Meet YOLO26: next-gen vision AI.
Ultralytics

Secure by design. Certified at every layer.

Enterprise-grade security across both the Ultralytics Platform and Ultralytics YOLO open-source packages, independently audited and continuously monitored.

Trusted by the world's leading organizations

DuolingoShellSiemensRenaultPhilipsNEURA RoboticsMercado LibreTata SteelFlock SafetyIntelDefense Intelligence AgencyDHLDuolingoShellSiemensRenaultPhilipsNEURA RoboticsMercado LibreTata SteelFlock SafetyIntelDefense Intelligence AgencyDHLDuolingoShellSiemensRenaultPhilipsNEURA RoboticsMercado LibreTata SteelFlock SafetyIntelDefense Intelligence AgencyDHL

Compliance, independently verified

Every Ultralytics Platform plan, free or paid, benefits from the same compliance posture. No tiers on core safety.

Two products, purpose-built security for each

Enterprise solution controls and open-source supply-chain integrity, independently hardened.

Free & Paid plans
Ultralytics Platform
  • ISO 27001:2022 & SOC 2 Type I: full platform in scope
  • Multi-region infrastructure: EU, US and APAC residency regions for dataset and model content data
  • SSO/MFA, role-based access control
  • Vanta-monitored controls with real-time posture
  • External penetration test (2026) available in Trust Center · Letter of Attestation
  • Data Processing Agreement · View DPA
  • SCCs available · documented retention
  • System status · status.ultralytics.com
Open-source AGPL-3.0 & Ultralytics Enterprise license
Ultralytics YOLO
  • Snyk scanning: continuous vulnerability monitoring across code & Dockerfiles
  • GitHub CodeQL: semantic analysis for SQL injection, XSS & complex CVEs
  • Dependabot alerts: automated dependency vulnerability tracking
  • GitHub secret scanning: detects accidentally committed credentials
  • Private vulnerability reporting · Contact us · security@ultralytics.com
  • Software Bill of Materials (SBOM) with every release · View on GitHub

Full-lifecycle security

Three pillars covering every layer of the Ultralytics security posture.

Security & Availability

Encryption at rest & in transit. MFA enforced. Least-privilege IAM. Penetration tested annually.

Privacy & Compliance

GDPR, CCPA. Records of Processing Activities (ROPA) maintained. Vanta data inventory. DPA & SCCs available.

AI Governance

Completed EU AI Act risk assessment. Legal protections for Enterprise datasets and model training.
Dashboard screen showing deployment across 43 global regions with indicators on a world map and feature highlights for custom SLA, dedicated support, enterprise licensing, and on-premise deployment.
Built for enterprise

Vision AI, built to enterprise standards

The most widely used vision AI models in the world, with the licensing, controls, and support to run them in production.

  • Ship faster: audit reports, DPA, and pen test results are self-serve.
  • Deploy anywhere: your infrastructure or ours, cloud to air-gapped.
  • Stay protected: Enterprise License, legal protections, custom SLAs.
Explore licensing

Trusted by global enterprises

Everything became much simpler when we made the step to move to Ultralytics. You can train, predict, and export anything with one line of code.
Ultralytics YOLO models are easy, accurate, and flexible. This helped us reduce patrol time by around 30% on average.
We wanted to improve the accuracy with which our model could classify heterogeneous material classes, while decreasing the amount of manual labor required from our team. Switching to Ultralytics YOLO was the key to unlocking these performance improvements.
The ability to train and deploy Ultralytics YOLO models through the Ultralytics Python package is very solid. Combined with fast inference, it enables us to process images quickly and deliver real-time feedback on construction sites.
With Ultralytics, we've been able to improve speed with higher accuracy compared to other models. The compatibility with various frameworks - CUDA, TensorRT, ONNX, OpenVINO - has been super helpful in fine-tuning the weights in R&D and then optimize them for whatever hardware we have.

Frequently asked questions

  • Ultralytics aligns its security program with industry-recognized frameworks, including SOC 2 and ISO 27001.

    Our security program includes:

    • Formal security policies and procedures
    • Role-based access controls and least-privilege access
    • Encryption of data in transit and at rest
    • Continuous monitoring, logging, and vulnerability management
    • Incident response and business continuity processes

    In addition, we conduct independent third-party security testing, including penetration tests, to continuously assess and improve the security of the Ultralytics Platform.

  • The Ultralytics YOLO codebase is maintained using secure development practices, including:

    • Version-controlled repositories with access controls
    • Peer-reviewed code changes
    • Automated testing and vulnerability scanning before release
  • The curated datasets used for training our Enterprise products are derived from publicly available sources. These datasets are subject to internal review, curation, and filtering to align with applicable privacy, ethical, and licensing standards with particular attention to excluding sensitive or identifiable content such as personal data, protected imagery, or content that may disproportionately affect protected groups.

    Our dataset governance framework incorporates risk controls that align with the data management expectations outlined in Article 10 of the EU AI Act, particularly in regard to transparency, licensing integrity, and downstream traceability.

    Importantly, Ultralytics YOLO models are released as open-source vision AI frameworks and may be adapted, fine-tuned, or deployed across a wide range of domains. Accordingly, deploying entities are responsible for evaluating model behavior and performance within their specific context and for conducting a use-case-specific risk assessment where required, particularly where high-risk use cases are implicated (as outlined in Annex III of the EU AI Act).

  • Ultralytics collects only anonymous information from open-source users for performance monitoring and usage analytics. We ensure that this data remains anonymized and is used solely to improve our tools. For hosted services, we follow strict data privacy practices, clearly outlined in our privacy policy, and maintain transparency on all data usage.

  • Ultralytics maintains a formal incident response process supported by continuous monitoring. In the event of a service disruption or security incident, we provide transparent and timely updates via our public status page, where users can subscribe to receive real-time notifications.

  • Enterprise customers get dedicated support and custom SLAs, legal protections for datasets and model training, and the flexibility to deploy on your infrastructure or ours. See Ultralytics License for details.

  • When using Ultralytics YOLO models outside of the Ultralytics Platform, data is stored and processed entirely within customer-managed environments. Because the customer is responsible for deploying and operating the models, Ultralytics does not process or store inference data, ensuring customers retain full control over their data and governance.

    The Ultralytics Platform runs on multi-region infrastructure with EU, US, and APAC data residency options for datasets and model content data. Data handling, processing, and retention practices are documented in the Data Processing Agreement (DPA).

Start building on a secure foundation

From solo researchers to global enterprises.