Embroid
Platform · Security

Secure control for physical devices.

Embroid is designed for real devices and real teams. Local-first operation, scoped permissions, leases, binary validation, and audit logs keep hardware safe.

Security for connected hardware isn't just network security — it's permissions, leases, binary validation, audit logs, and recovery paths. Embroid's security model keeps humans, agents, and CI systems honest without getting in the way.
Why it matters

Physical devices raise the stakes of access control.

A misbehaving script can't just corrupt data — it can brick a board, drain a battery, or run a motor into a wall. Embroid's security model is built around explicit leases, typed permissions, and deep audit trails so every actor can be reviewed after the fact.

Capabilities

What you get

  • Local-first operation
  • Optional connected mode
  • Scoped permissions
  • Leases
  • Audit logs
  • Binary validation
  • Recovery exports
  • Rollback workflows
  • Team access controls
Example workflow

How an agent gets access to a device — safely.

An AI coding agent wants to reproduce a bug on real hardware. The security model turns that into a narrowly-scoped, time-bounded, audited operation.

  1. 01Agent requests a capability token for a specific device and verb set.
  2. 02Human operator approves the token for a short lease window.
  3. 03Embroid issues an exclusive lease; no other actor can drive the device.
  4. 04Agent runs only the verbs its token allows; denied calls are logged.
  5. 05On lease expiry, the device returns to the queue and the session is exported to audit.
{
  "capability": {
    "device_tag": "nrf52-04",
    "verbs": ["flash", "serial.tail", "power.cycle"],
    "expires_at": "2026-04-20T14:30:00Z",
    "operator": "nick@embroid.co"
  }
}
Product support

Which product do you need?

The security model is identical across products. The scope differs with the deployment size.

Embroid Client

Local permissions and audit logs on the workstation. Ideal for individual developers and agent workflows.

Embroid Basic

Adds team access when you enable connected mode. Local audit trail remains the source of truth.

Embroid Pro

Full team controls: roles, scoped permissions, lease policies, and lab-level audit across many devices.

Security & audit

How evidence is captured.

Every lease, every verb call, every firmware hash is preserved locally. Exports are signed session records — usable for internal review, customer support, or regulatory workflows.

  • All sensitive operations are ledger-style events — append-only, time-ordered.
  • Connected mode never takes ownership of local records; it mirrors them.
  • Recovery exports are signed and self-contained — safe to hand off to auditors.
Related

Where security shows up

Agent-assisted firmware

Scoped device access for AI agents.

Shared lab management

Role-based access for shared hardware.

Compliance and release evidence

Audit-ready records for every release.

Platform

Review the security model with our team.

Review the security modelReport a vulnerabilityLogin →