Skip to content

Security & Compliance (Beta)

Manifest Platform is built for organizations that require enterprise-grade security, auditability, and regulatory compliance. Every layer of the platform — from authentication and authorization to model inference and data access — is governed by configurable policies, logged to an immutable audit trail, and mapped to industry compliance frameworks.

Security Capabilities

graph TD
    subgraph "Identity & Access"
        AUTH["SSO & API Key<br/>Authentication"]
        RBAC["Role-Based<br/>Access Control"]
        SCOPE["Permission<br/>Scoping"]
    end

    subgraph "Governance"
        AUDIT["Immutable<br/>Audit Logs"]
        COMP["Compliance<br/>Frameworks"]
        POLICY["Policy<br/>Engine"]
    end

    subgraph "AI Safety"
        SBOM["AI-SBOMs"]
        RED["Red Team<br/>Evaluation"]
        GUARD["Guardrails &<br/>Content Filtering"]
    end

    AUTH --> RBAC
    RBAC --> SCOPE
    SCOPE --> AUDIT
    AUDIT --> COMP
    POLICY --> COMP
    SBOM --> COMP
    RED --> GUARD
Capability Description
Authentication SSO (SAML, OIDC), API keys, and service tokens with automatic rotation
Role-Based Access Control Built-in and custom roles with granular permission scopes
Audit Logging Immutable, searchable record of every action across the platform
Compliance Frameworks Mappings to SOC 2, ISO 27001, HIPAA, GDPR, and NIST AI RMF
Policy Engine Configurable rules governing data access, model usage, and deployment
AI-SBOMs Machine-readable bills of materials for every AI component
Red Team Evaluation Automated adversarial testing of LLM-powered agents
Guardrails Input/output filtering, PII detection, and content safety checks

Compliance Frameworks

Manifest Platform maintains mappings between platform controls and the following compliance frameworks. The compliance dashboard shows your organization's coverage and highlights gaps.

Framework Scope Status
SOC 2 Type II Security, availability, processing integrity, confidentiality, privacy Supported
ISO 27001 Information security management Supported
HIPAA Protected health information handling Supported
GDPR EU data protection and privacy Supported
NIST AI RMF AI risk management (governance, mapping, measurement, management) Supported
EU AI Act Risk classification and transparency for AI systems Supported

Shared responsibility

Manifest Platform provides the infrastructure controls, audit trail, and compliance tooling. Your organization is responsible for configuring policies, managing access, and ensuring your solutions comply with applicable regulations. The compliance dashboard helps you track both sides.

Security Dashboard

The security dashboard provides a single view of your organization's security posture.

Key metrics displayed:

  • Active users and roles -- Current user count, role distribution, and recent access changes
  • Authentication events -- Login activity, failed attempts, and API key usage
  • Audit log volume -- Event counts by category with trend analysis
  • Compliance score -- Percentage of controls satisfied per framework
  • Open findings -- Unresolved issues from red team evaluations or policy violations
  • AI-SBOM coverage -- Percentage of deployed agents with complete SBOMs

Getting Started with Security

For most organizations, the recommended setup sequence is:

  1. Configure authentication -- Connect your identity provider via SSO or create API keys for service accounts. See Getting Started > Authentication.
  2. Define roles -- Review the built-in roles and create custom roles matching your team structure. See Roles & Permissions.
  3. Enable audit logging -- Audit logging is on by default. Configure retention periods and export destinations. See Audit Logs.
  4. Map compliance controls -- Select your target frameworks and review the control mapping. See Compliance.
  5. Generate AI-SBOMs -- Enable automatic SBOM generation for deployed agents. See AI-SBOMs.
  6. Run red team evaluations -- Test your agents against adversarial prompts. See Red Team.

Next Steps