Security

At Aibexx, security is not a feature — it is the foundation of everything we build. Our platform is designed specifically for healthcare environments where the integrity, confidentiality, and availability of data are non-negotiable.

Infrastructure Security

  • Private Cloud Deployment — Aibexx runs on AWS inside private Virtual Private Cloud (VPC) subnets, meaning your institution's data and AI workflows are isolated from public networks at the infrastructure level
  • ECS Fargate — our platform is deployed using AWS Elastic Container Service (ECS) on Fargate, a serverless compute engine that eliminates the need to manage servers and reduces the attack surface
  • AWS Secrets Manager — all sensitive credentials and configuration values are stored and managed using AWS Secrets Manager, with no hardcoded secrets anywhere in the codebase
  • Comprehensive Logging — all platform activity is logged and monitored for anomalies, unauthorized access attempts, and unusual usage patterns

Data Security

  • Encryption in Transit — all data moving between your institution's systems and the Aibexx platform is encrypted using industry-standard TLS protocols
  • Encryption at Rest — all stored data is encrypted using AWS Key Management Service (KMS), ensuring data remains protected even in the event of unauthorized physical access
  • No Patient Record Storage — Aibexx does not store patient records or protected health information (PHI). We intercept and optimize AI requests at the API layer without retaining sensitive clinical data

Access Control

  • Role-Based Access Control (RBAC) — four clearly defined permission levels (Admin, Clinical, Finance, Service) ensure every user can only access what they are authorized to see and do
  • Agent Identity Registry — every AI agent call is tagged with a unique owner identity, eliminating anonymous API usage across your institution
  • Department-Level Controls — budget alerts at 80%, 90%, and 100% thresholds, plus hard-stop agent pause and resume controls, give administrators granular oversight of all AI activity

Audit and Compliance

  • Immutable Audit Trails — every action taken on the Aibexx platform is recorded in a hash-chained, tamper-evident log. These records cannot be altered or deleted, providing your compliance team with court-admissible evidence of all AI activity
  • Exportable Reporting — usage, cost, and compliance reports are exportable by user, department, and workflow, supporting both internal audits and regulatory reviews
  • FED and NIH Policy Enforcement — Aibexx automatically enforces federal and NIH AI compliance standards, reducing the risk of funding loss due to policy violations

Responsible Disclosure

If you believe you have discovered a security vulnerability in the Aibexx platform, please contact us immediately. We take all reports seriously and will respond promptly.

Aibexx Inc

Email: info@aibexx.com

Website: https://www.aibexx.com/