Canyon
Book a Demo
Canyon/Docs/Security
Infrastructure

Security

Canyon applies defence-in-depth across network, application and data, and adds two AI-specific dimensions: sandbox isolation and AI safety. Every generated application inherits the same baseline — there is no such thing as an insecure Canyon app unless you deliberately weaken the defaults.

BetaUpdated April 2026ReferenceCanyon v1.0
BetaThese docs are in beta
Expect gaps and drift from the live product. Something unclear or missing? Grab 30 minutes with the team and we will walk you through it.
Talk to support

Security layers

Network
  • VPC isolation
  • Private subnets
  • Security groups
  • WAF
  • DDoS protection
Application
  • SSO + JWT
  • RBAC + ABAC authorization
  • Rate limiting
  • Input validation
  • CORS policies
  • CSP headers
Data
  • Encryption at rest
  • Encryption in transit
  • Secrets in a managed vault
  • Audit logging
  • Data masking
  • PII handling

Sandbox isolation

Every agent run happens inside a dedicated, short-lived container. Containers are never reused across user sessions, the root filesystem is read-only, and privileged operations are blocked at the kernel level.

Container per user session — no cross-tenant leakage.
Network namespace isolation — a sandbox cannot reach another sandbox.
Resource limits (CPU, memory, disk) enforced at the kernel level.
No privileged containers, ever.
Read-only root filesystem; writable scratch mounted at /workspace only.
System-call allowlist at the kernel level; anything outside the allowlist is denied.
Egress policy scoped to the project’s declared dependencies.

Code & supply chain

Every generated change is scanned before it is deployed. Vulnerabilities trigger an AI-assisted regeneration and redeploy path — you get a fix proposed, not an open ticket. SBOMs are produced on every build and exported to your existing supply-chain tooling.

SemgrepGitLeaksTrivyTenableSyft (SBOM)
Bring your own scanner
If your security stack requires a specific SAST, SCA or IaC scanner, Canyon’s build pipeline is pluggable. Snyk, Checkmarx, Veracode, Sonatype, JFrog Xray and others have all been wired in on request.

AI safety

AI-specific attack surfaces are handled independently of the network and application layers. Every user message passes through a prompt-injection filter before it reaches a model, and Builder output is scanned for secrets and against a dependency allow-list before it ever runs in a sandbox.

Prompt injection detection
Inputs that look like role-override or instruction-manipulation attempts are flagged by the Intent Agent and routed to a SECURITY_BLOCKED class.
Output sanitisation
Generated code is stripped of secrets and credentials before any commit or preview.
Security-blocked intent
Explicit classification for requests that attempt to exfiltrate data, escalate privileges, or install malicious dependencies.
No secrets in generated code
Environment variables and tokens are injected at runtime, never baked into the bundle.
Dependency allow-list
Builder may only add packages from the approved list. New entries go through review.

Compliance posture

Canyon is built to clear enterprise and public-sector procurement. Below is the current state; reach out for the latest evidence pack (sub-processors, DPA, SIG, CAIQ).

SOC 2 Type II
Audit in progress
In progress
ISO 27001
Certification track
In progress
GDPR
Applied across all tenants
Live
HIPAA
Customer-specific BAAs
On request
BSI C5
Scoped for German public sector
On request
FedRAMP
Sovereign-cloud deployments
On request
Need the trust pack?
For our full compliance posture, sub-processor list, DPA, SIG, CAIQ and incident-response policy, talk to our team via the Security overview or book a call directly from any docs page.