Last updated: May 12, 2026
This page exists because security review is part of every enterprise AI deal, and badge walls don't help anyone. Below is an honest snapshot of what ships in Corebots today, what is in active development, and what we do not claim to support yet. If you need this in a more procurement-friendly format (security questionnaire, data-flow diagram, sub-processors list), email info@innoworks.tech.
The controls below are in the product right now. Each one is something you can see and exercise during a demo.
Persona, configuration, and deployment changes route through an approval workflow. Reviewers see side-by-side diffs and can approve, reject, or roll back. Published versions are immutable.
Roles: Super Admin, Entity Admin, Agent Manager, Prompt Engineer, Reviewer, Tester, Analyst, Developer, Employee. Each role has a documented permission matrix across agents, approvals, users, and analytics.
Every user-initiated action captures actor, target, IP, user agent, timestamp, and metadata. Used for investigations, compliance reviews, and post-incident forensics.
Business units, brands, or subsidiaries can be modeled as separate entities inside one deployment. Users, agents, and credentials are scoped to their entity.
Tools are first-class objects: MCP servers, built-in connectors (Slack, email, SMS, webhooks, CRM, calendar), and custom HTTP tools with header / bearer / basic / API-key auth. Tool changes are reviewable.
Bring your own credentials for OpenAI, Azure OpenAI, HuggingFace, OpenRouter, Cloudflare Workers AI, and Zoom. Run fully local with Ollama. Each agent declares the model and provider it uses.
Active work — committed to the 2026 roadmap with a target window. Available to discuss in detail under NDA.
Readiness assessment in progress. Target window: 2026 H2. Pre-audit documentation available on request under NDA.
OAuth credential flows are shipping today for integration providers (HuggingFace, Zoom). Enterprise SSO for user sign-in is in active development.
Docker Compose and Kubernetes Helm chart, plus a hardened reference architecture for VPC / on-prem installs. Currently delivered via Innoworks professional services.
Per-agent token usage, latency percentiles, and provider cost rollups. Today the dashboard surfaces agent counts, approvals, and active users only.
We'd rather lose the deal than overclaim. If any of the below is required for your use case, tell us before we start a POC.
Not formally claimed today. Architectural fit is good (entity isolation, audit log, BYO model); BAAs and HIPAA-specific procedures are on the 2026 roadmap.
Out of scope for 2026. Not appropriate for federal classified workloads at this time.
Today personas are defined in structured forms with versioning and approvals. A visual flow builder is on the roadmap but is not what ships in product yet.
Corebots is designed so that prompts, knowledge-base content, agent transcripts, and tool I/O do not leave the boundary you choose:
Responsible disclosure is welcome. Email security@innoworks.tech with reproduction steps and impact assessment. We will acknowledge within two business days.