One year of Secure by Design by CISA

In January 2025, Kontent.ai proudly signed the Secure by Design Pledge initiated by CISA (Cybersecurity and Infrastructure Security Agency). As we approach the end of 2025, we want to share the concrete steps we’ve taken to honor that pledge and protect our customers.

What we’ve accomplished

Multi-factor authentication

One of the pledge’s core principles is driving MFA adoption. We made this a priority by enabling self-service MFA enrollment for all Kontent.ai users. We’re happy to see users activating MFA on a daily basis to add an extra layer of protection to their accounts.

If you haven’t enabled MFA yet, we strongly encourage you to do so. It takes just a few minutes and significantly reduces the risk of unauthorized access to your content.

Protection against compromised credentials

Default and weak passwords remain one of the biggest security vulnerabilities across the internet. To combat this, we’ve implemented proactive protection that blocks sign-ups and logins using credentials that have been exposed in known data breaches. Powered by Auth0’s Breached Password Detection, this safeguard works silently in the background to prevent account takeovers before they happen.

Reducing identity vulnerabilities

Identity is one of the most important parts of security, so we focused on making authentication more secure. We upgraded how our platform handles logins to better protect against token theft and session hijacking.

These protections run quietly in the background. If we spot signs that someone’s session might be compromised, we immediately shut it down before anything bad can happen. This helps keep your accounts safe when you’re logging in and using the platform.

Faster, seamless security patching

Security vulnerabilities don’t wait for convenient maintenance windows. That’s why we’ve enhanced our patch management process, with a particular focus on minimizing the window of opportunity for attackers.

One significant improvement is our adoption of Windows Hotpatch for our infrastructure. This technology allows us to apply critical security updates automatically without requiring system restarts, meaning our endpoints stay protected and available while our teams can focus on what matters most, which is serving you.

Expanded bug bounty program

Transparency builds trust. We’ve significantly expanded our bug bounty program, bringing additional components into scope including our public SDKs available on GitHub and our Model Context Protocol (MCP) server.

By welcoming security researchers to examine these tools, we’re ensuring that even the components you integrate into your own applications meet the highest security standards.

CVE management for open source components

We’ve established a formal process for managing Common Vulnerabilities and Exposures (CVEs) in our versioned components. While we haven’t identified any security issues in our SDKs to date, we’re prepared to issue CVEs when needed. This ensures complete transparency. If a security issue is discovered—you’ll have clear information that an SDK version is outdated and should be updated.

Enhanced internal security monitoring

Behind the scenes, we’ve made substantial improvements to our security operations. Our enhanced Security Information and Event Management (SIEM) system now collects additional security-related log sources, giving us better visibility into potential threats and faster response capabilities.

Looking ahead to 2026

Our commitment to security doesn’t end with the Secure by Design Pledge. As we move into 2026, we’re continuing our focus on artificial intelligence security and governance. We’ve recently joined the AI Trustworthy Pledge and EU AI Pact, reinforcing our dedication to developing and deploying AI features responsibly and securely.

Security is not a destination, it’s a continuous journey. The Secure by Design Pledge has provided us with a valuable framework for improvement, and we’re committed to building on this foundation in the years ahead.