Overview

FAQs

Overview of Frequently Asked Questions about Method Platform.

What deployment models does Method support?

Method supports multiple deployment options to meet diverse security and infrastructure requirements:

  • Cloud Deployments:
    • SaaS - hosted in any region
  • Self-Hosted Deployments:
    • Private Cloud - requires managed Kubernetes and object storage
    • Virtualized Infrastructure - requires a more substantial install
    • On-premise - delivered on dedicated hardware; air-gap optional

How does Method use AI?

  • Data Integration: The majority of Method’s tool are deterministic, however, certain tools that generate unstructured output, such as Living off the Land tools, use AI to extract and normalize details that regex can’t reliably handle. AI is also used to analyze web resources to identify sensitive data at scale.
  • Operator Co-Pilot: AI dynamically adjusts tool parameters based on data in the environment and only suggests executable actions based on what’s discovered. Tool recommendations are based on discovered data, the environment, and uploaded threat intelligence, such as supplemented adversary profiles or organizational context.
  • Operator Chat: Operators can chat in the Cockpit in natural language to ask about issues, tools, objects, or next actions.

Trust and operational controls

The Method platform provides multiple layers of controls that combines technical guardrails, and operational controls.

  • Guardrails
    • Open-sourced tools: All tools are designed as atomic, focused functions to ensure reliability and trusted execution. All of Method’s security tool binaries are open-sourced to provide complete visibility into what’s executing in customer environments.
    • Configurable risk frameworks: Operators can define comprehensive rules of engagement, such no-strike lists and restricted tool executions based on risk controls defined in each operation.
  • Transparency in architecture
    • Strongly typed interfaces: Method’s strongly-typed data model (the Ontology) and atomic tool design create a reliable agent-security-stack interface that fundamentally constrains what AI can do. The Ontology uses strongly-typed objects (like Host, User, Cloud Account) and defined relationships (like “Is Administrator Of”), preventing AI from operating on ambiguous or unstructured data that could lead to unpredictable behavior.⁠

This architecture ensures that while AI can be intelligent about what to do and how to configure tools, it cannot operate outside the safe, pre-defined boundaries of Method’s security framework.

Do we have any accreditations?

We are actively pursuing additional accreditations, including SOC 2 Type 2. Method’s architecture and security practices are being built with federal compliance requirements in mind and we intend to pursue a FedRAMP certification.

Access and permissions

Method currently supports authentication via local credentials as well as integration with enterprise identity providers.

Platform updates

Product release notes are published regularly and cover product improvements, bug fixes, and new feature releases. These are automatically emailed to all user accounts in Method.