CF Cuttlefish
Product
Environment RuntimeAmbientWorkspace App FoundryBrowserAppsGovernanceModel-Independent Intelligence
Solutions
IT & MSP OperatorsPlatform EngineeringEnterprise AI OperationsTechnical Service Firms
Enterprise
Environment Connector RuntimeSurface PacksDeployment ModesSecurity ReviewContact Sales
World AtlasTrustPricingDownload
Menu
ProductSolutionsEnterpriseWorld AtlasTrustPricingDownloadEnvironment RuntimeMSP & IT OperatorsPlatform Engineering
Request PilotDownload

Security Policy

Legal Entity: Moguls Inc
Last Updated: March 25, 2026
Security Contact: [email protected]

Table of Contents

  1. Our Security Commitment
  2. Five-Layer Defense Model
  3. API Key Security
  4. Auto-Update and Signature Verification
  5. Responsible Disclosure
  6. Scope
  7. Exclusions
  8. Recognition
  9. Contact

1. Our Security Commitment

Security is foundational to Cuttlefish, not bolted on. We build with the assumption that an AI desktop application operates in a high-trust environment — your machine, your keys, your data — and we design every layer to protect that trust.

We welcome security researchers who help us find and fix vulnerabilities responsibly. This policy explains how we protect your data, how to report an issue, and what you can expect from us in return.

2. Five-Layer Defense Model

Cuttlefish protects you through five complementary layers. No single layer is relied upon in isolation, so a weakness in one is caught by the others.

1 Credential isolation at the operating system
Your API keys are stored in your operating system's own secure keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service). They are never written in plain text to configuration files or environment variables. The application asks the keychain for a key only when it is needed for a specific request.
2 Guardrail policy layer
Every action Cuttlefish takes is checked against your active rules before it runs. Anything that would cross a boundary you set — what it can reach, how far it can act on its own, what tools it may use — is stopped before it happens, and the decision is written to a tamper-proof record.
3 Tamper-proof record of every decision
Each protected action produces a cryptographically signed record of what was used, what changed, and who approved it. Those records are kept in write-once storage with long-term retention, and an independent check verifies each one. The result is a clear, trustworthy history you can review as plain proof.
4 Protected transport and infrastructure
All communication with our backend uses modern encrypted connections. The backend runs on managed cloud infrastructure with encrypted service-to-service communication and hardened, minimal server images that strip out anything not needed to run. This keeps the surface an attacker could reach as small as possible.
5 Sandboxed execution
Code and tool operations run inside isolated sandboxes with restricted permissions, resource limits, and controlled access to your files and the network. Anything an agent does is held to the guardrails you set before it can touch your machine.

3. API Key Security

Your API keys are the most sensitive data Cuttlefish handles. Here is exactly how we protect them:

  • Storage: Exclusively in your operating system's secure keychain — never in files, browser storage, or application databases.
  • Transmission: Keys are sent directly from your machine to the AI provider's own endpoint over an encrypted connection. They are never routed through Moguls Inc servers.
  • Memory: A key is retrieved from the keychain only for the duration of the request that needs it, and is not kept around afterward.
  • Logging: API keys are never written to log files, crash reports, or usage diagnostics.
  • Backend: Moguls Inc backend services never see, store, or have access to your API keys.

4. Auto-Update and Signature Verification

Cuttlefish includes a built-in updater so you stay current with security fixes. The update process is protected in several ways:

  • Signed updates only: Every update package is cryptographically signed. Cuttlefish verifies that signature before applying anything, and refuses any update that is unsigned or has been tampered with.
  • Encrypted delivery: Update details and files are fetched only over encrypted connections from our official release source.
  • You stay in control: You can review what an update contains before applying it from the Settings screen.
  • Safe recovery: If an update does not apply cleanly, the version you were already running is kept so you are never left without a working app.

5. Responsible Disclosure

If you discover a security vulnerability in Cuttlefish, we ask that you report it responsibly. Here is our process:

Report vulnerabilities to: [email protected]

Disclosure Timeline

Within 48 hours

We acknowledge receipt of your report and assign a tracking identifier.

Within 7 days

We complete our initial assessment, confirm the vulnerability, and share our severity classification and an estimated remediation timeline.

Within 90 days

We develop, test, and deploy a fix, and coordinate with you on public-disclosure timing. If a vulnerability is being actively exploited, we may move faster.

What to Include in Your Report

  • A description of the vulnerability and its potential impact
  • Steps to reproduce it (a proof of concept if possible)
  • The affected component (desktop app, backend, or website)
  • Your assessment of severity
  • Your preferred contact method for follow-up

What We Ask

  • Do not publicly disclose the vulnerability before the agreed-upon date.
  • Do not access, modify, or delete data belonging to other users.
  • Do not degrade the availability of the service.
  • Act in good faith to avoid privacy violations and disruption.

6. Scope

This security policy and our responsible-disclosure process cover:

  • Cuttlefish desktop application — the desktop client for Windows, macOS, and Linux.
  • Cuttlefish backend — the backend services the desktop application connects to.
  • Cuttlefish website — getcuttlefish.app and app.getcuttlefish.app.

7. Exclusions

The following are out of scope for our responsible-disclosure program:

  • Vulnerabilities in third-party AI providers (OpenAI, Anthropic, and others) — please report these to the provider directly.
  • Social-engineering attacks against Moguls Inc employees.
  • Denial-of-service attacks.
  • Physical attacks against infrastructure.
  • Vulnerabilities in third-party dependencies that have already been publicly disclosed and have an upstream patch available (though we appreciate being told if we are running a vulnerable version).
  • Issues that require physical access to a user's machine.

8. Recognition

We value the security community's contributions. With your permission, we credit you by name or handle in our security advisories when your report leads to a fix.

We do not run a paid bug-bounty program. We ask you to report responsibly because it protects the people who use Cuttlefish, and we recognize good-faith research in kind.

9. Contact

For security vulnerabilities and concerns:

Security Team
Email: [email protected]

For general legal inquiries:

Moguls Inc
Email: [email protected]
Support: [email protected]
Web: https://getcuttlefish.app

For details on how we handle your data, see our Privacy Policy and Terms of Service.

Product
Environment RuntimeAmbientWorkspace App FoundryBrowserAppsGovernance
Solutions
IT & MSP OperatorsPlatform EngineeringEnterprise AI OperationsTechnical Service Firms
Enterprise
Enterprise Environment Connector RuntimeSurface PacksSecurity ReviewTrust CenterContact Sales
Resources
World AtlasPricingManifest ExampleRelease NotesInstall GuideSupport
Legal
PrivacyTermsSecurityDPASubprocessors
Cuttlefish turns real environments into governed AI work surfaces.