Security
How we protect member data, the agents, and the platform. Plain language. Where we are honest about what's strong and what's still being built.
Overview
CS-Society is built on a security-first foundation. This page is a plain-language summary of how we protect member data and the platform.
If you find a vulnerability, email security@cs-society.org. We respond within 24 hours and credit responsible disclosure.
Infrastructure
Hosted on AWS in a VPC dedicated to CS-Society. Tagged, isolated, separately credentialed from any other workload.
Postgres on RDS with encryption at rest and in transit. S3 with bucket-level encryption. Redis for sessions and queues, never for sensitive data. Qdrant for vectors with namespace isolation per tenant.
Two environments (dev and prod) are completely separated: separate AWS accounts moving forward, separate API keys, separate secrets, separate everything.
Authentication
Members authenticate via WorkOS with magic links and SSO. No passwords stored. 2FA is optional today, required for admin accounts.
The internal team uses Django auth with mandatory 2FA. The two systems are completely separated. No internal accounts can authenticate as members. No member accounts can access admin surfaces.
Data handling
Secrets are stored only in AWS Secrets Manager (production) or local .env files (development, gitignored). Pre-commit hooks scan for accidental key leaks.
Application logs are structured JSON via structlog. PII is redacted before logs leave the application boundary.
Backups run daily. Restores are tested quarterly. RPO target is 24 hours, RTO target is 4 hours.
Agent safety
Every agent has a typed tool registry. Agents only call functions in their registry, never arbitrary code. System prompts are versioned in git and changes go through CI eval suites before shipping.
LLM calls are routed through Langfuse for observability. Every prompt change is tested against golden sets in CI. Agents that regress against the golden set block the PR.
Agent outputs that interact with member data (intros, recommendations) require explicit consent and are logged for audit.
Responsible disclosure
Found a vulnerability? Email security@cs-society.org. Include reproduction steps, expected impact, and your contact info.
We respond within 24 hours. We won't take legal action against good-faith security research that follows responsible disclosure practices.