Security
Last updated May 20, 2026
This page covers the security posture of the arbiter.run website and the open-source runtime. It is practical guidance for people evaluating or operating Arbiter.
Website security
arbiter.run is served over TLS. The website is static-first and keeps public docs separate from authenticated application code. Operational logs are used for reliability, abuse prevention, and incident investigation.
Runtime posture
The open-source runtime binds to loopback by default and is designed to sit behind operator-controlled infrastructure when exposed over HTTP. Production deployments should add TLS, rate limiting, and abuse controls at the proxy or infrastructure layer.
When the HTTP API is enabled, requests authenticate with bearer tokens tied to tenants. Tenant reads enforce tenant identity across conversations, memory, artifacts, schedules, and agents.
Tool execution
Shell execution (/exec) is disabled by default in the API server. Operators can enable the per-tenant Docker sandbox so /exec, /write, and /read share an isolated workspace with configured CPU, memory, PID, network, and disk limits.
Prompt data
arbiter.run does not use prompt or response content for model training. Local runtime deployments send prompts only to the model providers and tools you configure.
Responsible disclosure
If you believe you have found a security vulnerability, please report it privately to security@arbiter.run before disclosing it publicly. Include enough detail to reproduce the issue. We will acknowledge your report, keep you updated on remediation, and credit you if you would like.
The runtime repository also ships a SECURITY.md with in-scope / out-of-scope guidance and operator-hardening notes.