Methodology

How we measure, validate, and report on ZYBER’s security and privacy claims.

This is a measurement and reporting framework. It’s not a guarantee of zero risk.

Privacy metrics

Data exposure reduction

We compare what an AI provider can see during direct usage vs. usage through ZYBER.

Measurement method

Enumerate data points exposed during direct AI API usage.
Enumerate data points exposed through ZYBER.
Calculate the reduction percentage.

Data points measured

Data point

Direct usage

Through ZYBER

Exposure

IP address

User’s real IP

ZYBER datacenter IP

Hidden

User agent

Full browser string

ZYBER proxy UA

Hidden

Device fingerprint

Canvas, WebGL, etc.

Not transmitted

Hidden

Session cookies sent

Not transmitted

Hidden

Local timezone

Via JS/headers

Workspace timezone

Hidden

Screen resolution

Via JS

Not transmitted

Hidden

Installed fonts

Via fingerprinting

Not transmitted

Hidden

Browser plugins

Via enumeration

Not transmitted

Hidden

Hardware info

Via WebGL

VM info only

Hidden

Result: 75–90% reduction in identifying data points exposed to AI providers.

Prompt isolation measurement

Prompts sent through ZYBER cannot be correlated with user identity by AI providers.

What AI providers receive

Attribute

Direct usage

Through ZYBER

API request content

✅ Visible

✅ Visible (required)

Source IP

User’s IP

ZYBER IP

Account email

User’s email

Not applicable

Request headers

Full headers

Minimal headers

Timing patterns

Correlatable

Aggregated across users

Isolation score: 4x improvement in prompt privacy. This is based on reduced correlatable metadata.

Security testing

Penetration testing

Frequency: Quarterly

Scope

External infrastructure (API endpoints, web application).
Workspace isolation boundaries.
Authentication and authorization.
Network segmentation.

Testing firm: Independent third-party security firm (rotated annually) Last test: Q4 2024

Findings summary

Critical: 0
High: 0
Medium: 2 (remediated)
Low: 5 (accepted risk or remediated)

Isolation boundary testing

Tests performed

Test

Method

Result

VM escape

Kernel exploit attempts

No escapes

Cross-workspace access

Network probing

No access

Host filesystem access

Mount attempts

Blocked

Container breakout

Container escape techniques

Mitigated by VM layer

Memory isolation

Memory scanning

Isolated

Network namespace escape

Network stack manipulation

Blocked

Testing frequency: Monthly automated, quarterly manual

Dependency auditing

Tools used

npm audit (JavaScript).
pip-audit (Python).
cargo audit (Rust).
Snyk (comprehensive scanning).
Dependabot (automated PRs).

Frequency

Automated: Daily.
Manual review: Weekly.
Full audit: Monthly.

Performance metrics

Measurement infrastructure

Metric

Collection method

Latency

Synthetic monitoring from 10+ global locations

Uptime

External monitoring (Datadog, Pingdom)

Error rates

Application performance monitoring

Resource utilization

Infrastructure metrics (Prometheus)

Reporting cadence

Report

Frequency

Availability

Uptime

Real-time

status.zyber.app

Latency

Hourly

Internal dashboard

Security incidents

As needed

Post-mortems published

Penetration test summary

Quarterly

On request

Compliance framework

Data handling

Principle

Implementation

Minimization

Collect only necessary data

Purpose limitation

Use data only for stated purposes

Storage limitation

Delete data when no longer needed

Integrity

Protect against unauthorized modification

Confidentiality

Encrypt at rest and in transit

Retention periods

Data type

Retention

Justification

Account records

Until deletion request

Service operation

Transaction history

7 years

Legal/tax requirements

Session logs

90 days

Debugging, abuse detection

Workspace data (ephemeral)

0 (deleted on termination)

Privacy by design

Workspace data (persistent)

Until user deletes

User-controlled

Transparency commitments

What we publish

Document

Frequency

Location

Uptime metrics

Real-time

status.zyber.app

Incident reports

As needed

status.zyber.app/incidents

Security advisories

As needed

security.zyber.app

As needed

Announced in app

What we don’t publish

Information

Reason

Detailed vuln reports

Security risk until patched

Raw infrastructure metrics

Competitive/security concern

User behavior analytics

We don’t collect this

Third-party verification

Audits

Type

Provider

Frequency

Penetration testing

Rotating security firms

Quarterly

Infrastructure review

Cloud security specialists

Annual

Code review

Security-focused code audit

As needed

Certifications (planned)

Certification

Status

SOC 2 Type II

Roadmap 2025

ISO 27001

Under evaluation

Contact

For questions about our methodology or to request detailed reports:

Security inquiries: [email protected]
Compliance inquiries: [email protected]
General questions: [email protected]

PreviousDevice Support NextImportant Links

Last updated 1 month ago

Good morning

hashtagMethodology

hashtagPrivacy metrics

hashtagData exposure reduction

hashtagPrompt isolation measurement

hashtagSecurity testing

hashtagPerformance metrics

hashtagMeasurement infrastructure

hashtagReporting cadence

hashtagCompliance framework

hashtagData handling

hashtagRetention periods

hashtagTransparency commitments

hashtagWhat we publish

hashtagWhat we don’t publish

hashtagThird-party verification

hashtagAudits

hashtagCertifications (planned)

hashtagContact

Methodology

Privacy metrics

Data exposure reduction

Prompt isolation measurement

Security testing

Performance metrics

Measurement infrastructure

Reporting cadence

Compliance framework

Data handling

Retention periods

Transparency commitments

What we publish

What we don’t publish

Third-party verification

Audits

Certifications (planned)

Contact