How We Stay Secure

Security Without the Theater

A lot of products say “we take security seriously” and then hand you a PDF full of buzzwords. We’d rather be concrete: how we isolate your data, how we plug into your existing auth, and what we actually run when we check for integrity. No surface-level fluff—but not a deep dive into every config knob either.

Your LMS, Your Auth

Kernex is built to slot into how universities already work. We support LTI and SSO so students and instructors sign in through your institution’s identity provider. We don’t want to be another username/password silo. That means fewer credentials to leak, and one place for your IT team to manage access. Grades and roster data flow through LTI so we stay in sync with your LMS instead of maintaining a parallel universe.

Data Isolation and What We Run

Course and assignment data are scoped by context: we don’t mix one course’s submissions with another’s. When we run integrity checks—plagiarism (Dolos) and AI detection (KGrader)—we do it on the submission and its peers for that assignment, not across your whole org. Results are stored with the grade record so instructors see them in context; we don’t sell or repurpose that data. Our pipelines are designed so that if a component fails, we fail safely (e.g. no integrity result rather than a wrong one).

Safe Defaults and Transparency

We use environment-backed config for things like API keys and feature flags, and we avoid running more than we need. Integrity and grading run in controlled paths; we don’t execute arbitrary user code in the same place we store credentials. For us, “secure” means isolated, integrated with your auth, and transparent about what we do—so you can trust the platform with real coursework.