AI Safety & Governance

Hard walls between every customer,
checked at storage, network, and runtime

Tenant Isolation is the boundary that says Customer A cannot read, write, or even observe Customer B's data. Hard isolation at the data layer (per-tenant database row scoping plus row-level security), the network layer (VPC and per-tenant routing rules), and the runtime layer (agents, queries, and workflows refuse cross-tenant references by default).

Get Started Talk to Sales

app.novaaiops.com / tenant-isolation

● LIVE

Kill switch · status

GLOBAL

all agents

TENANT

novabank-staging

AGENT

cost-trimmer

14:42operator killed cost-trimmer · tenant=novabank-staging

14:18tenant kill released · novabank-staging

Three Layers

Isolation enforced at storage, network, and runtime

One layer of isolation is one layer of theatre. Nova enforces tenant boundaries at every layer the request touches. Every database row is scoped, every network request is per-tenant routed, every agent and query checks tenant_id before executing. Removing any one layer still leaves the other two as the wall.

✓
Storage layer: per-tenant database row scoping plus PostgreSQL row-level security policies. Even a SQL bug cannot read across tenants.
✓
Network layer: per-tenant VPC routing rules, mTLS between agents, no shared egress paths between tenants.
✓
Runtime layer: agents and queries refuse cross-tenant references by default. Crossing requires an explicit, logged grant.

app.novaaiops.com / tenant-isolation · scopes

Scope reach

agent1 agent · all tenants

tenantall agents · 1 tenant

globalall agents · all tenants

permissionplatform-admin only (global)

permissionorg-admin (tenant)

permissionteam lead (agent)

Default Deny

Cross-tenant attempts fail loudly, not silently

The dangerous failure mode is not "Customer A reads Customer B's data". It is "Customer A reads Customer B's data and nobody notices for six months". Nova logs every cross-tenant access attempt, blocks it at the boundary, and pages the platform team if a pattern emerges. Silent leakage is impossible by design.

✓
Hard fail at the boundary: queries, API calls, and agent tool invocations all 4xx the instant a cross-tenant id is detected
✓
Every attempt audited: blocked attempts write to the per-tenant audit log with the originating user, agent, and code path
✓
Anomaly alerting: repeated cross-tenant attempts page the platform team, not the customer who was the target

app.novaaiops.com / tenant-isolation · safety

Kill semantics

14:42:00operator pressed global kill

14:42:00.432 in-flight tool calls checkpointed

14:42:00.74 long-running tasks rolled back to last checkpoint

14:42:00.9fleet read-only · 0 errors

14:48:12operator released kill · fleet warm-restart

When Isolation Matters Most

Three customer profiles where this is non-negotiable

Tenant isolation is the default for every Nova customer, but for these three profiles it is the deal-breaker compliance and security review will dig into. If you fit one of these, ask sales for the isolation evidence pack.

✓
Regulated multi-tenant SaaS: healthcare, fintech, education, gov-tech where customer data crossing is a reportable incident
✓
Agentic operators: teams running AI agents that reason across customer accounts. The agent must NOT pattern-match across tenants without an explicit grant.
✓
M&A / migrations: consolidating tenants from acquired companies. Hard isolation while old auth flows wind down.

app.novaaiops.com / tenant-isolation · runbook

Suggested runbooks

model regressionglobal · 30m

chaos game daytenant · variable

upstream outageglobal · until clear

noisy single agentagent · until tuned

Audit & Evidence

Every cross-tenant attempt is on the record

For SOC 2, ISO 27001, HIPAA, and customer security reviews you need not only that isolation works, but evidence of every place it could have failed. Every cross-tenant attempt (allowed or denied) is written to the per-tenant audit ledger with the actor, code path, attempt context, and outcome. The evidence pack is a one-click export.

✓
Per-tenant audit log: Customer A's audit log only shows attempts targeting Customer A's data, never anyone else's
✓
Cryptographic chaining: log entries are hash-chained so tampering is detectable on review
✓
Evidence pack export: one-click export for SOC 2 / customer security reviews, signed and timestamped

app.novaaiops.com / tenant-isolation · log

Kill log · this month

global

tenant

agent

avg dwell

22m

apr 22global · model regression · 38m

apr 18tenant · novabank-staging · 14m

apr 11agent · cost-trimmer · 4h

Video walkthrough coming soon

Subscribe to Nova AI Ops on YouTube for demos, tutorials, and feature deep-dives.

Customer A and Customer B never share a row, a route, or a runtime

Tenant Isolation is the wall between them, enforced at three layers and audited on every attempt. Hard separation, default deny, full evidence trail. Built in, not bolted on.

Get Started Request a Demo

Hard walls between every customer,checked at storage, network, and runtime