BeeSystemOpen Agent Platform

Security

Security considerations and best practices for BeeSystem deployments.

Deployment isolation

Each Bee Worker instance runs agent executions in isolation. No state is shared between concurrent agent runs. Tool credentials and memory namespaces are scoped per agent.

API authentication

In production deployments, enable authentication on the Bee Worker and Bee Hive APIs. Use bearer token auth or mTLS depending on your network architecture.

Tool credential management

Tool credentials should be injected via environment variables, not hardcoded in agent specs. Use your existing secrets management solution (Vault, AWS Secrets Manager, etc.) to inject credentials at runtime.

Audit logging

Enable structured audit logging on Bee Worker and Bee Hive for all agent executions. All tool calls, memory reads/writes, and errors are logged with typed structured events. Ship these to your SIEM or log aggregation system.

Self-hosted security

Self-hosted BeeSystem deployments have no external network dependencies. All agent data stays within your infrastructure. BeeSystem does not have access to self-hosted deployments.

Reporting vulnerabilities

Report security vulnerabilities to security@beesystem.io. Do not report security issues via public GitHub issues.