Triago is built for the CISOs of regulated industries — and held to their standard. Every tenant. Every region. Every action.
Continuous monitoring. Latest report on request.
Cloud + privacy controls.
BAA available on Enterprise.
In process. JAB pathway, sponsor named.
SAQ-D level for relevant tenants.
EU DPA + SCCs. EU data residency.
High-risk system conformity package.
AI management system — pursued 2026.
Schema-per-tenant on Enterprise. Row-level on Growth. Per-tenant KMS keys. Optional BYOK.
US, EU, UK, AU, JP regions. Pinned-region storage and inference. No cross-region replication without consent.
AES-256 at rest, TLS 1.3 in transit. Field-level encryption on PII. Customer-managed keys via AWS KMS or HashiCorp Vault.
Input sanitization, allowlisted tool surfaces, output validators, abstention on adversarial prompts. Public red-team report annually.
Immutable, append-only, exportable to your SIEM via webhook, S3, or syslog. Every agent step. Every tool call. Every approval.
We do not train foundation models on your data. Opt-in federated fine-tuning available for Enterprise — never raw data, never cross-customer.
We respond within 24 hours. Bounty via HackerOne. PGP key below.
security@triago.com
Key fingerprint: 7F4B 2A91 C0E6 D55A 9F33 8B14 2E07 6C90 1F4A 88D2