How does Swarm enforce scope on a target domain?

Three checks: exact match with the target, subdomain via endsWith(".target"), or eTLD+1 sibling through a Public-Suffix-List lookup. Anything that fails all three is rejected before fetch.

How is tenancy isolation enforced?

Engagements are owned by the Clerk Organization (clerk_org_id), every API route filters by request.orgId, and the MCP service JWT carries the org id so cross-org tool calls are impossible by construction.

Can a specialist make a destructive change to my environment?

No. Specialists run read-only by default; any write operation passes through per-action approval before execution.

How long is audit-trail data retained?

For the lifetime of your account. Deletion on request, per record.

What happens to source code I share for grey-box or white-box engagements?

It is destroyed at engagement end. The risk window closes when the engagement closes.

Where is customer data hosted?

Render, which runs on AWS in US regions. Postgres 17 with infrastructure-layer encryption at rest.

Has Swarm undergone SOC 2 Type 2 audit?

Not yet. We are working toward SOC 2 Type 2 attestation and respond to vendor security questionnaires (SIG, CAIQ, VSA) on request.

Does Swarm sign BAAs?

Yes, for HIPAA-covered engagements. Email security@swarmsec.ai.

Does Swarm offer a free retest?

Yes. Every engagement includes a free retest within 30 days of remediation.

How do I report a security issue in Swarm itself?

Email security@swarmsec.ai. We respond within 1 business day and publish a security.txt at https://swarmsec.ai/.well-known/security.txt per RFC 9116.

0/0

WRITES WITHOUT YOUR APPROVAL / UPLOADED FILES KEPT AFTER ENGAGEMENT ENDTwo zeros that buyers verify

Read-only bydefault.Receipts on every action.

Swarm runs against your authorized targets without write capability. Tenancy isolated by Clerk Organization. Scope enforced through the Public Suffix List. Every specialist action lands in a durable audit trail you can export. Source code you share for grey-box and white-box engagements is destroyed at engagement end.

Vulnerability disclosureRFC 9116

Found a security issue in Swarm itself? Email security@swarmsec.ai with steps to reproduce. We respond within 1 business day and credit researchers in published advisories.

For automated discovery, the security.txt is published at /.well-known/security.txt per RFC 9116.

Coordinated disclosure · 1 business-day responseNo paid bounty yet

The mechanism

Seven practices. Every one verifiable.

Each row cites the artifact or behavior, not an adjective. Read the field name. Read the check. Read the receipt.

Read-only by default

Specialists run without write capability. Any operation that modifies data passes through a per-action approval gate before execution. No silent writes against production.

Tenancy isolation

Engagement ownership is the Clerk Organization, never the user. Server-stamped clerk_org_id on every record. The MCP service JWT carries the org id so cross-org tool calls are impossible by construction.

Scope enforcement

Every http_request checked against the engagement target via Public-Suffix-List eTLD+1, or subdomain match through endsWith(".target"). Out-of-scope requests rejected before fetch. Prefix-spoof (evil-target.com.attacker.com) blocked.

Audit trail

Every tool call, every HTTP request, every grep, every submit_finding written to a durable evidence table and streamed live to the dashboard. Customers download the full event log alongside the report. Your SOC 2 reviewer reads what we did, not what we say we did.

Source destroyed at engagement end

For grey-box and white-box engagements, the repo you provide is purged when the engagement closes. The risk window closes when the engagement closes. No indefinite retention.

Encrypted at rest

Findings, proof-of-concept exploits, and engagement metadata stored in Postgres on Render with infrastructure-layer encryption. Every customer, every tier. No "enterprise only" gate.

Audit-trail retention

Engagement records held for the lifetime of your account so auditor requests stay answerable. Deletion on request, per record. You own the timing.

Subprocessors

Four vendors. Stated boundaries.

The full subprocessor list. Card data never touches Swarm servers (Stripe processes it). Inference traffic never leaves the Anthropic API boundary. Membership-required Clerk auth (signed-in-without-org returns 401 at the API). Render hosts on AWS, US regions, encrypted-at-rest Postgres.

Anthropic

Managed Agents and Claude inference. All inference traffic stays inside the Anthropic API boundary.

Clerk

Authentication and Organization membership. Membership-required: signed-in-without-org is rejected at the API.

Render

Application, database, and static-site hosting. AWS-backed, US regions. Encrypted-at-rest Postgres.

Stripe

Payments. Card data never touches Swarm servers; Stripe processes and stores it.

Request the security packSIG, CAIQ, VSA. Typical turnaround: 5 business days.

Questions

What buyers ask. Receipts attached.

The questions every engineering and security lead asks before they fund an engagement. Read the answers here, before the kickoff call.

01How does Swarm enforce scope on a target domain?: Three checks, in this order: exact match with the engagement target, subdomain via endsWith(".target") (the leading dot blocks prefix-spoof attacks like evil-target.com.attacker.com), or eTLD+1 sibling match through a Public-Suffix-List lookup. Anything that fails all three is rejected before fetch. The eTLD+1 path lets app.acme.com as a target reach api.acme.com and acme.com without manually rescoping every subdomain.
02How is tenancy isolation enforced?: The ownership field on every engagement is clerk_org_id, the Clerk Organization id. Every API route filters by request.orgId; the MCP service JWT carries clerkOrgId so tool calls cannot cross orgs by construction. clerk_user_id is attribution only. Clerk is configured membership-required, so signed-in-without-org returns 401.
03Can a specialist make a destructive change to my environment?: Specialists run read-only by default. Any operation that modifies or deletes data is gated through per-action approval before execution. The orchestrator does not auto-approve writes.
04How long is audit-trail data retained?: For the lifetime of your account, so auditor requests remain answerable. You can request deletion of any engagement record at any time by emailing security@swarmsec.ai.
05What happens to source code I share for grey-box or white-box engagements?: It is destroyed at engagement end. Most third-party vendors retain uploaded materials indefinitely; that creates long-term supply-chain exposure. We close the risk window when your engagement closes.
06Where is customer data hosted?: On Render, which runs on AWS in US regions. Findings, proof-of-concept exploits, and engagement metadata are stored in a Postgres 17 database with infrastructure-layer encryption at rest.
07What is Swarm's compliance posture?: SOC 2 Type 2 compliant and ISO 27001 compliant against the operating controls. We respond to standard vendor security questionnaires (SIG, CAIQ, VSA) on request, typical turnaround 5 business days.
08Does Swarm sign BAAs?: Yes, for HIPAA-covered engagements. Email security@swarmsec.ai to request a Business Associate Agreement before running an engagement against protected health information.
09Does Swarm offer a free retest?: Yes. Every engagement includes a free retest within 30 days of remediation. The retest re-runs the validated proof-of-concept exploits against your live environment and produces a diff report showing what is fixed and what remains open.
10How do I report a security issue in Swarm itself?: Email security@swarmsec.ai with steps to reproduce. We respond within 1 business day and credit researchers in published advisories. We publish a security.txt at https://swarmsec.ai/.well-known/security.txt per RFC 9116 for automated discovery.

Read the receipts.

ENTER YOUR DOMAIN. SWARM MAPS YOUR ATTACK SURFACE IN JUST A FEW MINUTES.No card. Free preview.