LiveX AI agent is basically a piece of Javascript code injected to the website. So essentially the question is how to assure LiveX Javascript won't bring security hole.
First, LiveX Javascript itself doesn't attempt to collect any sensitive data (such as cookie). There is no security risk for legitimate LiveX Javascript.
Second, if the LiveX system is hacked, and the Javascript is replaced by hacker, then the replaced Javascript can do something bad. We have multiple protection against such risk:
- Our Javascript server is deployed in Google Cloud, and we have strict access control on the deployment process.
- We implement different security mechanisms and we are SOC2 compliance. For example, our code and docker get security vulnerability scan periodically.
- We implement monitoring system to monitor the integrity of the Javascript.
Meanwhile, our customer can add additional security control on any 3rd party Javascript. For example, a popular approach is to use CSP (Content Security Policy), to make sure the 3rd party Javascript doesn't send data to any unauthorized domains. This can prevent any hacked Javascript to steal sensitive data easily.
Comments
0 comments
Please sign in to leave a comment.