Loading…
Loading…
Running untrusted workloads on distributed consumer hardware requires serious security. Here's how we protect your data and keep your workloads isolated.
Every workload runs in its own Kata Container—a lightweight VM with a separate kernel. There's no shared attack surface between workloads.
GPUs are passed directly to VMs using VFIO. The host system has no GPU drivers loaded, eliminating driver-level attack vectors.
All data in transit is encrypted using TLS 1.3. Control plane communications use WebSocket over HTTPS with certificate pinning.
Providers cannot access your workloads. The VM isolation ensures your code, data, and models remain completely private.
When nodes fail or become unresponsive, workloads are automatically migrated to healthy nodes with zero data persistence on failed hardware.
Role-based access control, API key management, and audit logging ensure you have complete control over who accesses your resources.
VectorLay's security model is built on the principle of defense in depth. We assume that any component can be compromised and design our systems to contain potential breaches.
Unlike traditional container platforms that share a kernel, we use Kata Containers to provide VM-level isolation. Each workload runs in its own lightweight virtual machine with:
GPUs are passed through to VMs using VFIO (Virtual Function I/O), which provides:
All network communications are secured:
All data transmitted between clients, our control plane, and provider nodes is encrypted using TLS 1.3 with modern cipher suites. We enforce HTTPS everywhere and use HSTS to prevent downgrade attacks.
Container images and workload data are stored in encrypted volumes. When a workload terminates, all associated data is securely wiped from the provider node.
By default, provider nodes do not retain any user data after workload completion. Ephemeral storage is cleared and GPUs are reset between deployments.
Our control plane infrastructure is hosted on secure, SOC 2 compliant cloud providers with:
We take security seriously and appreciate the efforts of security researchers. If you discover a security vulnerability, please report it responsibly:
We commit to acknowledging your report within 48 hours and providing regular updates on our progress. We do not pursue legal action against researchers who follow responsible disclosure practices.
We are actively working toward industry compliance certifications:
We're happy to discuss our security practices in more detail. Reach out to our security team.
Contact Security Team→