Security at MudraID

MudraID builds trust and identity infrastructure for AI agents, so the security of our platform and our customers’ data is central to everything we do. This page summarises how we approach security and how to reach us about it.

Reporting a vulnerability

If you believe you have found a security vulnerability in MudraID, please email security@mudraid.ai. We read every report and aim to acknowledge it quickly. Before testing, please review our Responsible Disclosure Policy, which describes what is in scope and the protections we extend to good-faith researchers.

Our machine-readable security contact details are published at /.well-known/security.txt.

Our security approach

• Identity over long-lived secrets. Agents authenticate with verifiable, short-lived credentials rather than static API keys, reducing the blast radius of any single leaked secret.
• Scoped, revocable delegation. Authority granted to an agent is scoped, time-bound, and revocable, following the principle of least privilege.
• Per-request verification. Requests are verified for signature, identity, and scope at the point of use.
• Encryption in transit. Traffic to MudraID services is served over TLS.
• Key management. Signing keys are managed with rotation support to limit the lifetime of any single key.
• Tamper-evident audit trail. Security-relevant events are recorded in an append-only, hash-chained audit log so activity can be reviewed after the fact.

We are continually improving our security program. If you have questions about a specific control or a compliance requirement, contact security@mudraid.ai and we will be glad to discuss where things stand.

Security contact

Security reports and questions: security@mudraid.ai. For general or sales enquiries, please use our contact page.