Security Policy

HeliusOS Triple-Layer Architecture

Every session on Helius Network is protected by three independent security layers:

• Perception Shield — Real-time threat detection monitors all API calls and session data for anomalous patterns, injection attempts, and replay attacks.
• Cognitive Firewall — AI-driven classification engine that learns from new attack vectors and blocks zero-day fraud patterns not seen in training data.
• Sovereign Vault — AES-256-GCM encryption for all stored credentials, session tokens, and API keys. Hardware key binding on HeliusOS desktop installations.

Transport Security

All API communication uses TLS 1.3. HSTS is enforced with a minimum age of 1 year. Certificate pinning is available for Enterprise mobile deployments.

API Key Security

API keys are stored as salted SHA-256 hashes — we never store plaintext keys. Keys displayed in the dashboard are shown once at creation. Use environment variables, never hardcode keys in client-side code.

Responsible Disclosure

If you discover a security vulnerability, please report it to security@heliusnetwork.com. We aim to respond within 24 hours and will coordinate a fix before public disclosure. We do not pursue legal action against good-faith researchers.

HeliusOS Desktop Security Reporting

HeliusOS installed on user machines transmits only anonymised threat signatures to support@heliusnetwork.com. Signatures include: threat category, severity level, and a hash of the affected file path. No file contents, credentials, or personal data are ever transmitted. Reporting can be disabled at any time from the HeliusOS system dashboard.

Bug Bounty

Critical vulnerabilities in the PoL algorithm or authentication system may be eligible for rewards. Contact security@heliusnetwork.com with details.

© 2026 Helius Network