1. Posture
Security posture
Agentic Thinking Limited builds runtime-governance infrastructure for AI agents and coding assistants. The design premise is simple: the products run where the regulated data already lives, they do not extract data, and they produce the audit evidence a security review expects to see.
- No telemetry. The deployed products make no outbound connections to Agentic Thinking infrastructure at runtime. No usage beacons, no crash telemetry, no phone-home.
- No data egress. Events, audit logs, memory, policy packs, DLP matches all stay on the host where you deploy. We do not have the ability to read customer data.
- Local-only inference. CRE-AgentProtect Enterprise L2 runs IBM Granite 4 locally on CPU. No cloud LLM call at decision time.
- Deterministic policy first. L1 is pattern-based and bounded. L2 semantic inference only runs if L1 asks for it. Failure modes fail closed, not open.
2. Data
Data handling
Every agent lifecycle event crosses the HookBus envelope. What happens to that data, in plain language:
What crosses the bus
tool_name,tool_input,tool_resultfrom your agent or coding assistantsession_id,sourcelabel, event timestamp- Subscriber verdicts and reasons
What the bus does with it
- Routes in parallel to subscribers registered in your
subscribers.yaml - Consolidates verdicts (deny wins)
- Returns the consolidated response to the publisher that emitted the event
What is written to disk
- Auditor subscriber: SHA-256 hash-chained SQLite row per event. Location is whatever host volume you mount. Retention is your policy.
- AgentSpend subscriber: SQLite row per event with token and cost counters. Same.
- DLP Filter subscriber: stateless. No persistence unless you enable the match log.
The products are engineered so that the minimum data necessary for a governance decision touches a subscriber. You can disable any subscriber you do not need. You can run DLP Filter at the envelope boundary so regulated data is redacted before any downstream subscriber sees it.
3. Deployment
Deployment topologies
Every target environment a regulated buyer will ask for is supported. No architecture detour required.
Your hardware, your network
Runs entirely inside your data centre. No outbound connections required at decision time. Pull images once at install, operate forever.
all inside your data centre
Your cloud, your VPC
Deploys into your AWS, Azure, or GCP VPC. Private subnets only. No public endpoint required. IAM and KMS integrations follow your existing patterns.
public endpoint not required
No external calls, full stop
Both L1 and L2 decisions run locally. Granite 4 runs on CPU or your own GPU. Fully offline after image pull. Ideal for classified or regulated production.
cloud LLM call blocked
Your data never leaves the host
Events, memory, audit chain, policy packs, DLP matches stay where you put them. No telemetry. No phone-home. What runs on your host stays on your host.
Agentic Thinking servers no access
4. Architecture
Reference architecture
Three canonical deployments. Every production engagement will resemble one of these, or a hybrid.
Single-host
Bus + subscribers + agents on one Linux host. Simplest possible topology, used for development and for single-team regulated deployments. Docker Compose or systemd units. Unix socket or HTTP binding, your choice.
Multi-host / Kubernetes
Bus runs as a Deployment with a Service in front. Subscribers run as sibling Pods registered via subscribers.yaml. Horizontal scaling is trivial: the bus is stateless, subscribers are independent. Persistent volumes for Auditor and AgentSpend SQLite or backed by PostgreSQL.
Air-gap with internal registry
Images mirrored into your internal registry. Bus + subscribers pull only from the internal registry. L2 model (Granite 4) packaged and distributed inside your network. No outbound connections at any point in the request path.
Full-resolution PDF reference-architecture diagrams for each topology, with network boundaries, persistence layout, and secret flow, are available under NDA as part of a pre-sales engagement. Email sales@agenticthinking.uk.
5. Sub-processors
Sub-processors
Our products are not cloud services. They run inside your environment. The sub-processor list below covers only the services Agentic Thinking uses to operate its own business and distribute software. None of them process customer production data.
| Service | Purpose | Data | Location |
|---|---|---|---|
| GitHub, Inc. | Source code, image registry (ghcr.io), issue tracking | Public source, public images, public issues | United States |
| Digital Ocean | Marketing website hosting (agenticthinking.uk, hookbus.co.uk, hookbus.com) | Public website traffic only. No customer data. | London, United Kingdom |
| Let's Encrypt (ISRG) | TLS certificates for marketing sites | Domain names only | United States |
| Namecheap, Inc. | Domain registrar for trademark-protection portfolio | Registrar contact data | United States |
| Cal.com | Demo booking calendar | Booker name, email, slot | United States / EU |
| PrivateEmail (Namecheap) | Inbound/outbound email for @agenticthinking.uk | Business correspondence | United States |
We will notify customers 30 days in advance of any material change to the sub-processor list, as part of the DPA signed with each customer.
6. Disclosure
Vulnerability disclosure
We take security reports seriously and respond fast.
- Report to: security@agenticthinking.uk
- Scope: HookBus (core bus + dashboards), CRE-AgentProtect, CRE-AgentProtect Enterprise, Auditor, AgentSpend, DLP Filter, KB Injector, Session Memory, all publisher shims.
- Response SLA: acknowledgement within 2 business days. Triage and severity within 5 business days. Patch target depends on severity.
- Coordinated disclosure: we work with reporters on disclosure timelines. Safe-harbour policy for good-faith research.
- Public advisories: posted at github.com/agentic-thinking/hookbus/security/advisories
What counts as in scope
- Authentication bypass, token handling, privilege escalation, injection
- Data exfiltration through envelope, subscriber, or dashboard
- Audit-chain tampering that escapes verification
- DLP-filter bypasses against stated patterns
Out of scope
- Attacks requiring host root (you own the host, that's your threat model)
- DoS through unbounded subscriber configuration (operator responsibility)
- Third-party sub-processor issues (report direct to them)
7. Assurance
Assurance & certification posture
Agentic Thinking Limited does not currently hold third-party compliance certifications. The products are today built to the evidence standards that SOC 2 Type II, ISO/IEC 42001, and EU AI Act Article 12 require, so customers can run them inside their own compliance programmes. Formal certification of Agentic Thinking Limited as an organisation is scoped but not yet committed to a specific calendar date; we will publish dates on this page when an auditor engagement is signed. In the meantime we respond fully to vendor security questionnaires (SIG Lite, CAIQ, bespoke) under NDA.
| Framework | Status | What the product delivers |
|---|---|---|
| EU AI Act Article 12 | Product supports | If you are a provider of a high-risk AI system, Article 12 requires automatic event logging from 2 August 2026. The Auditor subscriber produces that record: SHA-256 hash-chained, tamper-evident, exportable. |
| SOC 2 Type II | Scoped, no date | Product supplies the event-level audit trail that SOC 2 auditors ask for. Organisation-level attestation is scoped; date will be committed when an auditor is engaged. |
| ISO/IEC 42001 | Scoped, no date | Technical controls map to ISO 42001 clauses. Product is built to slot into your AI Management System. Organisation-level certification scoped. |
| ISO/IEC 27001 | Under evaluation | Relevant Annex A controls (A.8.15 logging, A.8.16 monitoring, A.8.11 masking, A.8.3 access) covered. Organisation-level certification under evaluation. |
| GDPR | Supports | Product enables data minimisation (DLP Filter), Art. 32 logging, Art. 30 processing records. Legal basis, DPIA, DSARs are your programme. |
| HIPAA technical safeguards | Partial | Audit controls (§164.312(b)), access control (§164.312(a)) met. US PHI-specific pattern pack (SSN, MRN, NPI, DEA) on 2026 DLP roadmap. |
| PCI DSS | Supports Req 3, 7, 10 | PAN redaction (Req 3.3), access restriction (Req 7), logging (Req 10). Other requirements are your network and process programme. |
8. Pen testing
Penetration testing
Independent penetration testing is commissioned annually against the HookBus core bus, CRE-AgentProtect Enterprise, and the enterprise subscriber bundle. The next scheduled engagement is Q3 2026, conducted by a CREST-registered UK firm.
Enterprise customers can request a summary redacted of finding detail under NDA. Raw reports are not distributed, consistent with industry practice.
9. DPA
Data processing agreement & legal
A Data Processing Agreement and Master Subscription Agreement template are available on request. Both are drafted against UK GDPR and EU GDPR standard contractual clauses, with a template Annex I covering the sub-processor list above.
- DPA: email partnerships@agenticthinking.uk — returned within 3 business days
- Master subscription agreement: same channel, same SLA
- Security questionnaires: we complete SIG Lite, CAIQ, and bespoke enterprise questionnaires as part of pre-sales. SLA 10 business days.
- Insurance: professional indemnity and cyber liability cover in place, certificate on request under NDA
10. Contact
Contact
The right person for the right question. All responses from a named human at Agentic Thinking Limited.