Titan Pilot logoTitan Pilot

Security

Verified Daily, Not Just at Launch.

This is operational proof, not a compliance checkbox. Every capability below is checked automatically, on a schedule, and has been observed passing in production.

Independently audited, fixed same-day

A security audit found issues in SSH access and backup file permissions. Both were fixed and verified the same day — SSH restricted to key-only authentication, backup files restricted to owner-only access.

Secrets never leave the server

Offsite backups are built by allowlist, not blocklist — only a sanitized database dump and a git commit hash are ever copied off the server. A blocklist approach fails open the moment a new secret is introduced; an allowlist can't.

Backups are proven, not assumed

A full restore with complete integrity verification completes in 13 seconds. Point-in-time recovery from a base backup completes in 78 seconds with zero event gap. Every week, the newest backup is restored into a throwaway copy and fully re-verified — a backup that can't pass verification isn't counted as one.

AI provider failure never increases risk

A 12-case fault-injection matrix — connection failures, DNS failures, timeouts, server errors — confirms automatic failover to a backup AI provider. If both providers are down, the system produces no signal. It never guesses.

The application can't touch its own history

The database role the application runs as cannot alter schema, and cannot delete a recorded event or a derived record — enforced by database grants and triggers, not application code that could have a bug.

Failure is contained by design

A compromised or hallucinating AI model can produce at most one recorded, validated, budget-capped document — never direct access to capital. A compromised AI provider account is capped in dollars. A stolen offsite backup exposes only a sanitized data dump and a commit hash.

Verified daily, not just at launch

A 12-check integrity suite — including replay determinism — runs automatically every day. It also runs on every code change and against every restored backup. This isn't a one-time launch audit; it's a standing, automated check.

Titan Pilot is a software infrastructure project. Nothing on this website is financial advice, investment advice, or a promise of trading performance. Trading involves risk.