At Maven AGI, security isn’t just a box to check - it’s our foundation. From fintech and payroll companies (Rho and PapayaPay) to entertainment and travel (TiVo and Tripadvisor), our customers trust us to secure sensitive company and customer data - with privacy and compliance integrated from the start.
Our goal: To stay ahead of evolving security risks and give our customers confidence in how we handle their data.
Here’s a look at how we’re safeguarding customer data at every level.
Building a Strong Compliance Foundation
Throughout my career - from developing enterprise security at Lotus/IBM to scaling Google News to a billion users - I’ve learned that security must be embedded into every layer of a system’s architecture.
This philosophy is at the core of Maven’s information security management system (ISMS), which is designed to meet the highest industry benchmarks, ensuring proactive risk management, data protection, and regulatory compliance.
Maven is ISO 27001:2022 certified, demonstrating our commitment to robust security controls and continuous improvement. This internationally recognized framework provides a structured approach to identifying, mitigating, and preventing security risks across our systems.
The ISO 27001:2022 certification, awarded after an independent audit by Johanson Group, validates that Maven AGI operates with structured, security-first practices, safeguarding both company and customer data against threats and vulnerabilities.
Maven AGI is also SOC 2 Type II compliant, a rigorous framework that assesses the ongoing effectiveness of our security, availability, and privacy controls. Independent annual audits confirm that Maven adheres to high standards of securing, processing and protecting customer data privacy - measures that are not just implemented but consistently maintained over time.
As we continue to strengthen our controls to align with industry and federal standards, we’ll share updates here and on LinkedIn
We’re continuously strengthening our controls to align with industry and federal standards to ensure comprehensive security and compliance across industries. Keep an eye on our website, Trust Center and LinkedIn for regular updates.
Privacy and Data Protection by Design
While building Google News, I saw firsthand how balancing personalization with strict privacy controls is critical to maintaining trust at scale - an approach that’s central to how we build at Maven.
Maven’s data protection approach follows a privacy-by-design framework, ensuring that we collect only what is strictly necessary to provide and secure our services.
Key measures include:
Minimal Data Collection: We only collect what’s absolutely necessary for operations and security, reducing exposure and unnecessary risk.
Anonymization & Pseudonymization: We employ techniques that make personal data untraceable whenever feasible.
Content Safety Detection: We detect and block harmful content (i.e., violence, hate, sexual, self-harm content).
Jailbreak Detection: We detect and block security vulnerabilities where users attempt to manipulate Maven into bypassing safety protocols, exposing restricted data, or executing unauthorized actions.
No External Model Training: Maven does not use user data to train foundation models or APIs utilized within our platform. Our users' private information remains secure and is only used for the services we provide.
Our AI models also prioritize explainability, giving organizations visibility into how responses are generated - a critical feature for industries that require transparency in automated decisions.
Beyond the Basics: Security Measures That Adapt to New Threats
To combat an ever-evolving threat landscape, Maven AGI implements a multi-layered, proactive security strategy designed to continuously identify, mitigate, and prevent vulnerabilities while ensuring the highest levels of data protection and compliance.
As part of our proactive security strategy, Maven conducts internal “red teaming” exercises that simulate how a malicious actor might attempt to exploit or manipulate our AI systems. These stress tests help us uncover edge-case vulnerabilities and unintended behaviors that standard frameworks might miss, allowing us to stay ahead of emerging threats and continuously strengthen our defenses.
Maven’s security approach also includes:
End-to-End Encryption: HTTPS/TLS for data in transit and AES-256 encryption for data at rest.
Two-Factor Authentication (2FA): Extra security for agents and admins via SMS or authenticator apps.
Role-Based Access Control (RBAC): Ensuring only authorized personnel can access AI-generated insights.
Vulnerability & Patch Management: Continuous scanning and updates to address security risks proactively.
Software Composition Analysis: We scan and monitor dependencies to manage vulnerabilities.
Third-Party Penetration Testing: External assessments help us identify and mitigate vulnerabilities.
Adapting to Customer Needs
We know that every customer has unique data and security needs. We work with you to meet them - whether it’s implementing a preferred authentication method or integrating additional security solutions.
When working with Maven, customers can expect:
A Strong Security Foundation – We have a robust security framework in place, ensuring your data is protected from day one.
Customizable Security Controls: We adapt and expand security measures based on your specific needs, including integrating new tools and protocols.
Collaborative Approach: Our team works closely with you to understand your data security requirements and ensure smooth integration with your existing workflows.
By combining flexibility with a strong security foundation, we help our customers confidently meet their compliance obligations while ensuring their data remains protected.
To learn more about how Maven AGI safeguards data for customers like Rho, PapayaPay, Tripadvisor and TiVo, visit our Trust Center or reach out to our team at [email protected].
