Trust, Security, & Privacy
Vectara Completes Penetration Testing
Vectara, the Trusted GenAI Platform for All Builders, recently completed its annual Penetration Testing as a part of its ongoing security commitment to its customers
March 05 , 2024 by Tony Pecora
Vectara recognizes that its customers care deeply about the security of their data and maintaining complete control over it and its use.
As a part of its security commitment to customers, Vectara has a 3rd party conduct periodic penetration testing of its platform to identify any platform and system vulnerabilities to hacking and data compromise.
A penetration test (pen test) is an authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. Penetration tests usually simulate a variety of attacks that could threaten a business. They can examine whether a system is robust enough to withstand attacks from authenticated and unauthenticated positions, as well as a range of system roles.
The primary objective of Vectara’s pen test was to identify vulnerabilities in the applications affiliated with Vectara and the extent to which these vulnerabilities could be utilized to compromise the application. If a particular vulnerability could be exploited, the consultants analyzed the results to determine the risk it poses to Vectara.
The results of the recent test represented that Vectara maintains a strong security posture. As is typical of a pen test, the test identified several lower-risk vulnerabilities that Vectara has since addressed.
In addition to the pen test, Vectara also recently underwent a 3rd party examination and issued a SOC 2 Type 1 Report which demonstrates it is meeting industry-standard security commitments as well as its security commitments to its customers. Vectara entered its SOC 2 Type 2 Evaluation Period in mid-February, and over the next several months of the evaluation period will demonstrate that it keeps all security measures within compliance on a sustained and ongoing basis.
Vectara maintains the highest standards of data security to include: providing customer-managed encryption keys to manage access controls, providing comprehensive data-in-transit and data-at-rest encryption, and providing customers with the option to process uploaded data into vector embeddings and then discard the original documents and text. For more information on Vectara’s security measures, see its Platform Security webpage, its Security at Vectara webpage, and its Trust Center.
