V2Cloud

V2Cloud provides documented VM-level isolation: 'Every virtual machine is established within its own isolated private network, meticulously configured to ensure no incoming ports are open.' Data security page describes encryption at rest via RAID-1 and SSL/TLS for connections. However, there is no mention of whether data is used for AI model training, no specific log sanitization for OpenClaw agent outputs, and no documented employee access controls or audit trails. The per-VM isolation is a genuine architectural benefit for preventing cross-user contamination.

V2Cloud's OpenClaw page describes the VM as 'a secure, isolated sandbox that encapsulates the assistant' which provides some separation from the user's local machine. However, there is no mention of hardware-enforced sandboxing within the VM, no prompt injection defenses, no human-in-the-loop for agent goal changes, and no memory integrity protection. The VM isolation helps with container escape prevention at the hypervisor level, but OpenClaw-specific agent hijacking risks are not addressed at all.

The OpenClaw page uses a 'Bring Your Own Intelligence' model where users 'connect your preferred LLM API keys—such as Anthropic, OpenAI, or Google Gemini.' However, there is zero documentation about how these API keys are stored within the VM, no mention of encrypted credential storage, no credential leak detection in agent outputs, and no credential rotation management. Users are essentially on their own for credential management within their VM instance.

No information was found about guardrails for autonomous agent behavior. There is no mention of rate limiting for agent actions, no kill switch, no behavioral monitoring, no least-privilege enforcement for agent tools, and no resource consumption limits specific to agent operations. The OpenClaw page focuses on the VM as infrastructure but provides zero agent-level governance or safety controls.

V2Cloud documents solid backup practices: 'Our system automatically captures daily snapshots of your entire virtual environment. These snapshots are retained for 7 days.' Backups are 'stored offline in a geographically separate secondary location' for ransomware protection. Terms state data is erased within 7 days of termination. A 99.95% SLA is offered with service credits. However, Terms explicitly state 'no backup plan offers an absolute guarantee on the success or speed of data recovery' and V2Cloud 'expressly excludes liability for any loss of Data no matter how caused.' No data export tooling is mentioned.

Pricing is transparent with clear tiers from $25/mo to $240+/mo. FAQ states 'the price you see is the price you pay. We will not charge for over usage, Internet bandwidth or technical support.' Terms guarantee 30 days advance notice for fee changes. However, there are no hard spending caps on API usage (users bring their own keys), and no usage monitoring or alerting is documented for agent resource consumption within the VM.

V2Cloud is a registered Canadian company (Quebec) with published Terms and Privacy Policy. Data centers undergo compliance audits for 'HIPAA, PCI, and SOC standards' but these certifications belong to the data center partner (OVH), not V2Cloud itself. Terms include a DPA reference and mention of GDPR compliance. There is no documented incident response process, no breach notification timeline, and no agent action audit trail. The 99.95% SLA provides some accountability framework with defined service credits.

No information found about dependency scanning, MCP server vetting, build pipeline integrity, SBOM, or any supply chain security practices. V2Cloud hosts in OVH data centers and uses hypervisor technology, but there is no documentation about how the OpenClaw framework is installed, updated, or verified within the VM, nor about third-party tool vetting for agent extensions.

The platform demonstrates documented security controls: MFA and SSO with SAML support, SSL/TLS HTTPS encryption for all connections, RDP over SSH tunneling, brute-force lockout mechanism after failed login attempts, Anti-DDoS protection on all public IPs, and UFW firewall on every VM. However, there is no mention of independent security testing or penetration testing, no SSRF protections documented, and no authenticated inter-agent communication (since each agent runs in its own VM, this is partially mitigated by architecture).

No information found about any measures to address AI output reliability, hallucination prevention, approval workflows, undo/rollback capabilities, or output verification. V2Cloud positions itself purely as infrastructure and does not address any AI-specific trust or misinformation risks.