Today, we're proud to share that Aave Labs has successfully achieved SOC 2 Type II attestation across the Trust Services Criteria of Security, Availability, and Confidentiality. As a software company contributing to the Aave Protocol, Aave Labs requires resilient systems, clear controls, and responsible information handling. This attestation confirms the effectiveness of our development and operational methodologies, processes, safeguards, and the software produced under those controls.

What is SOC 2 Type II?

SOC 2 is an audit framework developed by the AICPA that evaluates an organization's controls for security, system availability, and the handling of sensitive information. A Type II attestation assesses whether those controls operated effectively over a defined period of time, as opposed to a single point-in-time review.

For Aave Labs, the audit covered the methodologies behind our software development and operational practices, confirming that our processes meet a consistent standard of rigor.

Why This Matters

As the onchain economy continues to mature, expectations from users, partners, institutions, and counterparties are changing. Technical excellence alone is no longer enough. Teams operating in Web3 are increasingly expected to demonstrate mature internal controls, dependable processes, and a strong approach to confidentiality and operational resilience.

That is particularly relevant in the context of Aave's broader direction toward institutional and enterprise-grade use cases, including initiatives such as Aave Horizon and the protocol's evolving approach to governance, risk management, and market architecture. Aave's public positioning increasingly emphasizes institutional-grade compliance, robust risk controls, and transparent governance.

We will continue to use these same standards and practices across all products and services including Aave Pro, Aave Kit, Aave App, and anything else we build.

Looking Ahead

Maintaining attestation requires continuous testing and refinement of controls. Aave Labs treats this as a standard part of operations, built into how we develop and ship software. Aave Labs remains committed to advancing Web3 infrastructure with the discipline, reliability, and operational maturity that serious market participants expect.

Achieving SOC 2 Type II across Security, Availability, and Confidentiality is a meaningful validation of that approach. It reinforces our commitment to high standards internally and supports the broader institutional, governance, and risk-aware direction of the Aave ecosystem.

We're proud of this milestone and grateful to the teams whose work made it possible.