Airtable operates a no-code app platform handling workloads for more than 500,000 organizations including 80% of the Fortune 100 - companies like AWS, Walmart, HBO, and Netflix. The threat model is straightforward: massive enterprise data exposure through interfaces designed for ease-of-use over strict access controls, sprawl across departments building their own apps without IT oversight, and AI capabilities analyzing documents at scale with inherent model risks. The platform combines spreadsheet-style interfaces with relational databases, layering on AI agents and automations that can make complex decisions and parse documents - positioning governance and security as table stakes, not add-ons.
The infrastructure runs on AWS with PostgreSQL, Redis, and Kubernetes orchestration, using Terraform for deployment. The stack includes Node.js and React on the frontend, Python in the backend, and integration with large language models powering features like Omni (an AI app builder) and Field Agents (document analysis and automation tooling). Docker containerization supports the multi-tenant architecture. Security engineering here means defending a platform where non-technical users ship production apps in minutes - the attack surface includes user-generated schemas, AI model outputs, third-party integrations, and the automation logic itself.
The security posture has to accommodate both the "anyone can build" promise and enterprise compliance requirements. That means tooling for identity management across distributed teams, data governance frameworks that scale with customer-defined schemas, and monitoring for both traditional exploits and AI-specific risks like prompt injection or data leakage through model responses. The company positions enterprise-grade security as core to the product, suggesting investments in access controls, audit logging, and compliance certifications necessary for Fortune 100 deployments.