Lobstack is a managed cloud platform for deploying autonomous AI agents. Each agent runs on a dedicated virtual machine with persistent memory, 700+ integrations, and goes live in under 90 seconds with zero DevOps.

How long does it take to deploy an AI agent?

You can deploy an AI agent on Lobstack in under 90 seconds. Describe what your agent should do, pick a model, and Lobstack handles all the infrastructure — no Docker, Kubernetes, or server setup needed.

What AI models does Lobstack support?

Lobstack supports 16 AI models including Claude Opus and Sonnet from Anthropic, GPT-5 and GPT-4o from OpenAI, Gemini 2.5 Pro from Google, plus DeepSeek, Mistral, and Grok. You can hot-swap models without losing agent memory or configuration.

Is Lobstack secure for enterprise use?

Yes. Every agent runs in a gVisor-sandboxed VM with AES-256 encryption at rest, TLS 1.3 in transit, HashiCorp Vault for secrets, row-level security on all tables, and full audit logging. Lobstack is SOC 2 aligned.

Docs/Security & Infrastructure/Compliance Readiness

Security

Security Controls & Compliance Readiness

A transparent overview of Lobstack's security controls, deployment architecture, and compliance posture. What's live today, what's designed, and what's on the roadmap.

💡

Honest by Default

This page distinguishes between controls that are live in production, controls that are designed and coded (infrastructure-as-code ready for deployment), and items on the roadmap. We believe transparency builds trust.

Deployment Models#

Every Lobstack agent runs on isolated, single-tenant infrastructure. We provision dedicated VPS instances via approved cloud providers.

	Details
Today	We provision isolated VPS infrastructure via Hetzner, DigitalOcean, and Vultr. Region-pinned, single-tenant. Each agent gets its own dedicated VM with dedicated CPU, RAM, and NVMe storage.
Region Options	US-East (Virginia), US-West (Oregon), EU-Central (Frankfurt), EU-North (Helsinki), Asia-Pacific (Singapore)
Isolation	One VM per agent. No shared compute, no container co-tenancy, no noisy neighbors.
Roadmap	Bring-your-own-cloud (BYOC) — deploy Lobstack agents into your AWS, Azure, or GCP VPC with your IAM policies. Timeline TBD.

✅

For Enterprise Buyers

Today we provision and manage the infrastructure on your behalf via approved providers. We can pin region and guarantee single-tenant isolation. BYOC/VPC deployment is on our roadmap — contact us for timeline and early access.

Audit Logging#

Lobstack logs security-relevant events across multiple layers. Here's what's logged and where.

Log Source	What's Logged	Status
Application Logs (Supabase)	Agent provisioning, deployment events, health checks, API errors, user actions	Live
Agent Activity Logs	All agent conversations, tool invocations, workflow executions, skill usage	Live
Provisioning Events	VM creation/deletion, cloud-init execution, bridge health checks	Live
Kubernetes API Audit	Secret access, pod CRUD, RBAC changes, exec/attach — 2-year retention	Designed (IaC ready)
Vault Audit	Secret reads/writes, encryptions, auth events — persistent storage	Designed (IaC ready)
Falco Runtime Events	Shell access, privilege escalation, crypto mining, suspicious network — forwarded to SIEM	Designed (IaC ready)
Istio Access Logs	All HTTP requests with source, destination, status, latency	Designed (IaC ready)

Secret Management#

Today#

🔐

Encrypted Storage

API keys and credentials are stored encrypted in Supabase PostgreSQL with row-level security per account.

🚀

Secure Delivery

Secrets are injected into agent VMs via cloud-init at provisioning time over encrypted channels.

🔒

TLS Everywhere

All API communication uses TLS 1.3. Agent bridge communicates over HTTPS and WSS.

🗑️

Lifecycle Management

Secrets are deleted when agents are destroyed. No orphaned credentials.

Designed (Infrastructure-as-Code Ready)#

🏛️

HashiCorp Vault HA

3-node Raft cluster with Kubernetes auth, Transit encryption engine (AES-256-GCM), and templated RBAC policies.

🔑

Per-Agent Isolation

Vault templated policies scoped to agent ID — each agent can only read its own secrets.

🔄

Automatic Key Rotation

Vault Transit engine with 90-day automatic key rotation and versioned keys.

📋

Full Audit Trail

Every Vault operation logged — reads, writes, encryptions, auth events — retained on persistent storage.

Sandbox & Tool Controls#

Agent isolation is a core design principle. Every agent runs in its own dedicated virtual machine — not a shared container, not a serverless function.

Control	Implementation	Status
VM-Level Isolation	Dedicated VPS per agent with own OS, filesystem, and network	Live
Skill Permission System	Users explicitly enable/disable skills per agent from the dashboard	Live
Tool Allow-List	Agent bridge only executes tools that are enabled in the agent's skill configuration	Live
Approval Workflows	Configurable approval gates before tool execution (e.g., before sending emails)	Live
gVisor Kernel Sandbox	Application-level kernel (runsc) preventing container escape and kernel exploits	Designed (IaC ready)
Network Policies	K8s NetworkPolicies blocking inter-agent traffic, restricting egress to AI APIs only	Designed (IaC ready)
Runtime Monitoring	Falco eBPF-based rules detecting shells, crypto mining, privilege escalation	Designed (IaC ready)
Admission Control	OPA Gatekeeper enforcing non-root, resource limits, no privileged containers	Designed (IaC ready)

Encryption Controls#

Data at Rest#

🗄️

Database

Supabase PostgreSQL with encryption at rest enabled. Row-level security per account.

💾

VM Disks

Cloud provider disk encryption for all agent VM volumes.

🔐

Kubernetes Secrets (Designed)

AES-256-CBC via EncryptionConfiguration — all secrets encrypted before writing to etcd.

🔑

Vault Storage (Designed)

AES-256-GCM via Vault seal mechanism on Raft integrated storage.

Data in Transit#

🌐

External Traffic

TLS 1.3 for all web traffic and API communication.

🔒

Agent Communication

HTTPS and WSS (WebSocket Secure) between dashboard and agent bridge.

🏛️

Internal mTLS (Designed)

Istio service mesh with STRICT mutual TLS — all pod-to-pod traffic mutually authenticated.

SOC 2 Readiness#

Lobstack's infrastructure controls are mapped to the AICPA Trust Services Criteria (CC1–CC9) covering Security, Availability, Processing Integrity, Confidentiality, and Privacy. Controls are implemented as infrastructure-as-code and are ready for formal audit.

OPA Gatekeeper admission policies enforce organizational standards. All infrastructure defined as code with PR review workflow. Namespace isolation separates concerns.

Controls Status#

Security Controls — Current Status

✅ Live    Encryption at rest (database, VM disks)
✅ Live    Encryption in transit (TLS 1.3, WSS)
✅ Live    Dedicated VM isolation per agent
✅ Live    Skill permission system & tool allow-list
✅ Live    Application audit logging (Supabase)
✅ Live    Agent activity logging
✅ Live    Secret lifecycle management (provision/destroy)
✅ Live    Multi-cloud deployment (Hetzner, DO, Vultr)
✅ Live    Row-level security (per-account data isolation)

🔧 Ready   K8s secrets encryption (AES-256-CBC)         — IaC defined
🔧 Ready   HashiCorp Vault HA (Raft, Transit, RBAC)     — IaC defined
🔧 Ready   gVisor sandbox per agent                     — IaC defined
🔧 Ready   Istio mTLS service mesh                      — IaC defined
🔧 Ready   K8s & Vault audit logging (2-year retention) — IaC defined
🔧 Ready   Falco runtime monitoring (8 custom rules)    — IaC defined
🔧 Ready   OPA Gatekeeper admission control             — IaC defined
🔧 Ready   NetworkPolicies (zero inter-agent traffic)   — IaC defined

📋 Roadmap  Formal SOC 2 Type II audit
📋 Roadmap  Bring-your-own-cloud (BYOC) VPC deployment
📋 Roadmap  Customer-managed encryption keys (CMEK)

✅

Full Controls Mapping

The complete SOC 2 controls mapping with infrastructure-as-code evidence is available at infra/docs/soc2-compliance.md in the Lobstack repository. Contact us for a detailed security review.

Sandbox Isolation Use Cases & Examples