege access, and owned end to end.

We are not publishing specific retention or processing claims here until they are documented to the same standard as the rest of this page. If you are evaluating it for sensitive use, ask us and we will walk through exactly how candidate data is handled.

We will not claim what we have not built.

Below is the same status table we keep on the company page, the one that decides what we are allowed to say about ourselves.

Available
  • Infratrix, cost and security gap detection for AWS
  • Resume Parser & Job Finder, standalone product
  • Graph-grounded reasoning across real account state
  • Review-ready change proposals with a customer-held kill switch
In development
  • Observability Platform, cloud-resident BYOC with agentic AI
  • Infratrix on GCP, in parallel with AWS
  • Cross-cloud reasoning beyond a single provider
Not claimed
  • Compliance certifications (SOC 2, ISO 27001, HIPAA)
  • Named customer logos, case studies, or testimonials
  • Guaranteed savings percentages or dollar amounts
  • Fully autonomous production remediation
06 · Book a Demo

Bring your security team. We’ll walk the model with them.

Thirty minutes on a call, with whoever needs to sign off. We answer in plain language and ship the IAM template before the second meeting.