Code workspace scans surface AI tools and dependencies as developers commit. Identity, spend, browser, and procurement signals feed the same triage inbox. Discoveries that pass triage land in the AI registry as governed systems with owner, autonomy tier, risk score, and regulatory tier. Native conversation telemetry captures activity even when no third-party gateway is in the loop.
Code workspace discovery surfaces AI tools and dependencies from your codebase as developers commit. AI provider SDKs, model file paths, and prompt template files flag at commit time. Each candidate carries the file path, commit reference, and matched span back to source so reviewers see what fired the discovery.
VS Code extension + repo scans surface AI provider SDKs, model file paths, and prompt template files as developers commit. Scheduled reconciliation deduplicates across scans so previously dismissed discoveries don't flood the inbox on every run.
Okta and Azure AD app-access events surface AI SaaS tools your workforce is logging into. The triage inbox is the same surface as code-workspace discovery; sources fan in.
Move from unknown tool to accountable system owner. Discovery hands off to the registry's responsibility matrix once an owner is assigned and the system is registered.
The library refreshes monthly so the catalog stays current as vendors ship new products, rebrands, and retirements. Discovery flags against the current catalog automatically.
A versioned inventory of every AI system the organization runs. Each record carries autonomy tier, decomposed risk score, named owner, regulatory tier, lifecycle state, EU AI Act fields, GDPR lawful basis, and an audit chain tying every registry write back to evidence. Downstream policies, findings, and risk scoring read from it; one registry record updates every policy that referenced it.
Name, version, model, type, domain, description, data categories, jurisdictions. Named responsible person and RACI assignments. Every change writes a versioned snapshot so any past state can be replayed for an auditor.
Five-tier autonomy scale and a decomposed risk score (regulatory exposure, autonomy, data sensitivity, blast radius, eval coverage, finding density). Quarterly snapshot plus on-demand recompute.
EU AI Act tier, Annex III category, registration number, notified body, CE marking status, conformity assessment date, applicable Article references. Pre-filled from the regulatory mapping where evidence supports it.
Lawful basis (Article 6) with justification text. International transfer records (recipient country, transfer mechanism, SCC reference, recipient entity, supplementary measures) per system.
Lifecycle states (development / staging / production / deprecated / retired) with audited transitions. Every registry write logs an audit entry queryable from the auditor portal.
Policies scope by registry attributes. Findings cite the system that generated them. Risk scores recompute against registry attributes. Auditor portal reads under time-boxed magic-link invitations.
Customer-cloud edge shippers capture AI conversations, redact sensitive data in place, and stream normalized governance telemetry to KoraSafe™. No third-party detection stack required to observe what's running. The shipper itself ships with the next runtime release; the schema and in-app preview are live today.
Run telemetry capture where the conversations already live. Sidecar deployment; no inline gateway required.
Sensitive text is removed at the edge before data leaves the customer trust boundary. PII never reaches KoraSafe™ in raw form.
Tool calls, prompts, outputs, and policy actions share one schema. Downstream guardian routing and policy enforcement see consistent records regardless of source.
KoraSafe™ can detect and govern even when no third-party detection tools are deployed. Federation works alongside the native shipper, not as a substitute.
Code workspace discovery (VS Code extension + repo scans) is live. Identity sources (Okta + Azure AD) run in opt-in Preview. Registry CRUD, versioned snapshots, owner + RACI assignment, autonomy tier, decomposed risk score, lifecycle state transitions with audit logging, EU AI Act tier and Annex III plus Article references, GDPR lawful basis and international transfer records, sector-pack association, and the auditor-portal read surface all live in Preview. Quarterly risk snapshots run on a fixed schedule (January, April, July, October). Spend (AWS CUR + procurement CSV imports), browser telemetry (opt-in extension), and the customer-cloud conversation telemetry shipper land in the next platform release. Your team owns the triage decisions and the owner assignment; KoraSafe™ finds the candidates and captures the evidence.
Code workspace discovery + registry + auditor read
Identity sources + native conversation telemetry schema
Spend + browser sources + customer-cloud shipper
Discovered AI across ChatGPT, Claude, Gemini, copilots, and developer tools. Every find lands as a registry entry with owner and risk.
Start your free trial for onboarding. Discovery feeds the registry; the registry feeds policy, findings, risk; native telemetry observes everything in between.
