ZZahara

Enterprise trust

Security contact and responsible disclosure for Zahara.

Zahara is built for teams operating AI agents with governed access, human review, traceable runs, and audit-ready evidence. Use this page for security reports, enterprise review, and responsible disclosure.

Report a security issue

Send security reports to security@zahara.ai. For urgent account, billing, or workspace access issues, contact your Zahara operator or account owner as well.

Include in the report

  • A short description of the issue and affected surface.
  • Steps to reproduce with the smallest safe proof of impact.
  • Any request IDs, timestamps, workspace context, screenshots, or logs that help us investigate.
  • Whether you believe production data, demo data, credentials, or audit evidence is involved.

Trust controls buyers can review

Workspace boundaries

Demo workspaces use synthetic data and live workspaces stay behind authenticated access, scoped credentials, and team controls.

Human approval gates

Sensitive agent actions are routed through approvals so operators can inspect intent, context, and risk before execution.

Audit evidence

Audit, trace, eval, and run history surfaces preserve who changed what, what an agent did, and which evidence supports a decision.

Credential handling

Provider keys and connected-system credentials are treated as workspace secrets and should be approved before agent use.