Security at Luthor

Privilege deserves an architecture of its own.

Legal files are not ordinary SaaS data. Our rule is simple: state exactly what is protected, expose the trade-offs, and never let the claim run ahead of the control.

Current postureApplication hardening implemented · database rollout pending · CaseSeal in build

01 / Ready for verified rollout

What the enforcement layer protects

These controls are implemented in this release. They become live only after the application and database migration are deployed and the verification checks pass. They reduce exposure; they do not make the server blind to plaintext.

Private matter storage
Files are kept in a private bucket. Browser access is upload-only; reads pass through user and matter checks.
Database tenant invariants
Matter ownership is enforced in database constraints and row policies, not only in route code.
Confidential egress defaults
Court lookup, explicit prompt caching, provider web search, and remote embeddings are off; production AI is blocked until its retention path is evidenced.
Egress firewall
Client identifiers are removed from public legal-research queries before they leave Luthor.
Untrusted-document boundary
A document can provide evidence, never instructions or new capabilities to the agent.
No credentials in URLs
Sessions travel in authorization headers and sensitive responses are marked no-store.

02 / CaseSeal target

Every matter has a seal.

Each file version gets its own encryption key. A matter key opens only for counsel or verified Luthor code working on that exact matter, for an approved purpose, for a limited time.

Autonomous seal

Background work stays on.

Verified Luthor compute may unseal one scoped matter. Every attempt leaves a receipt.

Counsel seal

The server cannot open it alone.

Counsel delegates a one-time session capability. Offline monitoring pauses.

03 / Claim discipline

What must pass before we say “CaseSeal.”

Until these controls are deployed and independently tested, we will not claim end-to-end encryption, zero knowledge, zero retention, post-quantum security, or compliance certification.

  1. 01Per-matter application-layer encryption and HSM-managed keys
  2. 02Attested confidential workers for autonomous background access
  3. 03Phishing-resistant MFA and step-up approval for sensitive actions
  4. 04Lawyer-visible, independently verifiable access receipts
  5. 05Contracted and continuously verified zero-retention AI path
  6. 06Independent application, cloud-policy, and cryptographic assessment

Security questions should get specific answers.

Request access