# Core Security Principles

* Surge’s security posture is structured around architectural constraints rather than procedural controls.

  **Non-Custodial by Design**\
  Surge does not assume custody of user assets or private keys. Asset control remains external to the protocol’s execution boundary.

  **Layered Containment**\
  Security boundaries are enforced at multiple architectural layers. A compromise in one component does not automatically grant authority over ordering, execution, or settlement.

  **Zero Implicit Trust**\
  Access and authority are conditionally granted based on measurable state and defined validation rules. No participant or component is granted unilateral execution or settlement authority by default.