Built secure at every layer.

Every KillerBot customer gets their own container running on a dedicated Fly.io machine. Not a namespace. Not a "logical" partition. A separate machine with its own compute, storage, and network stack.

Your instance can't see other instances. Other instances can't see yours. There's no shared database where a query gone wrong could leak data across tenants. The isolation is physical, not just logical.

This costs us more to run. We do it anyway because "multi-tenant with tenant IDs" is how breaches happen.

Data at rest: AES-256. Your conversations, files, agent memory, and configuration are encrypted before they touch disk. The encryption keys are unique per instance.

Data in transit: TLS 1.3 everywhere. Between your device and your instance. Between your instance and AI model providers. No exceptions, no fallback to older protocols.

API keys stored on your instance get an extra layer — they're encrypted in the instance's own keystore. Even if someone got raw disk access (they won't), the keys are still encrypted.

Port 443. That's it. Every other port is blocked at the firewall. No SSH exposed to the internet. No debug ports left open. No "we'll close that later" situations.

Each instance sits behind its own firewall rules. Inbound traffic hits TLS termination first, then gateway authentication. No authentication token, no entry. Period.

We run regular network scans to verify nothing unexpected is listening. If it is, we know about it before anyone else does.

Your API keys — OpenAI, Anthropic, Google, whatever you connect — live on your instance and only your instance. They're encrypted at rest and never transmitted to our infrastructure.

We literally cannot read your API keys. The architecture doesn't allow it. There's no admin panel where we can peek at customer credentials. We designed it that way on purpose.

When you delete your instance, those keys are gone. We don't keep copies. We don't keep backups of customer secrets.

Security patches ship automatically to managed instances. No emails asking you to "please upgrade at your earliest convenience." When there's a fix, it rolls out. Zero downtime.

We pin OpenClaw versions to tested releases. No bleeding-edge surprises. Each update goes through our staging environment before it touches a customer instance.

Managed hosting customers get patches within hours of a security fix. Self-hosted users can pull updates on their own schedule — we publish changelogs and advisories for every release.

OpenClaw's core is open-source. You can read the code, audit it, and verify our security claims yourself. We don't hide behind proprietary walls.

Check it out: github.com/openclaw/openclaw. File issues. Submit patches. We welcome security researchers.

KillerBot adds managed hosting, the dashboard, and billing on top. The core that handles your conversations, files, and agent logic? Open source, MIT licensed.