Security

Security you can point to, not just trust.

Cuttlefish runs AI across your real computer — your files, your browser, your tools — so it is built to do the least it needs to, ask before anything that matters, and leave a record you can read. This page explains exactly what it protects and how, in plain terms, and gives you a real way to report a problem.

What is protected

Least authority is the starting point, not a setting you switch on.

Cuttlefish ships cautious. It can only reach what you have given it, it does the smallest version of any task, and content it reads is treated as information — never as orders it has to follow.

Your device and files

Reaching your folders, your browser, or a tool on your machine is a permission you grant and can take back. Cuttlefish never assumes access it was not given, and removing a connection leaves your actual files exactly where they sit on disk.

Your data and connections

What lives on your computer stays there by default. Nothing syncs anywhere until you turn backup on, and nothing reaches an outside model or tool unless you connect it and choose to use it — task by task.

Your credentials

The keys you add for models and tools are kept in your computer's own secure keychain. They are not written into logs and never travel to Cuttlefish's servers. Remove a key and it is gone from your machine.

The apps you build

When you turn repeated work into an app, it runs inside a walled-off space with no automatic reach into your computer. It only gets the specific permissions you grant it, and you can roll it back to an earlier version at any time.

Every action it takes

Anything that would change your world — sending, editing, publishing, spending — stops for your approval first. If Cuttlefish cannot confirm an action fits the limits you set, it holds off rather than guessing.

Content as data, not commands

A web page, an email, or a pasted document is read as information to work with, not as instructions Cuttlefish must obey. Generated and fetched content is watched as it streams, so a hidden "ignore your rules" never quietly takes the wheel.

Responsible disclosure

Found a security issue? Tell us, and we will work with you.

We welcome reports from security researchers and customers. If you believe you have found a vulnerability in Cuttlefish — the desktop app, the website, or the services behind them — please report it to us privately so we can fix it before it is disclosed.

Report it privately

[email protected]

Email us with the details below. Please give us a reasonable window to investigate and remediate before any public disclosure.

Report it

Send your finding to [email protected]. Keep it private until we have had a chance to investigate and ship a fix — please do not post it publicly or share it with others in the meantime.

What to include

A clear summary, the area affected (the desktop app, the website, or a service), the version or URL, steps to reproduce, and what you believe the impact is. A short proof-of-concept helps us confirm and fix it faster.

What happens next

We review every good-faith report, confirm what we can reproduce, and keep you updated as we work toward a fix. We will let you know when the issue is resolved and are glad to credit you for the find if you would like.

Good-faith safe harbor

If you make a sincere effort to follow this process — test only against your own account, avoid accessing or destroying other people's data, and give us time to respond — we will treat your research as authorized and will not pursue action against you for it.

How actions are classified

Every action is judged by how much it could matter.

Cuttlefish sorts what it can do into a few clear groups, and the group is decided per action — not just per tool. Reading a file is judged differently from changing one, and the same tool writing to a normal folder is treated more carefully when it targets a system location.

Read & look up

Runs freely

Looking things up, reading, searching, and summarizing happen without interruption so the work keeps moving.

Read a fileSearch memoryCheck a page
Prepare & draft

Reversible, under your settings

Changes you can easily undo — a draft, a saved workspace, a staged edit — proceed under the permissions you have set, and ask only when you have told it to.

Draft a messageSave workStage an edit
Asks before it acts

Always a clear choice

Anything that leaves your machine or cannot be casually undone stops first and shows a plain card: allow, deny, narrow what is allowed, or test it without really doing it. Approving is the only answer that runs it, and walking away counts as no.

SendPublishSpend
Blocked by default

Refused, not attempted

Anything Cuttlefish has not been explicitly allowed to do is refused before it starts. It is an allowlist of permitted actions, not a blocklist of bad ones — so an action it was never taught is denied, never guessed at.

Unknown actionNo permissionDenied
The line that holds these groups apart is enforced for you, the same way every time — so "asks first" and "blocked by default" are how Cuttlefish behaves, not options you have to remember to keep on.
Credential handling

Your secrets stay isolated — even from the model.

The keys that connect your models and tools are some of the most sensitive things you give an AI app. Cuttlefish keeps them where your operating system keeps your passwords, and keeps them out of everything that does not strictly need them.

Stored in your OS keychain

Every key you add goes straight into your computer's own secure keychain — the protected store your operating system already uses for passwords. It is never written into a log and never sent to Cuttlefish's servers.

Models and apps never see raw secrets

The model you are chatting with and the apps you build do not receive your keys. Cuttlefish uses a credential to reach a connected service on your behalf; the secret itself stays sealed away from the conversation and from generated code.

Remove a key and it is gone

Open the connection in your settings and remove the key. It is deleted from your keychain, and that connection cannot be used again until you add a key back. Backups you save never carry your keys with them.

Data isolation

What is yours, and what is your team's, stay separate.

Cuttlefish keeps a clear line between what lives only on your machine, what follows your sign-in, and what your organization manages — so the boundary between personal and shared work is real, not a label.

Local stays local

Your settings, saved conversations, and the details Cuttlefish remembers sit on your computer by default. A model you run on your own machine keeps the entire exchange there — nothing is sent out, because there is no provider in the loop.

Personal and tenant kept apart

When you join a team, your personal workspace stays yours and your organization's shared work, connected systems, and managed settings live alongside it under their own permissions. Joining a team never quietly absorbs your private data.

You choose what leaves, per task

Nothing reaches a cloud model or an outside tool unless you connected it and chose to use it for that task. You can keep sensitive work on a private local model and reach for a cloud model elsewhere — in the same workspace, the same day.

Update integrity

Updates are signed, so you only ever run the real thing.

An AI app that can reach your real computer has to update itself safely. Cuttlefish checks that an update genuinely came from us and arrived unchanged before it is applied — so an update is something you can trust, not a new way in.

Signed updates only

Each update carries a signature that Cuttlefish verifies before installing. If an update did not come from us, or was altered along the way, it is not applied. You are never silently moved onto something we did not publish.

You stay on a version you trust

You see what version you are on and decide when to move. Nothing about how Cuttlefish behaves — your permissions, your cautious defaults — is loosened by an update without you knowing.

Proof of what changed

The same plain, tamper-proof record that backs everyday actions means there is an honest account of what the app did and when — including the work that keeps you current. If you ever ask "what changed?", there is a real answer.

For security and compliance teams

Bring it to your security review.

If you are evaluating Cuttlefish for a team or company, we are glad to walk your security and compliance people through the control model, the approval and proof system, and how data isolation works for your environment.

Enterprise security review

Talk to us before you say yes.

See how the governed workspace fits your requirements, and get the detail your reviewers need to sign off.

How control works

The same approval-before-acting model and proof-of-every-action trail covered here apply to enterprise environments and connected internal systems. Read more in our Trust Center.

Privacy and data handling

What we collect, what stays on your machine, and how it is handled are laid out plainly in our Privacy page and our Data Processing Addendum.

Terms and providers

The agreement that governs your use is in our Terms, and the services we rely on to operate Cuttlefish are listed in our Subprocessors register.