Security first
Trust is the foundation of a compute marketplace. We start with verified organizations and build security into every layer.
What we protect
Our security model protects four categories of assets:
- Customer data: prompts, inputs, model weights, outputs
- Provider hardware: GPU nodes, host systems, network
- Platform data: job metadata, billing records, logs
- Credentials: API keys, authentication tokens, secrets
Threat actors
Who might try to attack the system and why.
Malicious Customer
A customer submitting harmful workloads to attack provider infrastructure, steal data, or abuse resources.
Malicious Provider
A provider attempting to access customer data, tamper with outputs, or exfiltrate sensitive information.
External Attacker
Someone targeting the platform, API, or communication channels to disrupt service or steal data.
Insider Risk
Platform operators with elevated access who could abuse their position.
Attack surfaces and mitigations
| Surface | Risk | Mitigation |
|---|---|---|
| Job Payloads | Malicious code in submitted workloads | Container isolation, resource limits, signed jobs, restricted system calls |
| Runtime Environment | Container escape, privilege escalation | Hardened containers, no root access, seccomp profiles, regular updates |
| Network | Data exfiltration, command and control | Restricted outbound access, allowlisted endpoints, encrypted transit |
| Secrets | API key theft, credential exposure | Short-lived tokens, encrypted storage, minimal secret distribution |
| Logs | Sensitive data in logs, log tampering | Log sanitization, append-only storage, access controls |
| Billing | Fraudulent usage, billing manipulation | Cryptographic job receipts, independent usage tracking, reconciliation |
Security principles
The guidelines that shape our decisions.
Verified Organizations First
We start with known, vetted organizations. This reduces risk from anonymous or pseudonymous participants.
Workload Isolation
Every job runs in its own isolated container. No shared state, no access to host, no persistence.
Signed Jobs
All workloads are cryptographically signed. Providers verify signatures before execution.
Least Privilege
Components have minimal permissions. Jobs cannot access more than they need.
Auditable Logs
Complete audit trail for every job. Append-only, tamper-evident, available to both parties.
Abuse Prevention
Rate limits, anomaly detection, and manual review for suspicious activity.
Security roadmap
What is implemented now and what comes next.
MVP (Now)
- Container-based isolation with resource limits
- Basic network restrictions
- Signed job manifests
- Append-only audit logs
- Verified organization onboarding
Near-term
- Enhanced runtime sandboxing (gVisor)
- Hardware attestation for provider nodes
- Automated anomaly detection
- Third-party security audit
Future
- Confidential computing (TEEs)
- Formal verification of critical paths
- SOC 2 compliance
- Bug bounty program
Operational security
Beyond technical controls, we maintain operational security practices:
- Minimal team access to production systems
- Access logging and regular review
- Incident response procedures
- Regular security reviews of code changes
- Dependency scanning and updates
We are a small team and honest about our stage. Formal compliance certifications come later. For now, we focus on doing the right things and being transparent about our approach.
Responsible disclosure
If you discover a security vulnerability, we want to hear from you. Please report it responsibly:
- Email: security@coranorlabs.com
- Include details to help us understand and reproduce the issue
- Give us reasonable time to address the issue before public disclosure
We appreciate security researchers who help us improve. While we do not currently have a formal bug bounty program, we are grateful for responsible reports and will acknowledge contributors.
Security contact: security@coranorlabs.com