Security

Security Model

Last updated: May 24, 2026

Forsig is in private beta. The product is designed to help autonomous AI agents pause before risky actions, ask the right human for a decision, and resume with an audit trail.

Current Launch Status

The public website collects waitlist, referral, contact, and optional qualification information. The beta product direction focuses on approval requests, reviewer decisions, agent resume responses, communication workflows, and audit logs.

Security Principles

• Minimize data exposure. Forsig should receive only the intervention context selected by the user or agent.
• Make decisions auditable. Approval status, reviewer decisions, timestamps, and returned instructions should be recorded.
• Keep humans accountable. Reviewers should see enough context to approve, reject, or edit responsibly.
• Avoid over-automation. Risky workflows should have explicit human decision points.

Escalation Context

Forsig may process agent names, run IDs, task descriptions, proposed actions, risk categories, context fields, approval status, human decisions, timestamps, reviewer metadata, and audit logs. Users control what context their agents send and should avoid secrets or unnecessary sensitive data.

Communication Channels

The private beta starts with a web approval inbox. Slack and email workflows are planned. WhatsApp, Discord, Microsoft Teams, and similar channels may be added based on user demand. Each integration will introduce its own configuration and security considerations.

Access Control And Retention

Access control, reviewer permissions, workspace boundaries, retention controls, and export/delete workflows will improve as the beta matures. Early users should expect active iteration.

Audit Logs

Audit logs are part of the product. Forsig is intended to record what the agent proposed, what the reviewer decided, what instruction was returned, and when those events happened.

Responsible Disclosure

If you believe you found a security issue, use the contact page and include a clear description, reproduction steps, affected URLs or endpoints, and potential impact. Please avoid accessing or modifying data that is not yours.

Compliance

Forsig is not currently claiming SOC 2, ISO 27001, HIPAA, PCI, or other formal certification. Security documentation will be updated as controls, audits, and policies develop.

What Users Should Do

• Start with non-critical workflows during private beta.
• Do not send secrets or unnecessary sensitive data in intervention context.
• Use clear reviewer ownership for risky workflows.
• Keep your own agent safeguards in place.
• Review audit logs for decisions that affect customers, billing, data, or production systems.