inis.run
Security

The code-execution layer your security team will sign off on.

inis.run runs untrusted and AI-generated code, each execution in its own hardware-isolated VM, on infrastructure built and run in the EU. This page is for the people who have to approve that — your security team, or your customer’s. Every claim below states what exists today; anything still being built says so.

Working through a questionnaire? Send it to team@inis.run — we answer directly, in writing.

01
Isolation
today

Each execution runs in its own hardware-isolated virtual machine.

Not a container. Every run gets a dedicated VM with its own kernel and its own memory — one customer’s execution never shares a kernel with another’s. VMs are single-use: destroyed after the work, never reissued. For the code you trust least, a session can also drop in-guest administrative privileges.

Proof — A written isolation model your team can review — in progress. Until it’s published, we walk security teams through it directly.

02
Execution log
in progress

A record of what the code actually did — not just that it ran.

Session lifecycle — created, executed, paused, destroyed — is recorded today. We are building the per-execution log on top: every outbound network attempt, allowed and denied, with destination and originating session; hash-chained so tampering is detectable; exportable so you can hand it to an auditor or your customer’s security team.

Proof — Sample export — in progress.

03
Egress control
today

The code reaches only what you allow.

Networking is deny-by-default when you say so: allowlist the exact domains the workload needs, and change the policy on a live session through the API. Enforcement happens on the host, outside the VM — the code inside can’t switch it off.

POST /v1/sessions
{
  "egress": {
    "mode": "deny",
    "allow": ["api.openai.com"]
  }
}

Proof — In the API today — egress policy is part of session creation, above, and readable back at any time.

04
Jurisdiction
fact

Built and run in the EU. EU-owned, no US parent.

inis.run is operated by an EU company on hardware physically located in the EU. There is no US parent entity — and none of the extraterritorial legal reach that comes with one. Your data is processed in the EU and stays there.

Proof — Corporate entity details on request. DPA and subprocessor list — in progress.

05
Data lifecycle
in progress

Your data goes where you put it, and is gone when you say.

Sessions have explicit lifetimes — an idle timeout, a maximum lifetime, a retention window for paused sessions — and a destroy call that deletes the session’s disk and memory state. Every destroy, including automatic expiry, now emits a deletion receipt in the tamper-evident execution log naming what was actually destroyed, when, and why — fetchable per session. Checkpoints you keep are retained on their own separate lifecycle until you (or their own retention window) delete them; receipts for that path are in progress.

Proof — Deletion receipt — session destroy today; checkpoints and templates in progress.

06
The review
today

Pass your security review.

If a customer’s security review is stalling your deal because you run AI-generated or user-submitted code against their data — that is the problem this product exists for. On certifications: SOC 2 is in progress. Nothing on this page claims a certificate we don’t hold.

Proof — team@inis.run — send the questionnaire.

The fastest way to evaluate the isolation story is to run something in it. Found a vulnerability instead? See our disclosure policy.

Get an API key