PunchLink PunchLink
๐Ÿค– PunchLink AI Security

AI does not change your security level. It maintains it.

Everything your CISO needs to know about PunchLink AI: architecture, guarantees, access rights, compliance.

Who sees what?

๐Ÿญ You (client)

Data owner. See all your projects, KPIs, documents, in accordance with your roles.

  • โœ“ All your projects
  • โœ“ All your modules
  • โœ— Not other clients' data

โš™ L2V (PunchLink)

Host/publisher. Technical usage data only. Support on demand.

  • โœ“ Volume, performance
  • โœ— No routine access to business content
  • โœ— No access to API keys in plain text

๐Ÿค– Anthropic/Microsoft

Conversational engine only. Questions/answers during the session.

  • โœ“ Your questions and answers (chat)
  • โœ— No direct access to PunchLink
  • โœ— No permanent storage

How the MCP connector works

  1. 1. Strict authentication: each API call requires a valid Bearer key, verified via bcrypt in database.
  2. 2. Active add-on check: the key can only be used if the PunchLink AI add-on is active for the user.
  3. 3. Global kill-switch check: L2V can suspend all MCP access instantly in case of incident.
  4. 4. Project membership check: each RPC tool verifies the user is an active member of the target project.
  5. 5. Role-based restriction: create_reserve, submit_situation, validate_situation, invite_member are restricted by business role.
  6. 6. Complete audit trail: each call is logged (user, tool, args hash, success/failure, duration, IP, user agent).

3 red buttons (kill-switches)

๐Ÿ”‘ Revoke a key

By the user themselves. 1 click in Settings. Immediate effect. For suspected theft, employee departure.

๐Ÿšซ Disable a user

By L2V admin. 1 click. All user keys become inoperative. For contract end, business suspension.

๐Ÿ›‘ Global cutoff

By L2V only. 1 click. All users lose AI access everywhere. For security incident or emergency maintenance.

Compared to Copilot alone

Copilot alone (without PunchLink AI)

  • โœ— Knows nothing about your projects
  • โœ— If asked "how many reserves?", it makes things up
  • โœ— Risk of leak if your staff copy data into the chat
  • โœ— No trace of who consulted what

Copilot + PunchLink AI

  • โœ… Access to real project data
  • โœ… Every figure cited has an identifiable source
  • โœ… No duplication: data stays in PunchLink
  • โœ… Complete audit of every action

Key argument for your CISO: Adding PunchLink AI to Copilot means reducing leak and error risks, not increasing them. AI only requests data via tools โ€” your data stays in PunchLink, hosted in the EU, under your control.

Complete PunchLink AI Guide Discuss with your CISO