Security Architecture

Last Updated: March 23, 2026

Security Overview

BlazeXL is designed to support secure execution of enterprise logic. Our security posture is centered on isolated execution, controlled access, and auditable operations.

1. Isolated Runtime

BlazeXL executes workloads in isolated runtime environments designed to reduce cross-tenant risk and limit persistence.

  • Container Sandboxing: Execution requests run in containerized environments to help prevent cross-tenant data leakage.
  • Ephemeral State: Runtime environments are provisioned for specific tasks and do not retain execution data after completion.
  • Restricted Network Access: Outbound access from Deterministic Runtime instances is tightly controlled.

2. Access Control & Governance

BlazeXL uses centralized controls for permissions, identity management, and access policy enforcement.

  • Identity Integration: Access can be managed through enterprise identity providers such as OIDC and SAML.
  • Versioned Logic Control: Shared logic is versioned, permissioned, and governed through platform controls before execution.
  • Encryption: Metadata and stored logic are encrypted at rest, and data in transit is protected with TLS 1.3.

3. AI-Assisted Logic Execution

When AI is used to draft logic, BlazeXL separates logic generation from runtime execution and review.

  • Code Generation: The AI Analyst produces human-readable Python code rather than final business outputs.
  • Auditability: Generated and executed logic can be logged for review and audit purposes.
  • Model Training Boundary: Customer data processed through BlazeXL is not used to train shared AI models.

4. Consistent Controls Across Interfaces

Whether teams use Excel, the web interface, or APIs, BlazeXL applies the same core access and governance controls across supported interfaces.

5. Audit Logging

BlazeXL maintains audit records for relevant system activity and execution events.

  • Execution Metadata: We log execution timestamps, block versions, and actor identities to support operational review.
  • Chained Hashing: We implement chained hashing to support data integrity and detect tampering.
  • Compliance Mapping: We are working to map our security controls to SOC 2 Type II and ISO 27001 standards, focusing on the protection of PII and sensitive financial data.

6. Reporting & Response

If you discover a potential security issue, contact security@blazexl.com. Reported issues are reviewed and handled through our security response process.