AI Governance Enforcement

How Kevros works.

Kevros governs what autonomous AI agents do. Every agent action requires a signed release token before execution. The governance layer is formally verified, fail-closed, and produces tamper-evident evidence of every decision.

Start free Schedule a briefing

Governance operations

Four operations. Complete governance lifecycle.

Kevros implements the full governance lifecycle for autonomous agent actions — from authorization through execution to outcome verification.

Verify

ALLOW / CLAMP / DENY

Agent submits an action request. Kevros evaluates against policies, scores confidence, and returns a deterministic decision with a signed release token. No token, no execution.

Attest

Evidence record

Agent submits evidence of a completed action. Kevros creates a signed attestation record in the provenance chain, linking the action to its governance authorization.

Bind

Execution binding

Binds a governance decision to a specific execution context. Links the release token to the actual action taken — closing the gap between authorization and execution.

Verify Outcome

Outcome verification

Verifies that a completed action matches the original governance decision. Closes the governance loop. Detects drift between authorized and actual behavior.

“Permission before power. Every time.”

Architecture overview

Three outcomes. Fail-closed default.

Kevros sits between your application and your AI agents. Before any agent action executes, it must pass through the Kevros governance gateway. The gateway evaluates the action against formally verified decision boundaries and returns one of three outcomes:

ALLOW

Action is within governance boundaries. A signed HMAC-SHA256 release token is issued. The agent may proceed.

CLAMP

Action exceeds boundaries but can be modified to comply. The gateway returns constrained parameters with a release token for the modified action.

DENY

Action violates governance boundaries. No release token is issued. The agent cannot execute.

This is fail-closed architecture. If the gateway is unavailable, if verification fails, if anything goes wrong — the default is denial. No token, no action.

External enforcement by design

Kevros operates outside the model. Your governance layer does not depend on any model vendor's self-governance, terms of service, or usage policies. Enforcement is external, cryptographic, and model-independent.

Provenance ledger

Every decision. Cryptographically chained.

Every governance decision is appended to a hash-chained provenance ledger. Each record links cryptographically to the previous. Tamper with any record and the chain breaks from that point forward. An auditor can verify the integrity of the entire chain without access to your source code or environment.

Hash-Chained Records

Each provenance record contains the hash of the previous record. Sequential. Append-only. Any break in the chain is detectable.

Post-Quantum Signing

ML-DSA-87 (FIPS 204) digital signatures on provenance blocks. Future-proofs governance evidence against quantum computing threats. Professional and Enterprise tiers. Note: Kevros implements ML-DSA-87 for digital signatures. Kevros does not currently implement ML-KEM (key encapsulation).

Independent Verification

Auditors verify chain integrity without access to source code, infrastructure, or internal systems. The evidence speaks for itself.

Enforcement controls

Formally verified enforcement kernel.

Confidence Gating

Every agent action is scored against configurable confidence thresholds using bounded confidence envelopes (BCE). Actions below threshold are constrained or denied — depending on your policy. Based on published research with formal verification.

Asymmetric Thresholds

Prevents oscillation at policy boundaries. Different thresholds for entering and exiting enforcement states — eliminating flapping.

Sustained Compliance

Safety isn't a point-in-time check. The system verifies sustained compliance over a required duration — not a single momentary passing score.

Deterministic State Management

State transitions are formally verified and deterministic. Every component reaches consensus on current state before transitions. No race conditions.

ML Behavioral Drift Detection

Machine learning confidence scoring detects when agent behavior drifts from established baselines. Alerts trigger before drift reaches enforcement thresholds. Based on the bounded confidence envelope mechanism.

SIEM Export

Export governance events to Microsoft Sentinel, Splunk, or syslog/CEF. Integrate Kevros evidence into your existing security monitoring. Enterprise tier.

Confidence gating and asymmetric thresholds are described in our published research: Bounded Confidence Envelopes for Large Language Model Inference.

Fail-closed by design

When something breaks, Kevros blocks.

Kevros operates through a formally verified state machine. If the system detects an integrity violation — a tampered record, an authorization failure, a state inconsistency — it enters a locked state and blocks all agent actions until a human intervenes. No automatic recovery. No software reset. This is the design, not a limitation.

Integrity violation detected? The system locks.

No auto-recovery. No timeout. A human operator must diagnose the cause and manually clear the fault. For environments where AI agent decisions carry real consequences, this is the only acceptable behavior.

Formal verification

Formally verified. Zero safety violations.

The enforcement kernel is verified using TLA+ formal methods — exhaustive model checking across 32.8 million state configurations. Every reachable state. Every transition. Every interleaving. Zero safety violations found.

What we can state with evidence

32.8 million state configurations verified
Multiple safety properties proven correct
Zero counterexamples found
Published research with reproducible methodology

What we don't claim

—“Certified” — designed to support frameworks, not certified against them
—“Guarantees safety” — reduces risk, does not eliminate it
—“Works with every model” — model-agnostic by design, results vary
—“Endorsed by government” — independent product, no endorsement

Metered billing

Governance cost attribution. Enterprise tier.

Enterprise tier includes metered governance billing with cost attribution across departments, contracts, programs, or business units. Governance usage is tracked and attributable — essential for organizations managing AI deployments across multiple internal stakeholders.

Deployment

Two deployment models.

Start with the hosted SaaS gateway — no infrastructure. When you need tenant isolation, deploy the full enforcement stack in your Azure subscription via Marketplace.

Azure Managed Application

Full enforcement stack in your Azure subscription. Your data stays in your environment. Private network. Tenant isolation. Free Trial included — deploy in minutes, no credit card.

Transact through Azure Marketplace. Microsoft Co-Sell Ready. Custom middleware for Microsoft Semantic Kernel and Agent Framework.

Hosted SaaS Gateway

Hosted at governance.taskhawktech.com. No infrastructure to manage. Start free. All six protocols. Full evidence chain.

Best for: developers, startups, evaluation, production workloads without tenant isolation requirements.

Serverless Containers

Managed container runtime with scaling, managed identity, and logging integration. No VM management.

Azure Storage

Evidence logs stored in Azure storage. Configurable redundancy. Zone-redundant or premium options.

Tenant Isolation

All resources in your resource group. Private credentials. User-assigned managed identity. No shared infrastructure.

See the evidence chain running. Not a slide deck.

Schedule a briefing. We'll show you the governance operations, the evidence ledger, and how Kevros governs autonomous AI agent actions with cryptographic proof.

Deploy Free on Azure Start free (SaaS) Schedule a briefing