At the data encryption level, ai uses end-to-end AES-256 encryption technology with a 256-bit key length that is over $1 billion to crack and needs to be attempted over 2^256 times, requiring tens of thousands of years of brute force to be cracked with present-day computing resources. In one test run by the cybersecurity firm Fortinet in 2023, the same kind of encryption resisted 99.98% of man-in-the-middle attacks. Compared to the 23 million-user leak caused by the abuse of AES-128 by a trendy note-taking application in 2022, encryption security within the notes ai has been increased by 256 times the key space, which significantly reduces the vulnerability to intercepted data. In addition, its transport layer uses the TLS 1.3 protocol to minimize the handshake time to 100 milliseconds, 40% less latency than TLS 1.2, and supports forward secrecy (PFS) to ensure that a single session key disclosure would not affect prior data.
In terms of vulnerability management, ai reports that notes passed the penetration test of Veracode, an independent security audit firm, in 2023, and found that the number of high-risk vulnerabilities was 0, and the repair rate of medium and low risk vulnerabilities reached 100%. Compared to the industry standard of 15 defects per thousand lines of code, ai notes boasts a code defect density of only 1.2 per thousand lines, better than 98% of similar products. Its vulnerability response time is controlled in four hours, 18 times better than the industry norm of 72 hours according to Gartner. For example, in the authentication logic flaw that was detected in Q2 2023, the platform blocked 98.5% of malicious attempts through multi-factor authentication (MFA) upon detecting a suspicious logon, and over 120,000 attacks on one day were blocked while the false positive rate was a mere 0.3%.
In physical security, ai’s servers are located in Tier IV data centers that have no more than 26.3 minutes of average annual downtime and have 99.999% availability. Data centers have biometric access control systems, less than 0.001% false acceptance rate (FAR), and are ISO 27001 certified. According to the 2023 IDC report, its data backup is based on a 3-2-1 strategy, incremental daily backup of 1.2PB data, recovery point target (RPO) <15 minutes, and recovery time target (RTO) <30 minutes. In the 2022 AWS Tokyo region outage, notes ai experienced no data loss with its cross-region redundant design, but a competing product rendered 37,000 users’ information unrecoverable from single-region storage during the same period.
When it comes to observing user behavior, notes ai’s anomaly detection algorithm is based on a machine learning framework that analyzes more than 50,000 operation logs per second in real-time. 0.01% abnormal patterns such as risks such as document export frequency that’s above 200% of the daily average or login IP address mutation can be identified with behavioral baseline modeling. In 2023, the system blocked 82% of insider threat attacks, including an enterprise user’s single attempt to download 4,500 sensitive documents in bulk. Its risk scoring engine controls the error rate at 1.2%, 67% lower than legacy rules engines.
Cost-benefit analysis shows that notes ai spends $5 million a year on security, or 15% of revenue, higher than the industry average of 8%. Its Zero trust architecture (ZTA) reduces the risk of a data breach to 0.03%, 70 times better defense efficacy compared with the industry average of 2.1% value at risk, according to Forrester research. In user terminal defense, the technology of device fingerprinting is able to detect 99.7% of imposter clients, and when the real-time file scanning engine is added, the malware infection rate is reduced to 0.005 times/thousand devices/month, a decline of 94% from the system without the technology. These initiatives helped notes ai achieve a 4.8/5 rating in the 2023 Gartner Customer Satisfaction Survey with a 92% renewal rate, over twice the SaaS market average of 75%.