tank
sign in

Built Secure by Default

Tank's security architecture is designed for enterprise patent intelligence — no shortcuts, no compromises.

Download Whitepaper (PDF)

Opens print-optimized HTML — use Ctrl+P / ⌘P to save as PDF

Single-tenant Architecture

  • No cloud vendor lock-in
  • No third-party data processors
  • All data stays on controlled infrastructure
  • Zero-trust internal networking

Invite-Only Access

  • Short-lived stateless session tokens with rotation on every auth event
  • Invite-code gated registration
  • No cookie-based sessions (stateless)

Immutable Secrets

  • Production secrets stored with OS-enforced immutability
  • Seed-safety invariants enforced at boot
  • No plaintext passwords anywhere in the stack

Six-Pattern MCP Hardening

  • Docstring-sha256 witness on every tool
  • Per-principal allowlist with hmac.compare_digest
  • Elicitation on every write-path tool
  • argv-list subprocess (no shell=True)
  • Content fencing on all tool responses
  • AST-lint enforcement (no raw subprocess)

Deterministic Quality Gates

  • Multi-domain offline readiness gate
  • Preflight gate blocks deploy on any red signal
  • Hundreds of regression tests, no network or DB required
  • Shell-only fast gate for pre-push checks

Comprehensive Audit Logging

  • Every API call logged: timestamp + principal + route + status code
  • MCP tool calls logged with sha256'd argument hash
  • Operator actions logged to append-only JSONL
  • No PII in logs — principal IDs are hashed
  • Log retention: 90 days hot, archived to object storage

Regulatory Awareness

  • PIPL-aware: data residency in a single jurisdiction, no cross-border transfer
  • GDPR data-residency: single-tenant architecture, no third-party processors
  • No user tracking, no analytics SDKs, no ad networks
  • Data deletion: operator can purge all idea data via API
  • AI providers reached only through the internal gateway; no third-party data processors
  • Audit trail exportable for regulatory review

Why This Matters

Lovable BOLA Breach — January 2026

In January 2026, Lovable — a popular AI app builder — exposed every user's project to unauthorized access via a Broken Object Level Authorization (BOLA) vulnerability. Any authenticated user could read, modify, or delete any other user's projects.

MCP RCE Chain — May 2026

In May 2026, Adversa AI demonstrated a one-click remote code execution chain via malicious MCP servers against Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI.

Tank's architecture prevents both classes of vulnerability by design.

Report a Vulnerability

If you discover a security issue, please contact us directly.

security@tempproject.online
Tank · invite-only · zero-trust