Multi-agent DAG orchestration, purpose-built for enterprise engineering teams Learn more →

Transparency

We will break something. Here's what happens then.

Cendriix is software. Cendriix uses AI models. Both fail sometimes. We're pre-launch, so rather than recount incidents we haven't had, this page sets out the commitments we're binding ourselves to from day one. Incident reporting, postmortems, and vulnerability disclosure will happen inside Cendriix. You should never have to hunt for what went wrong.

Our incident commitments

These are binding. Not aspirational. If we miss one, that is itself a P1.

1
Same-hour public status update
Any incident affecting more than 1% of customers gets a public status update within 60 minutes. Not internal comms, public, at status.cendriix.ai.
2
Public postmortem within 7 days
Every P1 and P2 incident gets a blameless postmortem published within 7 days. Published on status.cendriix.ai. No paywalls. No NDA.
3
No NDA on incidents
We do not ask customers to sign NDAs about incidents. Retrospectives are public. If something broke your business, you are allowed to tell people.
4
Affected-customer notification within 1 hour
If an incident involves any change in data handling, including a suspected breach, a misconfiguration that exposed data, or an accidental query touching another tenant's records, affected customers are notified within one hour.
5
Bug bounty: $250 – $50,000
We pay for unconventional findings, not just CVSS scores. Logic bugs, business-logic flaws, and novel attack paths are in scope. We have never threatened legal action against a good-faith researcher.
6
Coordinated disclosure, 90-day window
Researchers who report to security@cendriix.ai get a 90-day window for us to patch before public disclosure. We will share our patch timeline within 5 business days of receipt. Earlier disclosure if the fix ships earlier.

When something does go wrong

We have no incident history to publish yet, Cendriix is pre-launch. When that changes, this page will not. Every P1 and P2 incident will get a blameless postmortem published on our public status page, with the same detail visible to customers and non-customers alike. No paywalls, no NDAs.

Each postmortem will state the impact, the root cause, and the fix, written for an engineer, not a press release. We would rather you judge us on how we handle failure than on a claim that we never fail.

status.cendriix.ai

What Cendriix tells you when an AI agent gets it wrong

Every model decision is logged: prompt hash, completion hash, model version, confidence score, and the Cendriix agent that invoked it. Nothing is inferred, it is all recorded at call time.

Founders see a plain-English question

For any AI decision above a confidence threshold, founders see: “This was an AI choice, was it right?” with a one-sentence explanation of what the agent decided and why. A yes/no confirms or corrects the record.

Operators see the full model trace in /time-travel

The /time-travel view replays every agent step, prompt, completion, tool calls, intermediate decisions, in order. Inside Cendriix. No log aggregator required.

If an AI mis-ships, rollback and a training ticket

A one-click rollback reverts the agent's output. Cendriix automatically files an internal training-data ticket so the model that made the wrong call is corrected, not silently ignored.

Open commitment ledger

Public promises. Public statuses.

CommitmentTargetStatus
SOC 2 Type I readinessPre-audit, Q3 2026 targetIn progress
Signed model traces, every prompt + completion hashed and attributableCore releaseIn progress
Real-time customer-readable audit log export (streaming NDJSON)Core releasePlanned
Customer-managed encryption keys on data at rest (AWS KMS, GCP KMS, Azure Key Vault)Post-launchPlanned
Self-hosted operator option, run the Cendriix relay entirely in your own VPCPost-launchPlanned
ISO 27001 certificationRoadmapPlanned

Something to report?

Security disclosures, incident feedback, and transparency concerns all go to the same team, and all get a human response, not an autoresponder.