Secure AI by Northbridge Security

AI agents are team members, not tools. They follow the same rules as humans.

Secure AI enforces your Secure Development Lifecycle (SDLC) for both humans and AI agents, ensuring all code delivered meets the same standards: secure, validated, documented, deployed, and observable.

Features

Security Controls

Code meets security standards based on regulatory context.

• No secrets in code - Blocks commits containing API keys, tokens, and passwords
• No PII exposure - Prevents sensitive data from reaching AI providers
• Supply chain integrity - Pins dependencies and validates provenance
• Static and dynamic analysis - Detects vulnerabilities before and after deployment

Quality Enforcement

Code is efficient, maintainable, well-designed, and fit for purpose.

• Test coverage - Enforces minimum coverage thresholds
• Code standards - Validates against company-wide coding standards
• Requirements traceability - Maps PRDs to tasks to commits
• Human approval - All code reviewed before merge

Human-in-the-Loop

AI agents propose. Humans approve.

• Sandboxed development - AI agents work in isolated worktrees
• Approval gates - Human approval required for tasks, merges, and deploys
• Blocked actions - AI cannot push, deploy, or publish
• Full audit trail - Complete visibility into AI operations

Alpha 0.2

This release adds real-time protection for AI agent interactions:

• PII Detection - Blocks prompts containing emails, phone numbers, credit cards, and other sensitive data before they reach AI providers
• Secret Scanning - Detects AWS keys, GitHub tokens, private keys, and database connection strings
• Guard Hooks - PreToolUse and UserPromptSubmit hooks for Claude Code
• VSCode Dashboard - Visual display of security findings

See Alpha 0.2 Release Notes for installation instructions and detailed feature documentation.

Quick Start

# Install CLI
npm install -g @northbridge-security/secureai-cli

# Configure security hooks
secureai install

Documentation

Getting Started

| Document | Description | | ------------------------------------------- | -------------------------------------------- | | Vision | Business value proposition and Code Complete | | Installation Guide | Detailed installation and configuration | | Usage Guide | CLI commands, tips, and troubleshooting | | Security Guard Rails | Configure AI assistant security boundaries | | 1Password Integration | Secret management setup |

Quality and Operations

| Document | Description | | ------------------------------------------ | ---------------------------------------------- | | Quality Assurance | Test strategy, coverage, and quality gates | | Security Policy | Security practices and vulnerability reporting | | AI Control Mode | Configure AI permission levels |

Architecture

| Document | Description | | ------------------------------------------------------------ | ---------------------------------------- | | Domain Model | System architecture and bounded contexts | | Clean Architecture Guide | Architectural patterns and principles |

AI Agent Resources

| Document | Description | | --------------------------------------------- | ---------------------------------- | | Agent Guidelines | Slash commands and MCP tools | | Slash Commands | Available commands for AI agents | | Best Practice Guides | Standards for AI-generated content |

Contributing

Interested in contributing? See CONTRIBUTING.md for:

• Development setup and prerequisites
• Code style guidelines and naming conventions
• Testing guidelines and coverage requirements
• Commit message format (conventional commits)
• Pull request process
• MCP server development
• NPM publishing workflow

License

This software is proprietary and confidential to Northbridge Security AB. See LICENSE for full terms.

Important: This is NOT open-source software. Usage is restricted to authorized Northbridge Security, Northbridge AB, and TechStars portfolio personnel only.