Security
Last updated: 2026-04-27. Cliphorium Agent Ops is designed around controlled automation: agents draft, route, and record work before important actions move forward.
Security model
Cliphorium is built for businesses that want automation without handing agents unrestricted access. The product uses scoped workflows, controlled tool access, activity history, and decision queues to keep important actions visible.
New workflows start with observation and drafting before write actions are enabled.
Customer settings, workflow state, logs, and tool permissions are separated by workspace.
Important actions can be routed for sign-off before they are sent, applied, or scheduled.
Agent triggers, tool requests, results, and decisions are recorded for operational visibility.
Access controls
- Each workflow is scoped to approved tools, domains, and action types.
- Agents do not receive open-ended production access by default.
- High-impact actions should be configured as draft-first or decision-queue actions.
- Credentials and tokens should be stored server-side and never exposed in public frontend code.
Operational safeguards
- Tool access is routed through a managed gateway where scope can be checked.
- Blocked or out-of-scope actions are recorded and surfaced for review.
- Production deployments are not enabled as automatic behavior in the initial product model.
- Site Watch and Workflow Agent setups prioritize monitoring, drafting, and reporting before live changes.
Incident response
If a security issue is suspected, Cliphorium will investigate the event, review activity history, limit affected access where possible, and communicate relevant next steps to impacted customers.
Report a security concern
Email security@cliphorium.com with a clear description, affected URL or workflow, and any relevant timestamps.