Spawni was designed from the ground up with a security-first approach by a cybersecurity professional. Every architectural decision — from container isolation to prompt injection prevention — was made to keep your data safe, your agents controlled, and your trust earned.
Every Spawni agent runs in its own dedicated Docker container, completely isolated from every other user and the host system. Containers run as non-root users with no access to the Docker socket, no privileged mode, and strict process, CPU, and memory limits. A command blocklist prevents dangerous operations like destructive filesystem commands, internal network access, and raw disk operations. If one container is compromised, it cannot reach another.
User authentication is handled by Supabase Auth with secure, HttpOnly, SameSite cookies. Every API endpoint verifies authentication, resource ownership, and active subscription status. All nine database tables are protected by Row-Level Security (RLS) policies, ensuring queries are scoped to the authenticated user at the infrastructure level — not just the application level. Admin access is restricted to explicitly listed user IDs with independent server-side verification.
Telegram webhooks are verified using secret tokens, and every incoming message is checked against both the chat ID and immutable user ID. Activation uses cryptographically random, single-use tokens that expire after 15 minutes. WhatsApp uses HMAC-SHA256 signature verification on every webhook. Agent email operates on a separate subdomain with rate limits (20 emails/agent/day, 100/account/day) and all outbound emails are scanned for phishing, impersonation, suspicious URLs, and excessive links before sending.
All user inputs are sanitized to prevent prompt injection — stripping XML-like tags, override patterns, safety bypass attempts, and role reassignment commands. Every agent's system prompt includes an explicit data isolation assertion, preventing access to other users' data. Tool calls are capped at 20 per turn with a 60-second per-command timeout and 5-minute turn timeout. Token budgets are enforced before every API call with warnings at 80%, overage billing at 100%, and a usage cap at 300%. Agent responses are scanned for PII including credit cards (Luhn-validated), SSNs, and Tax File Numbers.
Platform API keys (Anthropic, Stripe, Supabase service role) are strictly server-side and never exposed to client code or agent containers. Agent containers receive only their unique agent ID and secret — no platform credentials. All log output is automatically redacted for sensitive patterns including API keys, JWTs, and webhook secrets. Environment variables are validated at startup using Zod schemas, with immediate failure on missing or invalid values.
A strict Content Security Policy controls which resources can be loaded and where data can be sent. X-Frame-Options, X-Content-Type-Options, and Referrer-Policy headers provide additional browser-level protection. Per-user token bucket rate limiting is enforced on all endpoints — 10 requests/minute for AI chat, 30 for CRUD, 20 for messaging channels. Agent containers run as private services with no public URLs, communicating only via the internal network with per-agent secret authentication.
All security-relevant actions are recorded in a protected audit log — 22 tracked action types across user, agent, subscription, email, auth, admin, and cron categories. The admin audit log viewer provides paginated, filterable access. GDPR compliance includes full data export (profile, agents, conversations, messages, memories, emails, token usage, subscriptions, and audit trail), right to erasure with cascading deletion across all services (Stripe, Render, R2, database), and automated data retention that cleans up canceled accounts after 30 days.
Our complete security documentation covers every control in depth — from RLS policies and command blocklists to PII detection and HMAC verification flows.
PDF available soon — contact us for early access.
“Your AI. Your rules. Our security.”
Spawni was designed and built by a cybersecurity professional who understands that AI agents handle sensitive data. Every security decision was made with enterprise-grade protection in mind.
Your AI agent — set up in minutes, secure by design, always available.