Security at Medusa

A Medusa Model token classifier runs locally via ONNX Runtime. It scans every MCP tool call and server response in real-time, detecting secrets, PII, financial data, health records, and 6 more categories — all without network access.

All agent-to-dashboard communication uses HTTPS (TLS 1.2+).

The The Medusa Model is verified via SHA-256 checksum on every load. If the model file has been tampered with, the agent refuses to start.

Policy responses are signed with HMAC-SHA256 to prevent MITM injection.

Agent config and database files are restricted to owner-only permissions (0600). The agent directory is 0700.

API keys are hashed with SHA-256 before storage. The full key is shown once at creation and never stored or logged.

All API routes enforce rate limiting and authentication via Supabase RLS.

The gateway proxy enforces a 10MB message size limit to prevent OOM attacks. Model inference has a 10-second timeout to prevent adversarial input hangs.

MCP client configs are written atomically (temp file → rename) to prevent corruption on crash.

Custom regex patterns are tested for ReDoS vulnerability before activation.

When enabled, the DLP engine extracts text from binary files (PDF, XLSX, DOCX) and scans the extracted content through the same Medusa Model. OCR support for images ensures screenshots with sensitive data are also caught.

All extraction happens on-device — file contents never leave the endpoint.

Every tool call verdict (allow, block, redact, coach) is recorded with full metadata: timestamp, tool name, server, DLP findings, and confidence scores.

Events are uploaded to the dashboard for centralized monitoring. Event retention is configurable (7 days default, up to 90 days for enterprise).