Security posture
Read-only is enforced by RBAC, not by promise.
P95 Labs is built for teams that are rightly cautious about anything touching production inference. This page summarizes the current security model for the founder-led alpha.
Read-only access
Least-privilege RBAC scoped to the read permissions P95 Labs needs — no autonomous mutation of workloads or configuration.
No sensitive payloads
No prompts, request bodies, or model outputs are collected by default. Only operational telemetry is ingested.
Human-approved actions
Recommendations are surfaced for your team. A human reviews and approves before any change is applied.
Current alpha security posture
P95 Labs is designed for early evaluation in development, staging, synthetic, or scoped production-like environments. Production deployment should be reviewed with the customer's infrastructure and security team before use.
Access model
- Read-only by default — no autonomous mutation of workloads or configuration.
- Least-privilege Kubernetes RBAC requesting only the read permissions required.
- Scoped namespace deployment; nothing outside the chosen scope is observed.
- Human approval is required before any recommended change is applied.
Data handling
- No prompts, request bodies, or model outputs are collected by default.
- Only operational telemetry (latency, queue depth, GPU and cluster signals) is ingested.
- Telemetry is stored in TimescaleDB for historical correlation.
- Data scope and retention are configurable per deployment.
Deployment & lifecycle
- Installed via a Helm chart and driven from a CLI.
- No agents inserted into the inference request path.
- Clear uninstall path — remove the Helm release and RBAC cleanly.
- No residual controllers left behind after removal.
Have a specific security requirement or review process? Reach us at security@p95labs.com.