Security
Product security architecture
4MINDS deploys entirely within customer infrastructure. The platform runs on Kubernetes on-premises or in sovereign cloud regions, with no required external connectivity. Inference, fine-tuning, and retrieval all operate inside the customer's network perimeter. There is no 4MINDS-operated cloud service that handles customer data.
No external attack surface
Because 4MINDS requires no inbound connectivity and makes no outbound calls during inference, the attack surface is limited to what the customer's own network exposes. There is no public endpoint operated by 4MINDS. Customer prompt data never traverses the internet.
Model integrity
Ghost Weights enforces an automated eval gate before any model update reaches production. Model weights are versioned with full rollback capability. Every swap is logged with version identifier, eval results, and timestamp. Unverified weights cannot enter production by design.
Responsible disclosure
If you believe you have found a security vulnerability in 4MINDS software or on 4minds.ai, please report it to security@4minds.ai. Include a description of the issue, steps to reproduce, and any relevant technical details. We will acknowledge receipt within 2 business days and work with you to understand and address the issue.
Scope
In-scope for responsible disclosure: vulnerabilities in 4MINDS software packages, the 4minds.ai website, and the 4MINDS API. Out of scope: social engineering, physical attacks, denial of service attacks, and vulnerabilities in third-party software not directly maintained by 4MINDS.
Contact
Security issues: security@4minds.ai. For urgent matters, include "URGENT" in the subject line.