Detect and stop AI violations.

Catches PII and PHI in prompts, responses, and tool calls. Microsoft Presidio plus native checks back the live detector; redaction policies and framework mapping ship through the same evidence stream as the rest of the platform.

• Regex plus ML. Presidio's analyzers cover the standard entity types; KoraSafe^™ layers context-aware checks for account numbers and internal IDs that drift across customers.
• Redaction policies. Findings route into the redaction pipeline. Customer-cloud redaction outputs ship as a separate evidence channel so PHI never leaves the trust boundary.
• PHI context. HIPAA minimum-necessary detection (§164.502(b)) tags evidence with the regulatory clause, not a generic confidence score.
• Framework mapping. Each finding carries control references to GDPR Art. 5/6, HIPAA Safeguards, and CCPA right-to-know triggers so evidence packages compose without manual stitching.

Regulatory evidence for: GDPR Art. 5 / 25 / 32, HIPAA Privacy Rule §164.502(b), CCPA / CPRA §1798.100, EU AI Act Art. 10, ISO 27001 A.5.34.

Honest state: Live in opt-in Preview. Presidio analyzers, native context checks, redaction routing, and framework cross-mapping all run today. Coming next: multilingual entity coverage beyond English, customer-tuned context rules through the admin UI, per-customer detector profile editor.

Heuristic detection runs today in Preview; partner-backed classifier slots are on the roadmap. Customer-flagged patterns feed back into the eval set and grow the heuristic table over time.

• Jailbreak patterns. Heuristics cover the public jailbreak catalog plus customer-flagged patterns.
• Instruction override. Detects attempts to rewrite the system prompt, escalate tool privileges, or redirect agent goals mid-trace.
• System-prompt leaks. Flags responses that echo internal system-prompt text. Useful when agents serve customers and prompts encode sensitive policy logic.
• Partner roadmap. Partner integrations ship once partner agreements complete and pass internal review.

Regulatory evidence for: EU AI Act Art. 15, NIST AI RMF MANAGE 4.1, ISO 42001 A.6.2.4, SR 11-7 §IV.

Honest state: Live in opt-in Preview. Inline budget under 50 ms p99. Coming next: partner-backed classifier integration, multilingual coverage, per-tenant rule editor.

Native text classifiers run today in Preview. Severity routing lets customer-support flows route self-harm signals to human help rather than a generic block. Multi-modal coverage and partner-backed slots are on the roadmap.

• Violence and harm. Detects explicit instructions for physical harm, weapons assembly, and violence advocacy in prompts and responses.
• Self-harm signals. Surfaces self-harm and crisis language with a separate severity track so customer support flows can route to human help.
• Hate and harassment. Catches targeted harassment, protected-class slurs, and identity-based attacks. Customer-specific allowlists configurable.
• Multi-modal roadmap. Images and audio inputs land in a follow-up phase; the guardian schema already shapes the multi-modal evidence row.

Regulatory evidence for: EU AI Act Art. 5 (prohibited manipulative content), EU AI Act Art. 50 (transparency for generative output), CFPB UDAAP 12 USC §5531, COPPA 16 CFR Part 312.

Honest state: Live in opt-in Preview (text only). Coming next: multi-modal coverage, multilingual rollout beyond English, partner-backed slot for vendor-attested classifier.

Native RAG-aware grounding ships today in Preview. The detector plugs into existing retrieval steps with no additional retrieval call. Broader factual-claim verification is on the roadmap.

• Citation grounding. When the agent emits a citation, the detector checks the cited passage exists and supports the claim. Drift routes to trace lifecycle for review.
• Trace consistency. Compares the final response against the in-trace retrieved context. Claims that drift from retrieval get flagged with the diff.
• RAG-aware. Plugs into existing retrieval steps; reads what the agent already pulled and compares.
• Claim verification roadmap. Broader factual-claim verification against external knowledge sources lands in a follow-up phase.

Regulatory evidence for: EU AI Act Art. 13 (transparency), EU AI Act Art. 15 (accuracy + robustness), NIST AI RMF MEASURE 2.7, FCRA 15 USC §1681e(b), SR 11-7 §V.

Honest state: Live in opt-in Preview. Inline budget under 200 ms p99. Source verification against trusted regulatory sources runs today; coming next: broader claim attribution graphs and per-customer source-trust profile.

Live-traffic disparity monitoring runs today without labeled eval sets; severity routes by regulatory regime and writes evidence into the audit chain with NYC LL 144 and EU AI Act Annex IV mappings attached. Eval-mode hooks still ship for teams that maintain labeled eval sets. Partner-backed metric coverage is on the roadmap.

• Disparate impact. Tracks the 4/5 rule and statistical parity gaps across configured protected attributes.
• Demographic parity. Surfaces parity violations per cohort. Severity weights tune to the regulatory regime.
• Individual fairness. Catches near-duplicate inputs that get materially different outputs. Useful for catching local instability that aggregate parity misses.
• Evaluation hooks. Plugs into existing eval pipelines. Results land in the evidence stream with regulatory mappings attached.

Regulatory evidence for: Civil Rights Act Title VII, ECOA 15 USC §1691, FHA 42 USC §3601, EEOC AI guidance, NYC Local Law 144 §20-870, DOJ ADA AI Hiring guidance, HUD Tenant Screening FHEO guidance, EU AI Act Art. 10.

Honest state: Live-traffic and eval-mode coverage both run today in opt-in Preview. Coming next: partner-backed metric integrations, per-customer protected-attribute editor.

Native statistical detection runs today on a weekly schedule in Preview. Findings carry the prior-period baseline pinned for the human reviewer. Continuous near-real-time scoring and deeper distributional tests are on the roadmap.

• Agent behavior changes. Compares aggregate behavior week over week. Anomalies route into the finding lifecycle for review rather than firing as raw alerts.
• Output drift. Tracks distribution of output classes (refusals, tool calls, completion lengths). Sudden swings surface as drift findings with the diff pinned.
• Prompt-template drift. Detects when a deployed prompt template silently changes (template version, embedded variable, or wrapping logic).
• Replay and alert. Drift findings trigger an evidence-backed replay request to confirm or dismiss the signal.

Regulatory evidence for: EU AI Act Art. 72 (post-market monitoring), NIST AI RMF MANAGE 4, SR 11-7 §VII, ISO 42001 A.6.2.6.

Honest state: Weekly scheduled scan live in opt-in Preview. Coming next: continuous near-real-time drift scoring, deeper distributional tests (KS, MMD), per-customer baseline calibration UI.

Runtime statistical checkpoint live in opt-in Preview. Outliers above the configured sigma threshold trip a finding; auto-pause is opt-in per system. Default frequency threshold 4σ, scale threshold 10x.

• Frequency check. Flags action counts above the configured sigma threshold against a rolling per-system baseline. Tunable per system.
• Scale check. Flags amounts, batch sizes, or write volumes far above median historical scale.
• Target check. Flags new vendors, countries, or activity hours outside baseline. Geography and time-of-day windows learned from the last thirty days of action history.
• Finding detail. Anomaly findings carry the action class, contributing baseline, and deviation magnitude so reviewers see why a behavior tripped.

Regulatory evidence for: EU AI Act Art. 14 (human oversight with automated stop conditions), SR 11-7 §VI (effective challenge + automated kill switches).

Honest state: Live in opt-in Preview. Frequency, scale, and target checks all evaluate today. Coming next: per-action-class custom sigma thresholds in the admin UI, baseline carve-outs for seasonal spikes, break-glass workflow integration.

The SDK calls a checkpoint at POST /api/action/checkpoint before each action. Authority Limiter loads the per-system authority profile and returns allow, hold, or block. In-profile actions continue; over-threshold actions create a review task; unknown scope is rejected.

• Spending limits. Hold for approval when an action amount exceeds the configured threshold. Per-system, per-action-class. Approval thresholds and reviewer roles are policy-controlled.
• Target allowlists. Block actions pointed at vendors, accounts, or systems outside the authorized profile. Allowlists support exact match plus pattern rules.
• Read or write boundaries. Block action modes outside the agent's authorized scope. Read-only profiles cannot promote to write; sandbox profiles cannot promote to production.
• Unified evidence. Authority violations carry the action signal class plus the workflow-task context that authorized the request.

Regulatory evidence for: EU AI Act Art. 14 (human oversight + scope limitation), NIST AI RMF MANAGE 3.2, ISO 42001 A.6.2.3.

Honest state: Live in opt-in Preview. Allow / hold / block decisions, spending limits, target allowlists, and read/write boundaries all enforce today. Coming next: per-action-class custom approval routing, multi-step approval chains, external entitlement integration.

Pairs the runtime checkpoint to an approved task record and an audited reviewer decision. Missing or pending approvals generate a finding in the findings queue; an approved task lets the action through.

• Policy-defined classes. A policy table declares which action classes require human review. Classes can be scoped per system, per agent, or fleet-wide.
• Approval binding. An approved task record must be bound to the same action signature. Reviewer role and approval timestamp are captured in the binding.
• Audited rejection. Missing or pending approvals generate a finding in the findings queue. Each finding carries the policy that fired, the action context, and the reviewer role expected.
• Regulatory alignment. Maps to EU AI Act Article 14 human oversight requirements for high-risk systems. Each decision is captured as evidence the oversight requirement was honored at runtime.

Regulatory evidence for: EU AI Act Art. 14 (meaningful human review), GDPR Art. 22 (right to human review of automated decisions), NYC Local Law 144 §20-870, HIPAA Privacy Rule §164.530.

Honest state: Live in opt-in Preview. Policy classes, approval bindings, and audited rejection all run today. Reviewers receive notifications and complete the approval inside the existing workflow surface. Coming next: per-class custom reviewer-routing rules, expiring approvals with auto-revoke, SLA reporting on approval cycle time.

Browser activity, code commits, identity provider events, and procurement records feed a discovery inbox. Analysts review the matched evidence, register the agent into the inventory, dismiss with reason, escalate, or mark experimental. Every transition writes an audit entry.

• Browser signals. The KoraSafe^™ Chrome extension records access to supported AI tools and LLM provider endpoints. Discoveries land in the inbox with the user, the surface, and the access timestamp.
• Code commit signals. Repository scans flag new AI provider SDKs, model file paths, and prompt template files at commit time.
• Identity provider events. Okta and similar feeds surface OAuth grants and SSO events for AI tools. Shadow grants surface before the tool processes customer data.
• Procurement records. Vendor procurement and SaaS expense feeds flag AI-tool spend not yet in the AI inventory.

Regulatory evidence for: EU AI Act Art. 17 (registration of high-risk AI systems), ISO 42001 A.6.2.1 (AI system inventory), NIST AI RMF MAP 4.2.

Honest state: Discovery and inventory triage live in opt-in Preview. All four signal sources flow into the discovery inbox today. Coming next: per-source signal weighting in the admin UI, auto-classification heuristics for high-confidence discoveries, bulk action on triage queues above a configurable size.