Skip to content

Security & trust

Lumni sits next to systems that move money and touch customers, so its safety model is structural, not just a promise.

  • Lumni never acts. It reads traces and — only with your permission — systems of record. It cannot issue refunds, send messages, change records, or modify your agents.
  • Verdicts are evidence. A replay verdict or a gate result is information you use to decide. Lumni doesn’t make the decision.
  • Gates fail open. If Lumni is down or uncertain, your release proceeds. Lumni can never become a single point of failure for your deploys. Blocking is strictly opt-in, per gate.
  • Trace-only detection. The five detectors work entirely from the trace — no external calls — which is why they’re safe to run on anonymous input.
  • Public playground. The analyze API captures no PII and is rate-limited per IP. Shareable teardowns are anonymized and time-limited.
  • Least-privilege connectors. Support-tool connectors request the minimum read scopes and cannot write.

For regulated and money-touching deployments, Lumni offers:

  • In-VPC verifier — run the verification layer inside your own network.
  • Self-hosting — deploy Lumni in your infrastructure.
  • SOC 2 and SSO.
  • Append-only evidence ledger as an audit artifact for finance, legal, and compliance.

Lumni is framework-agnostic — anything you can express as a trace works. Native and tested paths include LangChain, LangGraph, CrewAI, the OpenAI Agents SDK, Retell, Vapi, and Zendesk AI, plus anything emitting OpenTelemetry / OpenInference spans.