Risk Register
Effective March 23, 2026. This register documents identified security and operational risks to the Oceum platform, their assessed likelihood and impact, mitigation measures in place, and current status. The register is reviewed quarterly and updated as new risks are identified or mitigations change.
Identified Risks
| Risk | Likelihood | Impact | Mitigation | Status |
|---|---|---|---|---|
| Cross-org data leakage | Low | Critical | Org-scoped queries on every API call, RLS defense-in-depth, membership verification on every request | Mitigated |
| Credential compromise (vault) | Low | Critical | AES-256-GCM encryption, per-org key derivation, blind relay architecture, domain-locked execution | Mitigated |
| Brute-force login attack | Medium | High | Rate limiting, account lockout after 5 attempts, MFA support, login audit trail | Mitigated |
| Dependency vulnerability | Medium | Medium | npm audit in CI/CD pipeline, Security agent daily version monitoring, 48-hour patch SLA | Mitigated |
| Service outage (Vercel) | Low | High | Vercel Pro SLA, self-hosted Docker deployment as fallback, health monitoring via Security | Accepted |
| Service outage (Supabase) | Low | High | Supabase Pro daily backups, self-hosted Postgres as fallback option | Accepted |
| Prompt injection in agent LLM | Medium | Medium | Input tag stripping, intent gating on approval/ticket actions, action whitelist, UUID target validation | Mitigated |
| DNS rebinding (vault proxy) | Low | Medium | String-based SSRF blocklist, DNS resolution verification, HTTPS-only enforcement | Mitigated |
| Insider threat | Low | High | RBAC with 3-tier model, comprehensive audit logging, token revocation, membership verification on every request | Mitigated |
| Meta token expiry (Drift Engine) | High | Low | 60-day expiry monitoring, manual re-auth workflow, alerting on publish failure | Accepted |
Risk Assessment Methodology
Likelihood is assessed as Low (unlikely to occur within a year), Medium (may occur within a year), or High (likely to occur within a year).
Impact is assessed as Low (minor inconvenience, no data exposure), Medium (partial service disruption or limited data exposure), High (significant service disruption or broad data exposure), or Critical (complete compromise of customer data or encryption keys).
Status Definitions
- Mitigated. Controls are in place that reduce the risk to an acceptable level. The risk is monitored for changes.
- Accepted. The risk is acknowledged and accepted because mitigation is not feasible (e.g., vendor limitations) or the residual risk is within tolerance. Compensating controls are in place where possible.
Review Schedule
This risk register is reviewed quarterly by the founding team. Ad-hoc reviews are triggered by security incidents, major platform changes, or new vendor integrations. The last review was conducted on March 23, 2026.
Contact
To report a security risk or request more information, contact hello@oceum.ai.