Security Architecture Overview
Overview
ASCEND implements a 12-layer defense-in-depth security architecture designed for banking, financial services, healthcare, and other regulated industries. Every layer is designed to fail-secure - when any component fails, the system defaults to DENY rather than ALLOW.
This architecture ensures that even if one security control is compromised, multiple additional layers continue to protect your organization's AI operations.
Why It Matters
Enterprise AI governance requires security controls that match or exceed traditional application security standards. AI systems introduce unique risks including:
- Prompt injection attacks that can manipulate AI behavior
- Code execution risks from AI-generated or AI-processed code
- Data exfiltration through carefully crafted prompts
- Privilege escalation via AI agent manipulation
- Multi-tenant data leakage in shared infrastructure
ASCEND's 12-layer architecture addresses each of these risks with dedicated security controls while maintaining compliance with SOC 2, HIPAA, PCI-DSS, and other frameworks.
Architecture
12-Layer Defense-in-Depth Model
+------------------------------------------------------------------+
| LAYER 12: Security Headers |
| (X-Frame-Options, HSTS, CSP, XSS Protection) |
+------------------------------------------------------------------+
| LAYER 11: Secrets Management |
| (AWS Secrets Manager, Key Rotation, Encryption) |
+------------------------------------------------------------------+
| LAYER 10: Input Validation |
| (Pydantic Schema Validation, Type Checking, Sanitization) |
+------------------------------------------------------------------+
| LAYER 9: Audit Logging |
| (Immutable WORM Logs, Hash Chaining, Compliance Trail) |
+------------------------------------------------------------------+
| LAYER 8: BYOK Encryption |
| (Envelope Encryption, AES-256-GCM, Customer-Managed Keys) |
+------------------------------------------------------------------+
| LAYER 7: RBAC Authorization |
| (6-Level Hierarchy, 23+ Permissions, Separation of Duties)|
+------------------------------------------------------------------+
| LAYER 6: API Key Validation |
| (SHA-256 Hashing, Constant-Time Comparison, Rate Limiting) |
+------------------------------------------------------------------+
| LAYER 5: JWT Authentication |
| (RS256 Signatures, Cognito Integration, Revocation) |
+------------------------------------------------------------------+
| LAYER 4: Action Governance |
| (Real-Time Evaluation, Risk Scoring, Kill Switch) |
+------------------------------------------------------------------+
| LAYER 3: Code Analysis |
| (CWE Detection, MITRE Mapping, Pattern Matching) |
+------------------------------------------------------------------+
| LAYER 2: Prompt Security |
| (21 Injection Patterns, OWASP LLM Top 10, Encoding) |
+------------------------------------------------------------------+
| LAYER 1: Rate Limiting |
| (Per-IP, Per-User, Per-Endpoint, Redis-Backed) |
+------------------------------------------------------------------+
Layer Summary Table
| Layer | Component | Purpose | Fail-Secure Behavior |
|---|---|---|---|
| 1 | Rate Limiting | Prevent abuse, DDoS protection | DENY on Redis failure |
| 2 | Prompt Security | Detect prompt injection attacks | BLOCK on detector failure |
| 3 | Code Analysis | Detect dangerous code patterns | BLOCK on analyzer error |
| 4 | Action Governance | Real-time AI action evaluation | DENY on evaluator error |
| 5 | JWT Authentication | Verify user identity | DENY on invalid token |
| 6 | API Key Validation | Authenticate SDK/CI-CD requests | DENY on validation failure |
| 7 | RBAC Authorization | Enforce permissions and roles | DENY on permission failure |
| 8 | BYOK Encryption | Protect data at rest | FAIL on key unavailable |
| 9 | Audit Logging | Maintain compliance trail | BLOCK if audit write fails |
| 10 | Input Validation | Sanitize all inputs | REJECT malformed input |
| 11 | Secrets Management | Protect credentials | BLOCK on secrets fetch failure |
| 12 | Security Headers | Prevent common web attacks | Restrictive defaults |
Configuration
Environment Variables
# Authentication
COGNITO_REGION=us-east-2
COGNITO_USER_POOL_ID=your-pool-id
COGNITO_APP_CLIENT_ID=your-client-id
ENABLE_TWO_POOL_AUTH=false
# Security Controls
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REDIS_URL=redis://localhost:6379
PROMPT_SECURITY_MODE=enforce # enforce, monitor, off
CODE_ANALYSIS_MODE=enforce # enforce, monitor, off
# Encryption
BYOK_ENABLED=true
BYOK_KEY_ARN=arn:aws:kms:region:account:key/key-id
# Audit
AUDIT_LOG_RETENTION_DAYS=365
AUDIT_FAIL_OPEN=false # If true, allows operations if audit fails
Organization-Level Configuration
Each organization can customize security controls via the database:
{
"org_code_analysis_config": {
"enabled": true,
"mode": "enforce",
"block_threshold": 80,
"languages_enabled": ["sql", "python", "shell", "javascript"],
"categories_enabled": ["injection", "execution", "exfiltration"]
},
"org_prompt_security_config": {
"enabled": true,
"mode": "enforce",
"block_threshold": 70,
"scan_user_prompts": true,
"scan_agent_responses": true,
"detect_base64": true,
"detect_unicode_smuggling": true
}
}
Fail-Secure Behavior
Every layer implements fail-secure defaults:
| Scenario | Behavior | Rationale |
|---|---|---|
| Redis unavailable | DENY all rate-limited requests | Prevents abuse during outage |
| Prompt detector error | BLOCK suspicious prompts | Assumes worst-case scenario |
| Code analyzer timeout | BLOCK code execution | Prevents bypass via timeout |
| JWT validation error | DENY authentication | Prevents unauthorized access |
| RBAC check fails | DENY authorization | Enforces least privilege |
| Audit log write fails | BLOCK operation | Maintains compliance trail |
| KMS key unavailable | FAIL encryption | Prevents unencrypted data storage |
Compliance Mapping
| Framework | Control | ASCEND Implementation |
|---|---|---|
| SOC 2 | CC6.1 (Logical Access) | Layers 5-7: JWT, API Key, RBAC |
| SOC 2 | CC7.1 (System Operations) | Layers 1-4: Rate Limiting, AI Security |
| HIPAA | 164.312(a)(1) | Layer 7: Access Control |
| HIPAA | 164.312(b) | Layer 9: Audit Logging |
| HIPAA | 164.312(e) | Layer 8: Encryption |
| PCI-DSS | Req 3.5 | Layer 8: BYOK Encryption |
| PCI-DSS | Req 6.5 | Layers 2-3: Input Security |
| PCI-DSS | Req 7.1 | Layer 7: RBAC |
| PCI-DSS | Req 8 | Layers 5-6: Authentication |
| PCI-DSS | Req 10 | Layer 9: Audit Logging |
| NIST 800-53 | AC-2 | Layer 7: Account Management |
| NIST 800-53 | AU-2 | Layer 9: Audit Events |
| NIST 800-53 | SC-28 | Layer 8: Data-at-Rest Encryption |
| OWASP ASVS | Level 3 | All layers |
| OWASP LLM Top 10 | LLM01-02 | Layers 2-4: AI Security |
Verification
Health Check Endpoint
curl -X GET https://api.ascend.io/v1/health/security \
-H "Authorization: Bearer $TOKEN"
Response:
{
"status": "healthy",
"layers": {
"rate_limiting": "active",
"prompt_security": "active",
"code_analysis": "active",
"action_governance": "active",
"jwt_auth": "active",
"api_key_auth": "active",
"rbac": "active",
"encryption": "active",
"audit_logging": "active",
"input_validation": "active",
"secrets_management": "active",
"security_headers": "active"
},
"compliance_mode": "soc2_hipaa_pci"
}
Security Audit Report
curl -X GET https://api.ascend.io/v1/admin/security/audit-report \
-H "Authorization: Bearer $TOKEN"
This returns a comprehensive audit report including:
- All security controls status
- Recent authentication events
- Failed authorization attempts
- Prompt injection detection statistics
- Code analysis findings summary
Next Steps
- Layer Details - Deep dive into each security layer
- Fail-Secure Behaviors - Complete fail-secure documentation
- Authentication - Authentication methods and configuration
- Authorization - RBAC and permission management