Security is the "boring" topic that wins big contracts.

If you try to sell AI to a Corporate client, an Educational institution, or a Healthcare provider, their IT team will grill you. They will not ask about "prompt engineering." They will ask: "Where does the data go?" and "Can this get hacked?"

Because Kuga uses a Multi-Tenant Architecture (One Agent Per Client), you can give them a robust "Yes."

Here is the non-technical explanation of Kuga’s security stack that you can copy-paste to your clients.

1. The "Sandboxed" Widget (Protection from Hacks)

We use Iframe Sandboxing.

Imagine the chat widget is a submarine. It floats on your client's website, but it is completely sealed off.

• The Chatbot cannot read the client’s passwords, cookies, or customer data from their website.

• If the client’s website gets hacked, the hacker cannot get into the Chatbot.

• It is a one-way, secure window.

2. File Security & Vector Isolation (The "Safe" Model)

Many cheap AI tools dump all uploaded files into one big database bucket. This is dangerous.

Kuga uses a strict Isolation Protocol for every file you upload to the Knowledge Base.

• Vector Store Isolation: When you upload a PDF, it isn't just saved on a server. It is processed into a specific "Vector Store" ID that belongs only to that business. Client A’s files are mathematically invisible to Client B’s agent.

• Whitelist Validation: We don't just accept any file. Kuga runs a strict "Whitelist Check" before processing. We accept documents (.pdf, .docx, .txt) and data (.csv, .json), but we block executables (.exe) and scripts. This prevents malicious files from entering the brain of the bot.

• Pass-Through Storage: Files are not stored on a generic intermediate server. They are passed securely via HTTPS directly to our provider's enterprise storage.

3. Malicious Code Prevention (DOMPurify)

A common fear is that an AI might "hallucinate" or be tricked into sending a user a virus link.

Kuga uses a security layer called DOMPurify. It acts like a firewall for text. Before any message is shown to a user, it is scrubbed.

• It blocks malicious scripts.

• It blocks auto-download links.

• It ensures the AI can only send text and safe, clickable links.

Summary for the IT Director

(Copy and paste this paragraph into your tender document):

"We use an isolated, multi-tenant architecture with TLS encryption and Iframe sandboxing. File uploads are validated via a strict whitelist and stored in isolated Vector Stores per business ID. No data is shared between tenants, and the widget has no read/write access to your core website DOM."