Security & Compliance

26 AI Agents Handling LP Data. Here Is How We Protect It.

Dedicated infrastructure per firm, SEC-aware audit trails, and human approval on every external communication. Not a feature list: the architecture that protects your LPs, your firm, and your fiduciary obligations.

Zero Public ExposureHuman Approval on All External CommunicationsComplete LP Data Isolation Per Firm26 Agents Continuously Monitored
Public InternetPF FirewallTailscale VPN MeshAssetBoxxFully ManagedKnowledgeExec. Asst.DeliverySecurityOps IntelClient Exp.

Four Risks Every AI-Powered Fund Must Solve

AI that processes LP data, drafts investor communications, and generates compliance documents creates real risk. AssetBoxx prevents each one.

LP Data Cross-Contamination

Fund A's LP information appears in a communication meant for Fund B.

Complete data isolation per firm. LP data, fund documents, and investor records cannot cross boundaries at the database level.

Non-Compliant Communications

AI-generated content violates SEC Marketing Rule or contains unsubstantiated performance claims.

Agent 14 (Compliance Review) gates every external communication. Marketing Rule checks, disclaimer verification, and performance claim validation before human approval.

Unsupervised LP Communications

AI sends an investor letter, quarterly report, or email without approval.

Every LP-facing communication requires explicit human approval. No code path bypasses this for external content.

Hallucinated Performance Data

AI invents returns, fabricates fund metrics, or misrepresents portfolio positions.

All performance data sourced from verified systems of record. Human review plus compliance gate catches hallucinations before anything reaches an LP.

Invisible to the Internet

Dedicated infrastructure per firm. Zero public exposure. No website to hack, no login page to brute-force, no open ports to scan. Remote access via authenticated Tailscale encrypted mesh only. Your fund data sits behind infrastructure that does not exist on the public internet.

Nothing Reaches an LP Without Human Approval

Agents research, draft, and prepare. They cannot communicate externally without your sign-off.

Agent Prepares

Drafts LP letter, quarterly commentary, investor email, or LinkedIn post from fund data, market research, and compliance guidelines.

Compliance Gate

Agent 14 reviews for SEC Marketing Rule compliance, disclaimer requirements, and performance claim validation before human review.

Human Reviews

Full content, recipient, and fund context posted for review. Approve, Edit, or Reject.

Action Logged

Timestamp, approver, full content, and compliance status recorded. SOC 2 style audit trail on every action.

A

Client Experience Agent

To: sarah@meridiangroup.com

Client: MRD-2024

Subject: RE: Q2 Campaign Timeline Update

Hi Sarah, thanks for the update on the Q2 timeline. We have reviewed the revised schedule and the adjusted launch dates work for our team. We will have the landing pages ready by March 28 as discussed.

No exceptions. LP quarterly letters, investor emails, capital call notices, marketing content: human approval plus compliance review required.

Autonomy Is Earned. Never Assumed.

New deployments start at maximum guardrails. Permissions expand after proven reliability.

Weeks 1 through 4

Full Supervision

  • Every draft, research output, and report requires approval
  • System learns your firm's voice, LP communication style, and compliance standards
  • Daily action log for complete visibility into all 26 agents
Weeks 5 through 12

Internal Work Runs Independently

  • Market research, data gathering, and internal analysis run without approval
  • Nothing LP-facing or externally visible runs unsupervised
  • All investor communications still require your approval plus compliance gate
Month 4 and Beyond

You Decide What to Trust

  • Accuracy data lets you release low-risk internal actions from review
  • LP letters, investor emails, quarterly reports, and marketing content always require human approval

Any LP-facing error reverts to full supervision until reliability is re-established.

Complete LP Data Isolation. Per Firm.

ABC

XYZ

QRS

MRD

Agent Query
ABC only

+ Global Knowledge (HubSpot docs, best practices)

Segmented across investor records, fund documents, communications, research data, and compliance files. When an agent operates on Fund A's data, it cannot access Fund B. Database-level isolation.

Isolation persists across all 26 agents and their handoffs. Firm boundaries travel with every agent transfer. LP contact information, fund performance data, investor communications, and compliance records are fully isolated with dedicated data stores per firm.

Your LPs Will Never Know AI Is Involved

AI-generated communications never reveal AI involvement, internal operations, or other fund relationships.

Every outbound draft scanned for AI references, internal tool names, and cross-fund information. Any match blocks the communication before it can be sent.

The system writes in your firm's established voice and tone. It never identifies itself as AI. Investor communications maintain the institutional quality your LPs expect.

A delayed response costs far less than an LP discovering AI involvement in their communications.

Draft Scan

Hi Sarah, thanks for the update on the Q2 timeline. We have reviewed the revised schedule and the adjusted launch dates work for our team.

Every Agent Has Boundaries It Cannot Cross

Each of the 26 agents accesses only the tools and data its role requires.

The Research Writer can access market data but cannot send investor emails. The LP Relationship Agent can draft communications but cannot modify fund documents. The Compliance Agent reviews content but cannot alter performance data.

No agent can expand its permissions or grant access to another. Set at deployment, enforced at infrastructure level. SEC recordkeeping requirements satisfied through immutable permission boundaries.

Technical Deep Dive

For Technical Evaluators

Need the Full Technical Picture?

Our Security Architecture deep dive covers network isolation, agent permissions, credential management, threat mitigation, and every audit system under the hood.

Read the Technical Deep Dive

If Something Breaks, It Fixes Itself

All 26 agents and their supporting services monitored continuously. Failures restart within minutes. Critical issues escalate immediately. Daily encrypted backups of all fund data and audit logs.

Also monitors compliance risks: missed filing deadlines, LP communication delays, stalled quarterly reports. Deduplicated alerts prevent fatigue.

Service Health

Last checked: 47s ago
AI Gateway
Healthy
Email Poller
Healthy
Draft Service
Restarting...
Slack Monitor
Healthy
Front Monitor
Healthy
Email Draft Agent
Healthy
Time Tracking
Healthy
Meeting Intel
Healthy
Security Agent
Healthy
Upkeep Brain
Healthy
Watchdog
Healthy
Cron Dispatcher
Healthy

All Inbound Content Screened Before Any Agent Processes It

Every email, document, and data feed screened through multiple layers: spam filtering, phishing detection, and prompt injection defense. All untrusted input sanitized through a dedicated engine that strips adversarial content before it enters any AI model. Blocked before any agent sees it.

Inbound Content Scanner

Which Agent. Which LP Data. When. What Output.

SOC 2 style audit trail on every action across all 26 agents. Every entry records the agent, the data accessed, the action taken, the output produced, and whether a human approved it. Cryptographically chained via SHA-256 for tamper-evident recordkeeping. Designed for SEC examination readiness.

Questions From Asset Managers

Complete database-level isolation per firm. Each fund's LP data, investor records, communications, and documents exist in entirely separate data stores. No agent can access data across firm boundaries. All data access is logged with firm identifiers, and isolation persists across all 26 agent handoffs. The infrastructure has zero public exposure with no ports, login pages, or attack surface visible to the internet.

Every agent action is logged in a SOC 2 style audit trail: which agent accessed which LP data, when, with what output, and whether a human approved it. All entries are cryptographically chained via SHA-256, making the log tamper-evident. Agent 14 (Compliance Review) gates all external communications for Marketing Rule compliance. Monthly compliance posture reports and weekly deep security audits provide continuous documentation for regulatory examination readiness.

No. AssetBoxx runs on dedicated infrastructure that is never shared with other firms. Contractual data processing agreements with all AI providers explicitly prohibit training on your data. Your fund data, LP records, and investor communications never enter any training pipeline. The entire system is invisible to the internet with zero public exposure.

The cryptographic audit trail provides a complete, tamper-evident record of every action taken across all 26 agents. For any LP interaction, you can trace backward from the final communication to the data sources consulted, the compliance checks performed, and the human who approved it. Monthly compliance posture reports provide ready-made documentation. The system is designed from the ground up for SEC examination readiness.

Every LP-facing communication passes through two gates before sending. First, Agent 14 (Compliance Review) checks for SEC Marketing Rule compliance, proper disclaimers, and performance claim validation. Then the approved draft goes to a human reviewer who sees the full content, recipient, fund context, and compliance status. Approve, Edit, or Reject. No code path bypasses this for external communications. LP quarterly letters, investor emails, capital call notices, and marketing content all require both compliance and human approval.

All performance data is sourced from verified systems of record, never generated by AI. The compliance gate validates any numerical claims against source data. Human review provides a second layer of defense. When you edit or reject a draft, corrections feed into the agent's memory for continuous improvement. No performance figure reaches an LP without passing through compliance review and human approval.

All credential-bearing files are permission-locked. Configuration drift is monitored against SHA-256 baselines and any unauthorized changes trigger immediate alerts. Weekly deep security audits scan for credential exposure, dependency vulnerabilities, and access control integrity. No API keys are hardcoded; all secrets are externalized and loaded at runtime.

No. Each of the 26 agents has fixed permissions set at deployment. No agent can expand its own access, grant permissions to another agent, or modify security configurations. The Research Writer cannot send emails. The LP Relationship Agent cannot access other firms' data. Permissions are enforced at infrastructure level, not through prompt instructions an AI might ignore.

0

Public Exposure

Invisible to the internet

0

Agents Monitored

Continuous security posture

0%

Human Approval

On all LP-facing communications

0%

Data Access Logged

SOC 2 style audit trail

See the Security Architecture Live.

No PDF. We show you the live system: approval flows, compliance gates, audit logs, and data isolation across all 26 agents.

Every claim on this page is verifiable in the live system.