Security & Compliance

13 AI Agents Handling LP Data. Here Is How We Protect It.

Dedicated infrastructure per firm, SEC-aware audit trails, and human approval on every external communication. Not a feature list: the architecture that protects your LPs, your firm, and your fiduciary obligations.

Zero Public ExposureHuman Approval on All External CommunicationsComplete LP Data Isolation Per Firm13 Agents Continuously Monitored
Public InternetPF FirewallTailscale VPN MeshAlpheousFully ManagedKnowledgeMP AssistantFund OpsSecurityOps IntelLP Experience

Four Risks Every AI-Powered Fund Must Solve

AI that processes LP data, drafts investor communications, and generates compliance documents creates real risk. Alpheous prevents each one.

LP Data Cross-Contamination

Fund A's LP information appears in a communication meant for Fund B.

Complete data isolation per firm. LP data, fund documents, and investor records cannot cross boundaries at the database level.

Non-Compliant Communications

AI-generated content violates SEC Marketing Rule or contains unsubstantiated performance claims.

Agent 13 (Compliance Review) gates every external communication. Marketing Rule checks, disclaimer verification, and performance claim validation before human approval.

Unsupervised LP Communications

AI sends an investor letter, quarterly report, or email without approval.

Every LP-facing communication requires explicit human approval. No code path bypasses this for external content.

Hallucinated Performance Data

AI invents returns, fabricates fund metrics, or misrepresents portfolio positions.

All performance data sourced from verified systems of record. Human review plus compliance gate catches hallucinations before anything reaches an LP.

Invisible to the Internet

Dedicated infrastructure per firm. Zero public exposure. No website to hack, no login page to brute-force, no open ports to scan. Remote access via authenticated Tailscale encrypted mesh only. Your fund data sits behind infrastructure that does not exist on the public internet.

Nothing Reaches an LP Without Human Approval

Agents research, draft, and prepare. They cannot communicate externally without your sign-off.

Agent Prepares

Drafts LP letter, quarterly commentary, investor email, or LinkedIn post from fund data, market research, and compliance guidelines.

Compliance Gate

Agent 13 (Compliance Review) reviews for SEC Marketing Rule compliance, disclaimer requirements, and performance claim validation before human review.

Human Reviews

Full content, recipient, and fund context posted for review. Approve, Edit, or Reject.

Action Logged

Timestamp, approver, full content, and compliance status recorded. SOC 2 style audit trail on every action.

A

LP Communications Agent

To: sarah@meridiangroup.com

Fund: Fund III

Subject: RE: Q4 Distribution Notice

Following up on the Q4 distribution. The final waterfall calculations are attached. Total distribution of $4.2M across 23 LPs. Please review and approve for distribution.

No exceptions. LP quarterly letters, investor emails, capital call notices, marketing content: human approval plus compliance review required.

Autonomy Is Earned. Never Assumed.

New deployments start at maximum guardrails. Permissions expand after proven reliability.

Weeks 1 through 4

Full Supervision

  • Every draft, research output, and report requires approval
  • System learns your firm's voice, LP communication style, and compliance standards
  • Daily action log for complete visibility into all 13 agents
Weeks 5 through 12

Internal Work Runs Independently

  • Market research, data gathering, and internal analysis run without approval
  • Nothing LP-facing or externally visible runs unsupervised
  • All investor communications still require your approval plus compliance gate
Month 4 and Beyond

You Decide What to Trust

  • Accuracy data lets you release low-risk internal actions from review
  • LP letters, investor emails, quarterly reports, and marketing content always require human approval

Any LP-facing error reverts to full supervision until reliability is re-established.

Complete LP Data Isolation. Per Firm.

ABC

XYZ

QRS

MRD

Agent Query
ABC only

+ Global Knowledge (Regulatory guidance, market data)

Segmented across investor records, fund documents, communications, research data, and compliance files. When an agent operates on Fund A's data, it cannot access Fund B. Database-level isolation.

Isolation persists across all 13 agents and their handoffs. Firm boundaries travel with every agent transfer. LP contact information, fund performance data, investor communications, and compliance records are fully isolated with dedicated data stores per firm.

Your LPs Will Never Know AI Is Involved

AI-generated communications never reveal AI involvement, internal operations, or other fund relationships.

Every outbound draft scanned for AI references, internal tool names, and cross-fund information. Any match blocks the communication before it can be sent.

The system writes in your firm's established voice and tone. It never identifies itself as AI. Investor communications maintain the institutional quality your LPs expect.

A delayed response costs far less than an LP discovering AI involvement in their communications.

Draft Scan

Hi Sarah, thanks for the update on the quarterly letter review. We have reviewed the distribution timeline and the LP communications schedule works for our team.

Every Agent Has Boundaries It Cannot Cross

Each of the 13 agents accesses only the tools and data its role requires.

The Research Writer can access market data but cannot send investor emails. The LP Relationship Agent can draft communications but cannot modify fund documents. The Compliance Agent reviews content but cannot alter performance data.

No agent can expand its permissions or grant access to another. Set at deployment, enforced at infrastructure level. SEC recordkeeping requirements satisfied through immutable permission boundaries.

Technical Deep Dive

For Technical Evaluators

Need the Full Technical Picture?

Our Security Architecture deep dive covers network isolation, agent permissions, credential management, threat mitigation, and every audit system under the hood.

Read the Technical Deep Dive

If Something Breaks, It Fixes Itself

All 13 agents and their supporting services monitored continuously. Failures restart within minutes. Critical issues escalate immediately. Daily encrypted backups of all fund data and audit logs.

Also monitors compliance risks: missed filing deadlines, LP communication delays, stalled quarterly reports. Deduplicated alerts prevent fatigue.

Service Health

Last checked: 47s ago
AI Gateway
Healthy
Email Poller
Healthy
Draft Service
Restarting...
Slack Monitor
Healthy
LP Portal Monitor
Healthy
Email Draft Agent
Healthy
Filing Monitor
Healthy
Meeting Intel
Healthy
Security Agent
Healthy
Infrastructure Monitor
Healthy
Watchdog
Healthy
Cron Dispatcher
Healthy

All Inbound Content Screened Before Any Agent Processes It

Every email, document, and data feed screened through multiple layers: spam filtering, phishing detection, and prompt injection defense. All untrusted input sanitized through a dedicated engine that strips adversarial content before it enters any AI model. Blocked before any agent sees it.

Inbound Content Scanner

Which Agent. Which LP Data. When. What Output.

SOC 2 style audit trail on every action across all 13 agents. Every entry records the agent, the data accessed, the action taken, the output produced, and whether a human approved it. Cryptographically chained via SHA-256 for tamper-evident recordkeeping. Designed for SEC examination readiness.

Questions From Asset Managers

Complete database-level isolation per firm. Each fund's LP data, investor records, communications, and documents exist in entirely separate data stores. No agent can access data across firm boundaries. All data access is logged with firm identifiers, and isolation persists across all 13 agent handoffs. The infrastructure has zero public exposure with no ports, login pages, or attack surface visible to the internet.

Every agent action is logged in a SOC 2 style audit trail: which agent accessed which LP data, when, with what output, and whether a human approved it. All entries are cryptographically chained via SHA-256, making the log tamper-evident. Agent 13 (Compliance Review) gates all external communications for Marketing Rule compliance. Monthly compliance posture reports and weekly deep security audits provide continuous documentation for regulatory examination readiness.

No. Alpheous runs on dedicated infrastructure that is never shared with other firms. Contractual data processing agreements with all AI providers explicitly prohibit training on your data. Your fund data, LP records, and investor communications never enter any training pipeline. The entire system is invisible to the internet with zero public exposure.

The cryptographic audit trail provides a complete, tamper-evident record of every action taken across all 13 agents. For any LP interaction, you can trace backward from the final communication to the data sources consulted, the compliance checks performed, and the human who approved it. Monthly compliance posture reports provide ready-made documentation. The system is designed from the ground up for SEC examination readiness.

Every LP-facing communication passes through two gates before sending. First, Agent 13 (Compliance Review) checks for SEC Marketing Rule compliance, proper disclaimers, and performance claim validation. Then the approved draft goes to a human reviewer who sees the full content, recipient, fund context, and compliance status. Approve, Edit, or Reject. No code path bypasses this for external communications. LP quarterly letters, investor emails, capital call notices, and marketing content all require both compliance and human approval.

All performance data is sourced from verified systems of record, never generated by AI. The compliance gate validates any numerical claims against source data. Human review provides a second layer of defense. When you edit or reject a draft, corrections feed into the agent's memory for continuous improvement. No performance figure reaches an LP without passing through compliance review and human approval.

All credential-bearing files are permission-locked. Configuration drift is monitored against SHA-256 baselines and any unauthorized changes trigger immediate alerts. Weekly deep security audits scan for credential exposure, dependency vulnerabilities, and access control integrity. No API keys are hardcoded; all secrets are externalized and loaded at runtime.

No. Each of the 13 agents has fixed permissions set at deployment. No agent can expand its own access, grant permissions to another agent, or modify security configurations. The Research Writer cannot send emails. The LP Relationship Agent cannot access other firms' data. Permissions are enforced at infrastructure level, not through prompt instructions an AI might ignore.

0

Public Exposure

Invisible to the internet

0

Agents Monitored

Continuous security posture

0%

Human Approval

On all LP-facing communications

0%

Data Access Logged

SOC 2 style audit trail

See the Security Architecture Live.

No PDF. We show you the live system: approval flows, compliance gates, audit logs, and data isolation across all 13 agents.

Every claim on this page is verifiable in the live system.