Common questions.

What counts as a user?

Anyone who logs into the Aorka console — technicians, admins, engineers. Endpoints are unlimited on every plan; you are not penalized for connecting more machines.

Is there a free trial?

We offer a guided pilot. We deploy agents in your environment and walk you through the platform over two weeks. No commitment, no card.

How does pricing work?

One flat fee per endpoint covers the whole platform — every feature, the full safety pipeline, unlimited console seats, and a capable AI operator running your chat. The most powerful frontier models are an optional add-on, metered at cost plus a small pass-through fee. And MCP — connecting your own AI subscription — is free. See the pricing page for the details.

Does the AI have unrestricted access to my machines?

No. Every command passes through a three-layer safety pipeline: deterministic regex command filter, AI risk evaluation, and human approval in the browser. Dangerous operations are blocked outright — there is no admin override. You approve every system change before it runs.

What if someone compromises my Aorka account?

Multiple layers limit the blast radius. Scripts scoring above 51 are hard-blocked — no admin can override. Every write operation requires a separate browser-based approval, not just API access. Jobs are cryptographically signed (HMAC‑SHA256) and verified independently at dispatch. New client units start read-only and must be explicitly unlocked. MFA protects sensitive operations. An attacker with a stolen session still cannot run destructive commands through Aorka.

Can the model be tricked into running dangerous commands?

Prompt injection can make a model suggest a dangerous command. It cannot make the safety pipeline approve one. Layer 1 is deterministic regex: it classifies every cmdlet before the model sees it, and no prompt can change a string match. Layer 3 is a human clicking “Approve” in a separate browser session. The model has no ability to click that button. The layers that matter most are not AI.

How are agent updates secured?

Agent updates are signed with an RSA‑2048 private key that never leaves the development machine. The agent verifies the signature before applying any update — a compromised update server cannot produce a valid signature. Updates are pull-based (the agent decides whether to trust the payload) and rolled out in stages, never to the entire fleet at once.

What privileges does the agent need?

The agent runs as LocalSystem — the same privilege level as every other RMM agent. It needs this to manage services, query AD, and install updates. The difference is what controls those privileges: outbound-only connections (no listening ports), plaintext script execution (EDR-visible), machine-bound credential storage, device fingerprinting, and the full three-layer safety pipeline.

What about data privacy?

Your data is tenant-isolated at every layer. Facts, understandings, credentials, and conversations are scoped to your organization and stored on our infrastructure — nothing is retained by Anthropic, OpenAI, Google, or any model provider. AI requests are stateless API calls. Your data is never used to train models.

Do I need to open firewall ports?

No. Agents initiate outbound WebSocket connections only. No inbound rules, no VPN, no port forwarding. If the machine can reach the internet over HTTPS, it can run Aorka.

Is there a detailed security document?

Yes. The security architecture reference covers each threat model in detail — control-plane compromise, prompt injection, supply chain integrity, agent privileges, the Rule of Two analysis, and an honest assessment of residual risk.