1. Introduction

At Gorilla, we regard the trust our customers place in us as our most valuable asset. We take this responsibility seriously and are committed to delivering the highest level of security to protect their most sensitive information.

This document outlines Gorilla’s security architecture, the design principles that guide our decisions, and the threat model we address to ensure the security of our platform and operations. Our approach is rooted in transparency first, ensuring that our security practices are open to scrutiny, continuously refined, and aligned with industry best practices.

2. Security Design Principles

Gorilla’s security architecture is built on a set of core principles that ensure the highest level of protection for the data we process. These principles guide our design decisions, and we believe that as long as we stay within these guardrails, we are making the right security choices - building a platform that is both resilient and trustworthy.

  1. Openness and Transparency: Security should be verifiable, not just promised. We are open about our security design and invite external scrutiny to ensure that our decisions are sound, continuously improved, and aligned with industry best practices.
  2. Product Security Without Paywalls: Fundamental product security features should be accessible to all customers and not gated behind premium subscriptions. At Gorilla, we ship essential security capabilities - such as IDP integration and audit logs - by default and will continue to expand our product security offering at no additional cost. We remain committed to going the extra mile to accommodate customer-specific needs, ensuring that Gorilla integrates seamlessly into diverse environments and security policies.
  3. No Stored Secrets: We do not store your secrets - ever. While Gorilla analyzes and protects credentials, we never persist them. All sensitive data is handled exclusively in memory during processing, ensuring that customer secrets remain under their control at all times.
  4. Focus on Fundamentals: At Gorilla, we believe that excellence in security comes from mastering the fundamentals. Just as the best professionals in any field refine the basics of their craft, we focus on proven security best practices, reference architectures, and industry standards - because in 2025, there is no excuse for getting the fundamentals wrong. With AI and modern security tooling making security knowledge more accessible than ever, our responsibility is to ensure we apply it rigorously. That’s why Gorilla is built on security-first principles, not security-afterthought fixes. We take a structured approach that includes strong workplace security, layered defenses, and least-privilege enforcement by design. We rely on external validation, continuous monitoring, and a commitment to industry best practices to ensure our security posture remains both effective and transparent.

3. Threat Model

The following are the primary threats that Gorilla's security architecture is designed to mitigate, reflecting our current architecture and focus at the time of writing—namely, the protection of customer 1Password items and the service account credentials we use for sync operations.

Security is never static, and neither is our threat model. As Gorilla evolves, we will continuously refine and expand our understanding of potential attack vectors, bringing more sophistication and depth into how we assess and mitigate risks.

  1. Attacks Against 1Password Items

    Attackers may attempt to gain access to or compromise 1Password-stored secrets (e.g., passwords, documents). While Gorilla does not store these secrets, its sync operations must temporarily handle them for analysis, making this an important consideration for security.

  2. Attacks Against Gorilla Service Account Credentials

    The service accounts Gorilla uses to connect to customer 1Password tenants are a critical vulnerability. If these credentials were compromised, an attacker could directly gain access to the 1Password tenants we aim to secure, making this the highest-risk target in the threat model.

  3. Attacks Against the Web Frontend (e.g. XSS)

    The web interface Gorilla uses to interact with customers is a potential attack surface for cross-site scripting (XSS) and other frontend attacks that could expose customer data and other meta-data, if not properly secured.

  4. Attacks Against User Authentication

    Attempts to compromise Gorilla user authentication through methods like credential stuffing, phishing, or brute force. Protecting the integrity of user logins is critical to securing the platform.

  5. Attacks from the Outside: Vulnerabilities in our Technology Stack

    External attackers could attempt to exploit vulnerabilities in Gorilla’s application layer, the underlying infrastructure or third-party services. This includes potential zero-day exploits in the technology stack that could be used to gain unauthorized access.

  6. Attacks from the Inside: Insider Threats

    Malicious insiders within Gorilla (e.g., developers, operations staff, or customer support) could theoretically abuse their privileged access to internal systems. These insiders could potentially compromise anything ranging from source code, to service accounts or sensitive infrastructure configuration.

  7. Attacks on Third-Party Services

    Gorilla relies on third-party providers for hosting and infrastructure. Compromise of these services (e.g., PaaS providers) could impact the security of the Gorilla platform and customer data.