J5 Agent FleetCoordinate your AI agent workforce.

Security

Built to keep your data, credentials, and execution inside your boundary.

J5 Agent Fleet is designed around account isolation, zero-access architecture, human approval checkpoints, and audited actions. We focus on practical defense in depth so teams can automate real work without treating security as an afterthought.

Explore the platformView plans

Security posture

Owners cannot access your data.

The platform is built so that we have no access to your repositories, systems, connected services, or documents.

Credentials are encrypted before storage.

Secret values are handled server-side and account-scoped APIs avoid sending them back after save.

Actions are traceable.

Task events, approvals, and integration actions are recorded for review and accountability.

Core controls

The security model is based on multiple layers, not one promise.

We avoid vague claims of perfect security. Instead, we build controls that reduce blast radius, limit exposure, require explicit review where needed, and preserve a clear audit trail.

Zero-access architecture

The platform is architected so that J5 Agent Fleet owners and operators cannot access your machines, code repositories, connected services, or documents. Your data and infrastructure remain private to your account.

Account-scoped by design

Access checks are tied to the signed-in user and account before project, task, approval, and report data is returned. The goal is simple: work should stay inside the boundary of the account that owns it.

Encrypted secrets and credentials

Sensitive secrets are encrypted before storage, and credentials are handled server-side rather than exposed back to clients. Stored values are scoped so they are not intended to be reusable across accounts.

Human approval for sensitive steps

Teams can require explicit sign-off before high-risk actions move forward. Approval gates block execution until a person reviews the request, the context, and the supporting evidence.

Auditable execution

The platform records task events, approval decisions, and integration tool activity so teams can trace what happened, who approved it, and when it occurred.

What that means in practice

How we reduce risk

These controls show up across identity, secret storage, execution, and workflow review so security stays part of the operating model.

Identity and access

  • Authenticated requests are resolved into a concrete user and account context before protected data is served.
  • Operator-only paths use additional token checks for sensitive internal access.
  • Public callback and webhook flows rely on signed payloads or one-time state validation instead of implicit trust.

Secrets handling

  • Personal API keys, tokens, and connected-account credentials are encrypted before storage.
  • Secret values are not returned by the account secrets API after they are saved.
  • Connected-account credential payloads stay on the server side and are omitted from client-facing response shapes.

Execution isolation

  • You can run agents on your own local runner so work stays close to your repositories, tools, and environment.
  • Task execution supports isolated worktree paths so code changes do not have to run in a shared working directory.
  • Managed execution paths are provisioned as isolated job environments rather than long-lived shared sessions.

Review and traceability

  • Approval flows can attach summaries, risk signals, and evidence bundles before a decision is made.
  • Approval decisions are recorded as durable workflow events.
  • Integration tool calls keep an immutable execution log with inputs, outputs, status, and timing.

Our approach

Security should support autonomy, not slow it down.

The platform is built to let teams move quickly while preserving review points, visibility, and tighter control over who can access what. That is especially important when software agents can read repositories, call tools, and execute work on your behalf.

What we commit to

  • Platform operators have no access to your systems, repositories, or connected services.
  • We design for strong account isolation instead of assuming trust between workloads.
  • We prefer layered controls over single points of failure.
  • We aim to minimize secret exposure in both APIs and user interfaces.
  • We keep humans in the loop for actions that deserve review.

Privacy Guarantee:

We cannot access your code, your systems, or your connected services. J5 Agent Fleet is built to ensure that even as platform operators, we have no visibility into your private infrastructure or data.