Faros AI commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several frameworks, regulations, and certifications that apply to our company and its products.
Please contact security@faros.ai to report bugs and vulnerabilities or if you have any other specific questions or requests.
When reporting a bug or vulnerability, please provide a screen recording or another reproducible way of exploiting it. If a vulnerability proved in effect, we would compensate based on the fair market value for similar publicly disclosed vulnerabilities, e.g., on HackerOne.
Faros AI management would like to announce that Faros AI has completed our SOC2 Type II audit for the one-year period ending in July 2024. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal. The previous year's report was removed.
Faros AI management would like to announce that Faros AI has completed our SOC2 Type II audit for the one-year period ending in July 2023. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal.
The Faros AI team added support for API Key Expiration. This feature enhances security by allowing customers to set a specific lifespan for API keys. Once the expiration date is reached, the key becomes invalid, reducing the risk of unauthorized access if the key is compromised. This feature helps ensure that API keys are only active for as long as necessary, encouraging regular key rotation and minimizing potential security vulnerabilities in applications.
An Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH (CVE-2024-6387)
VulnerabilitiesCopy linkThe Faros Infosec team has evaluated our exposure to an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH, specifically the sshd process. The vulnerability (CVE-2024-6387) was disclosed on Monday, July 1, 2024.
We determined that the vulnerability affected none of our services, compute instances, or published containers.
Faros AI is pleased to announce the completion of the ISO 27001 annual surveillance audit. Maintaining ISO 27001 demonstrates our continued commitment to meeting international information security standards. The audit summary and updated certificate are available here.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.