Security built for enterprise AI operators

Twin gives teams the power of AI operators while preserving the controls enterprises expect: isolated execution environments, least-privilege access, auditability, data protection, and flexible deployment models.

Talk to sales
Sandboxed execution isolated
Twin
Twin · workspace-acme
scoped creds · least privilege
Browser · code · query · automate
No access to unrelated systems or sessions
SOC 2 compliant SOC 2 compliance verified
Sandboxed execution Isolated environments per run
Per-customer workspaces Tenant-isolated execution & state
Enterprise identity SSO / enterprise identity support
Role-based access Granular, scoped permissions
Audit logs Full task & action history
Human approval gates Required for sensitive actions
Configurable retention Data retention you control
Flexible deployment Customer-managed options

[1] Twin is SOC 2 compliant. Security documentation is available to enterprise buyers under NDA.

The controls

Built for secure AI work

Enterprise-grade AI operators, built for secure access, isolated execution, and auditable automation.

Sandboxed execution

Twin runs work in isolated environments so agents can browse, code, query, and automate without exposing unrelated systems or sessions.

Least-privilege access

Connect only the tools and accounts Twin needs. Scope permissions by workspace, integration, user, role, or workflow.

Human-in-the-loop controls

Require approval before high-impact actions like moving money, changing production data, sending external messages, or modifying code.

Full action visibility

Every task, tool call, file, decision, and user-facing message can be traced back through the conversation and execution history.

Enterprise identity & access

Support for SSO, role-based access, user management, and admin-level control over who can create, run, or approve AI work.

Data protection by design

Protect sensitive context with secure integration handling, scoped credentials, encrypted storage and transit, and configurable retention.

Deployment

Run Twin where your security model requires

Twin adapts to stricter enterprise environments — from fast hosted rollout to dedicated, network-aware deployments close to private systems.

Standard hosted deployment Fast rollout on Twin's managed infrastructure.
supported
Dedicated customer workspaces Isolated environments per customer or team.
supported
Customer-controlled machines Twin deployed onto client boxes when required.
designed to support
Long-lived durable machines Persistent environments for sensitive workflows.
designed to support
Network-aware deployments Access private and internal resources securely.
designed to support
Architecture

Legible for security review

Twin separates where work is assigned and governed from where it is executed — so IT and security teams can reason about each independently.

Control plane
Users assign work in Slack, web, or API
Admins manage users, policies, and integrations
Approvals and audit history live here
Execution plane
Twin performs work in sandboxed environments
Tool access is scoped and permissioned
Customer-specific machines for private resources
Outputs return to the thread with traceability
Auditability

Every action, traceable

Every task, tool call, file, decision, and user-facing message traces back through the conversation and execution history — with approval gates on sensitive steps.

Activity log · workspace-acme live
Twin queried Salesforce just now
Twin drafted a customer reply 1m ago
Twin requested approval before sending 1m ago
Admin approved workflow 2m ago
Scoped credentials issued · workspace-acme 3m ago
Reference

Enterprise security practices

Compliance & assurance
SOC 2 compliant supported
Vendor security review support supported
Security docs available under NDA supported
Access control
SSO · SAML / OIDC designed to support
Role-based access control supported
Scoped integration permissions supported
Admin-managed users supported
Data security
Encryption in transit supported
Encryption at rest supported
Secure secret handling supported
Configurable retention designed to support
Customer data isolation supported
Operational security
Sandboxed execution supported
Environment isolation supported
Audit logs supported
Approval gates supported
Monitoring & alerting designed to support
Deployment
Hosted deployment supported
Dedicated workspaces supported
Customer-controlled machines designed to support
Private network access designed to support

“Designed to support” denotes capabilities available on enterprise plans or in active rollout. Exact certification marks and SSO protocol support confirmed during security review.

Procurement-ready

Ready for security review

Twin is designed for teams that need AI to operate inside real business systems — not just answer questions. Security, auditability, and deployment control are first-class parts of the product.

Review access before an agent starts work Approve sensitive actions before execution Trace completed work from request to result Isolate workflows by team, customer, or environment Deploy close to private systems when needed
Talk to sales