Enterprise Solutions
Security Concerns

Security Concerns

Enterprise Security with Bwat

Bwat addresses enterprise security concerns through its unique client-side architecture that prioritizes data privacy, secure cloud integration, and transparent operations. Below is a comprehensive overview of how Bwat maintains robust security measures for enterprise environments.

Client-Side Architecture

Bwat operates exclusively as a client-side VSCode extension with zero server-side components. This fundamental design choice ensures that your code and data remain within your secure environment at all times. Unlike traditional AI assistants that send data to external servers for processing, Bwat connects directly to your chosen cloud provider's AI endpoints, keeping all sensitive information within your infrastructure boundaries.

Data Privacy Commitment

Bwat implements a strict zero data retention policy, meaning your intellectual property never leaves your secure environment. The extension does not collect, store, or transmit your code to any central servers. This approach significantly reduces potential attack vectors that might otherwise be introduced through data transmission to third-party systems. Telemetry collection is optional and requires explicit consent.

Cloud Provider Integration

Enterprise teams can access cutting-edge AI models through their existing cloud deployments. Bwat supports seamless integration with:

  • AWS Bedrock
  • Google Cloud Vertex AI
  • Microsoft Azure

These integrations utilize your organization's existing security credentials, including native IAM role assumption for AWS. This ensures that all AI processing occurs within your corporate cloud environment, maintaining compliance with your established security protocols.

Open-Source Transparency

Bwat's codebase is completely open-source, allowing for comprehensive security auditing by your internal teams. This transparency enables security professionals to verify exactly how the extension functions and confirm that it adheres to your organization's security requirements. Organizations can review the code to ensure it aligns with their security policies before deployment.

Controlled Modifications

The extension implements safeguards against unauthorized changes to your codebase. Bwat requires explicit user approval for all file modifications and terminal commands, preventing accidental or unwanted alterations. This approval-based workflow maintains the integrity of your projects while still providing AI assistance.

Enterprise Deployment Support

For organizations with strict security review processes, Bwat provides comprehensive documentation, including:

  • Detailed deployment diagrams
  • Sequence diagrams illustrating all data flows
  • Complete security posture documentation

These materials facilitate thorough security reviews and help demonstrate compliance with enterprise data handling standards and regulations.

Access Control

Enterprise editions of Bwat (planned for Q2 2025) will include centralized administration features that allow organizations to:

  • Manage user access with customizable permission levels
  • Provision accounts with corporate credentials
  • Immediately revoke access when needed
  • Control which AI providers and LLM endpoints can be used
  • Deploy standardized settings across the organization
  • Prevent unauthorized use of personal API keys

Compliance and Governance

Bwat's architecture supports compliance with data sovereignty requirements and enterprise data handling regulations. The planned Enterprise Complete edition will further enhance governance with:

  • Detailed audit logging
  • Compliance reporting
  • Automated policy enforcement mechanisms

By combining client-side processing, direct cloud provider integration, and transparent operations, Bwat offers enterprise teams a secure way to leverage AI assistance while maintaining strict control over their sensitive code and data.

MCP ServersMCP Overview