Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Faros AI commitment to data privacy and security is embedded in every part of our business. This page outlines the high-level details for several frameworks, regulations, and certifications that apply to our company and its products.

Please contact security@faros.ai to report bugs and vulnerabilities or if you have any other specific questions or requests.

When reporting a bug or vulnerability, please provide a screen recording or another reproducible way of exploiting it. If a vulnerability proved in effect, we would compensate based on the fair market value for similar publicly disclosed vulnerabilities, e.g., on HackerOne.

Start your security review
View & download sensitive information
Ask for information
Autodesk-company-logoAutodesk
Benchling-company-logoBenchling
BetterHelp-company-logoBetterHelp
Box-company-logoBox
Coursera-company-logoCoursera
Discord-company-logoDiscord
Salesforce-company-logoSalesforce
SmartBear-company-logoSmartBear
Vimeo-company-logoVimeo
SOC 2 Report

Knowledge Base (FAQ)

    Faros Connectors IP addresses
    Faros API IP addresses
View more

Trust Center Updates

API Key Expiration

GeneralCopy link

The Faros AI team added support for API Key Expiration. This feature enhances security by allowing customers to set a specific lifespan for API keys. Once the expiration date is reached, the key becomes invalid, reducing the risk of unauthorized access if the key is compromised. This feature helps ensure that API keys are only active for as long as necessary, encouraging regular key rotation and minimizing potential security vulnerabilities in applications.

Published at N/A

Pentest report (July 2024)

ComplianceCopy link

The Faros Infosec team has partnered with Blaze Inforsec to perform the annual pentest for Faros App & API. There were no critical or high findings. The report is available here.

Published at N/A

An Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH (CVE-2024-6387)

VulnerabilitiesCopy link

The Faros Infosec team has evaluated our exposure to an Unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH, specifically the sshd process. The vulnerability (CVE-2024-6387) was disclosed on Monday, July 1, 2024.

We determined that the vulnerability affected none of our services, compute instances, or published containers.

Published at N/A

ISO 27001 Surveillance Audit Completion

ComplianceCopy link

Faros AI is pleased to announce the completion of the ISO 27001 annual surveillance audit. Maintaining ISO 27001 demonstrates our continued commitment to meeting international information security standards. The audit summary and updated certificate are available here.

Published at N/A

SCIM Provisioning

GeneralCopy link

The Faros AI team added support for SCIM (or System for Cross-domain Identity Management). SCIM is a standard way for apps to manage user identities and accounts across different systems. Faros users with Owner roles can enable SCIM connection with their IdP directly from the Faros Application by going to SSO -> SCIM. Supported providers Azure AD, Okta or custom.

Published at N/A

Xz: malicious code in distributed source (CVE-2024-3094)

VulnerabilitiesCopy link

The Faros Infosec team has evaluated our exposure to the malicious code in distributed source of xz library tarballs. The vulnerability (CVE-2024-3094) was disclosed on Friday, March 29, 2023.

We determined that none of our services, compute instances or published containers were affected by the vulnerability.

Published at N/A*

Additional MFA Options

GeneralCopy link

Faros AI management is pleased to announce that Faros Application added support for additional MFA options. In addition to Authenticator Apps (Google Authenticator, Authy, etc.), the users can setup:

  • Built-in Authenticators: Touch ID and Windows Hello
  • Security Keys: physical tokens for strong security such as USB keys or mobile passkeys
Published at N/A

TLS 1.3

ComplianceCopy link

The Faros Infosec & Infra teams upgraded the Faros App and API with TLS 1.3 support. The latest TLS ensures more robust encryption and quicker connections, keeping your data safe and your interactions speedy.

Published at N/A

SOC 2 Type II and GDPR audit completion

ComplianceCopy link

Faros AI management would like to announce that Faros AI has successfully completed our SOC2 Type II audit for the one year period ending in July 2023. The auditors at Prescient Assurance performed the audit and found no exceptions during their review of our controls. The report includes an attestation of Faros AI's GDPR controls. A copy of this report is available via our security portal.

Published at N/A

ISO 27001 Certification

ComplianceCopy link

Faros AI has recently achieved certification in ISO 27001, with our most recent certificate available for review in our Trust Center. ISO 27001 demonstrates our commitment to meet and exceed international information security standards. The certificate is available here.

Published at N/A*

Pentest report (May 2023)

ComplianceCopy link

The Faros Infosec team has partnered with Blaze Inforsec to perform the annual pentest for Faros App & API. There were no critical, high, or medium findings. The report is available here.

Published at N/A*

Custom Security Policies

GeneralCopy link

In order to provide our customers with custom security policies that meet their needs we added the ability for tenant owners to customize the security policies for their tenant account. An owner can now modify settings such as:

  • MFA enforcement
  • User lockout after X password attempts
  • Password history
  • Idle session timeout
  • Force re-login on session expiry
  • Maximum concurrent sessions
  • Login restrictions based on IP addresses
Published at N/A

OpenSSL 3.0.x vulnerability (CVE-2022-3786, CVE-2022-3602)

VulnerabilitiesCopy link

The Faros Infosec team has evaluated our exposure to the OpenSSL 3.0 vulnerability (CVE-2022-3786, CVE-2022-3602). The vulnerability was disclosed on Tuesday, November 1, 2022.

We determined that none of our services were affected by the vulnerability.

Published at N/A*

Static IP addresses for Faros connectors

GeneralCopy link

The Faros Infosec team added static IPv4 addresses for Faros connectors - 3.221.115.234, 35.169.78.145. This allows customers to restrict incoming traffic by whitelisting these IP addresses in their network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

Published at N/A*

WAF implemented for Faros API

GeneralCopy link

The Faros Infosec team implemented a WAF solution for Faros API. WAF provides an extra level of security which can help mitigate many common attacks.

Published at N/A

SOC 2 Type II audit completion

ComplianceCopy link

Faros AI management is pleased to announce that Faros has successfully completed our SOC2 Type II audit for the one year period ending in July 2022. The auditors at Sensiba San Filippo, LLP (SSF) performed the audit and found no exceptions during their review of our controls. A copy of this report is available via our security portal.

Published at N/A

Static IP addresses for Faros API

ComplianceCopy link

The Faros Infosec team added static IPv4 addresses for Faros API (prod.api.faros.ai) - 44.206.103.31, 44.208.253.61. This allows customers to restrict outgoing traffic by whitelisting these IP addresses in their network. The whitelisting is an important part of networking security since it can significantly reduce the attack surface and risk associated with unauthorized access.

Published at N/A*

WAF implemented for Faros Application

GeneralCopy link

The Faros Infosec team implemented a WAF solution for Faros Application. WAF provides an extra level of security which can help mitigate many common attacks.

Published at N/A

Latest security patches applied

GeneralCopy link

The Faros Infosec team has performed our periodic update of all system level packages. All Faros services are running with latest security patches.

Published at N/A

Spring4Shell (CVE-2022-22965)

VulnerabilitiesCopy link

The Faros Infosec team has evaluated our exposure to the Spring Framework Java framework remote code execution (RCE) vulnerability (CVE-2022-22965), also known as Spring4Shell. The vulnerability was disclosed on Tuesday, March 29, 2022.

We determined that none of our services were affected by the vulnerability.

Published at N/A*

Log4Shell (CVE-2021-44228)

VulnerabilitiesCopy link

The Faros Infosec team has evaluated our exposure to the Log4j Java library remote code execution (RCE) vulnerability (CVE-2021-44228), also known as Log4Shell. Log4j is a Java-based logging utility found in a wide number of software products. The vulnerability was disclosed by the Apache Log4j project on Thursday, December 9, 2021.

We immediately deployed recommended mitigations and began to roll out permanent remediation. As of December 10, 2021, remediation in our production environments was complete. There has been no member or customer impact.

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo