> For the complete documentation index, see [llms.txt](https://docs.midas.app/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.midas.app/security/operational-security.md). # Operational Security Midas implements a rigorous operational security framework to proactively mitigate internal risks: * **Personnel Security & Training:** Every team member undergoes a comprehensive background check prior to joining. To maintain a culture of vigilance, the entire team receives continuous security advisories and specialised training. * **Zero Trust & Hardware Authentication:** We enforce a strict Zero Trust access model across all internal systems. Privileged access to internal environments requires mandatory hardware-backed authentication, ensuring compromised passwords or phishing attempts cannot be exploited. * **Hardened Infrastructure Access:** Access to mission-critical cloud and infrastructure accounts is compartmentalised and restricted to dedicated, hardened "cold" laptops. * **Active Endpoint Monitoring:** All corporate devices are secured by a Managed Detection and Response (MDR) solution, providing 24/7 continuous cyberthreat monitoring, behavioral analysis, and rapid response capabilities. #### **Platform and IT Infrastructure** Midas secures its application layer through strict infrastructure controls and deployment pipelines: * **Environment Isolation:** Staging and production environments are fully isolated, ensuring development activities cannot impact live systems. * **Edge Security:** Cloudflare Enterprise provides DDoS protection, bot mitigation, Web Application Firewall (WAF), Advanced rate limiting, API protection, global CDN caching, DNS security, TLS enforcement and more. * **Verified Authorship**: All Git commits require cryptographic signatures using hardware-backed keys, ensuring verified code authorship and preventing unauthorized alterations. * **Supply-Chain Security:** Integrated security tooling within the CI/CD pipeline continuously scans third-party dependencies and libraries for vulnerabilities prior to deployment. * **Onchain Monitoring:** Blockaid provides pre-execution transaction simulation and active on-chain monitoring to defend against malicious smart contract interactions. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.midas.app/security/operational-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.