Security Best Practices
This guide covers security best practices for individuals and organizations using Blast Office.
Permissions Configuration
Filesystem Access
- Keep filesystem access disabled by default — enable it only when needed
- When granting access, restrict it to specific directories rather than the entire filesystem
- Review filesystem permissions regularly
Internet Access
- Consider restricting internet access for users who work with sensitive data
- Use domain allowlists to limit which sites the AI can access
Tool Access
- Review which AI tools are enabled and disable any that aren’t needed
- Lua scripting, while sandboxed, should be disabled if not required by your workflow
Logging
Individual Users
- Logging is off by default for individual users
- Consider enabling local logging for personal record-keeping
Organizations
- Logging is on by default for organizations — review this setting
- Server-side logging can be enabled for compliance and auditing
- Ensure logging policies align with your data retention requirements
Content Safety
Blast Office includes built-in content safety filters: