Security & Privacy

Your Threat Model Is Sensitive Data

Here’s the paradox: threat models reveal your security vulnerabilities, making them highly sensitive documents. Traditional SaaS security tools ask you to upload your infrastructure configurations and threat assessments to their data centers—creating the exact risk you’re trying to mitigate.

We built ThreatMitigator differently.

ThreatMitigator runs entirely on your infrastructure. Your Terraform configurations, detected threats, and security assessments never leave your environment. We don’t operate data centers, we don’t collect telemetry, and we don’t require cloud connectivity.

Privacy and Data Flow

Your Code Never Leaves Your Machine

AI Data Redaction

When AI features are enabled, ThreatMitigator redacts sensitive data before sending anything to a provider:

Security and Hardening

DoS Protection

Built-in limits prevent resource exhaustion during scanning:

All limits are configurable. Use --no-limits to disable (not recommended for untrusted input).

Input Validation

• Path traversal protection
• Decompression bomb detection
• Archive extraction safety
• String injection prevention
• Numeric bounds checking

Output Security

• Secret redaction in all output formats (disable with --no-redact-secrets)
• Secure file permissions (0600 on Unix)
• Output path validation and base directory restrictions

Security Presets

Three pre-configured security profiles:

Bring Your Own Model (BYOM) AI

When you choose to enable AI-powered remediation, ThreatMitigator uses your API keys with your chosen provider. This “Bring Your Own Model” approach ensures you maintain complete control over data and costs.

Choose Your Provider

OpenAI

• Use your corporate OpenAI account
• GPT-4o, GPT-4 Turbo, or GPT-3.5
• Your API key, your billing, your control

Anthropic Claude

• Direct API access with your keys
• Claude Sonnet, Opus, or Haiku
• Industry-leading reasoning for security analysis

Ollama (100% Local)

• Run LLMs entirely on your infrastructure
• LLaMA 3, Mistral, CodeLlama, or custom models
• Zero external API calls, complete data isolation

AI Security Hardening

• Rate limiting and request budgeting
• Secret management via secrecy crate (zeroized on drop)
• Response validation against schemas
• Retry logic with exponential backoff
• Graceful degradation if AI is unavailable

Data Protection by Design

Every architectural decision in ThreatMitigator prioritizes data protection:

Local Processing

HCL Parsing - Terraform configurations parsed on your machine using native Rust libraries

Rule Evaluation - All 90+ threat detection rules execute locally with zero network calls

Offline Operation - Core functionality works without internet connectivity

No Telemetry - We don’t collect usage statistics, error reports, or analytics

Secure Defaults

Restricted File Permissions - Report files created with 0600 permissions (owner-read-only)

1
2

$ ls -la threats.yaml
-rw------- 1 user user 4096 Dec 23 10:30 threats.yaml

Automatic Secret Redaction - Secrets, passwords, and API keys automatically redacted from output

Safe HCL Parsing - No code execution, no dynamic evaluation, read-only processing

Input Validation - Git URL validation, path traversal protection, sanitized inputs throughout

Deploy Anywhere

Your Build Servers - Run on GitLab CI, Jenkins, or any CI/CD platform

Air-Gapped Environments - No internet required for core scanning functionality

On-Premise Installation - Full control over execution environment

Container Images - Docker images available for reproducible deployments

Compliance & Certifications

Data Residency - All processing happens in your environment, meeting strict data residency requirements

GDPR Compliant - No personal data collected, processed, or stored by ThreatMitigator

SOC 2 Compatible - Local-first architecture supports your SOC 2 compliance

Government Ready - Suitable for government agencies with data sovereignty requirements

FedRAMP Compatible - Can run in FedRAMP-authorized environments

Transparency & Trust

No Hidden Network Calls

Audit network activity yourself:

1
2
3
4
5
6

# Monitor network calls while scanning
sudo tcpdump -i any -n host <your-ip> &
threatmitigator scan ./terraform

# Result: Zero network traffic for core scanning
# Only network calls are when YOU enable AI features

Questions?

Is my infrastructure data secure?

Yes. ThreatMitigator processes everything locally. Your infrastructure configurations, threat models, and security assessments never leave your environment unless you explicitly enable AI features with your own API keys.

Can ThreatMitigator access my secrets?

ThreatMitigator reads Terraform files but automatically redacts secrets from output. The tool has no capability to transmit data externally in its core functionality.

Do you collect any telemetry?

No. ThreatMitigator does not collect telemetry, usage statistics, error reports, or any other data about your usage.

Can I use ThreatMitigator in an air-gapped environment?

Yes. Core threat detection works completely offline. Only AI features (optional) require internet connectivity to your chosen LLM provider.

Enterprise Security

Need additional security features?

• Private rule repositories - Host custom rules on your infrastructure
• On-premise deployment - Complete control over execution environment
• Security reviews - Support for your security team’s evaluation process
• Custom security controls - Tailored to your requirements

Contact Sales | View Enterprise Plan