SECURITY

Security that's built in, not just promised.

Most software asks you to trust it. Kin Agent is built so you don't have to. The controls below aren't policies someone follows — they're walls built into how Kin Agent works. There is no code path around them.

Structural, not disciplinary.

There are two ways to make software safe. One is rules the software is asked to follow — and might not. The other is walls: build the system so the unsafe path doesn't exist. Kin is built the second way wherever it matters most. Where we use rules, we say so. Where we built walls, we can prove it.

Works within your rules

A Kin Agent works on its own inside the boundaries you agree. The moment something falls outside them, it stops and asks you.

Sensitive information is gated

Everything a Kin Agent sends out is checked first. Anything sensitive waits at the gate for your yes. That includes what reaches the AI itself — it only sees what your rules allow.

Its own sealed machine

Every Kin Agent works inside its own sealed computer. No Kin Agent can see another's work — or another company's.

Logins stay in the vault

Your passwords live in a locked vault. A Kin Agent is signed in for a task and signed out after — it never sees or holds your password.

Everything on the record

Every action a Kin Agent takes is written to a permanent record — what it did, when, and who approved it. Check it anytime. Nothing is off the books.

A second pair of eyes

An independent checker reviews the Kin Agent's work and flags anything unusual — before it becomes your problem.

EVERY ACTION: CLASSIFIED APPROVED LOGGED VERIFIED

When you're ready, ask us the hard questions. We built Kin Agent to answer them with proof, not promises.

FOR YOUR IT TEAM

How it's actually built.

Below is the real architecture — the same picture we draw for a CIO. Plain language stays; the parentheses carry the precise terms.

01One agent, one sealed machine

YOUR ORGANIZATION MAYA ARJUN RIYA isolated micro-VM per agent own network namespace CONTROL PLANE operations only — walled off from your business data row-level isolation per organization and agent other companies — separate by construction

Every Kin Agent runs in its own sealed machine (a Firecracker micro-VM) with its own private network. Agents can’t reach each other’s machines, files, or data — and one company’s agents can’t reach another’s — because no connecting path exists. Isolation is enforced again inside the database (row-level security keyed to organization and agent), so even a software fault in one layer doesn’t open the next. The platform layer that operates the machines is itself walled off from your business data — and isolated per organization all the way down.

02Your logins never enter the agent’s machine

CONTROL PLANE credentials vaulted AGENT'S MACHINE browser session signed-in session injected at the gateway · never stored in the VM password never crosses HELD sensitive action — waits for approval agent proposes · Control Plane disposes

Passwords live in a vault the agent has no access to. When a task needs a login, the platform signs the agent’s session in at the boundary — the password itself never enters the agent’s machine, is never visible to the AI, and is never stored where the agent works. An agent cannot leak what it never held. Anything designated sensitive stops and waits for a human yes before it happens.

03One gate for everything that leaves

AGENT'S MACHINE sealed on every side no second door — by construction web email messages uploads EGRESS GATEWAY classify policy record within rules — proceeds HELD sensitive — held for your approval single controlled exit (inspecting gateway) payload classification before anything leaves

Everything a Kin Agent sends out — every web request, message, file — passes through one gate the platform controls. The gate classifies what’s passing, applies your rules, and records the result. Sensitive payloads wait at the gate for approval. There is no other route out of the agent’s machine; the gate isn’t a checkpoint on one road, it’s the only road.

3bWhat the AI is allowed to see

your passwords task content sensitive payloads the filter never present — vaulted outside the agent's machine classify → your rules HELD waits for approval AI MODEL Resident & Sovereign tiers: routine thinking happens on your own hardware

The AI inside a Kin Agent only ever sees what the structure lets through. Your passwords can’t reach it — they’re vaulted outside the agent’s machine and are never part of what the AI reads. Everything that does go out passes the same single gate: it’s classified against your rules first, and anything sensitive waits for your yes. And for organizations that want the strongest guarantee, the Sovereign tier runs the AI model itself on your own hardware — so even the thinking never leaves.

04The record, and the second pair of eyes

task assigned agent works independent check agent completes the task and responds flagged — back for review independent verification before work counts who · what · when · on whose approval auditable any time append-only record every approval attributed

Work isn’t finished until it’s checked. An independent review step examines the Kin Agent’s output and flags anything unusual before it reaches your live systems. And every action — the agent’s and yours — is written to a permanent record: what was done, when, and on whose approval. Any day, any task, any decision can be audited after the fact.

Ask us the hard questions.

How do you know the agent can't exfiltrate data? What happens when it's wrong? Who can see what? These are the right questions — and the architecture above is built to answer them with proof, not policy. Bring your IT team; we'll walk them through it.

Hire a Kin Agent, onboard it, and watch it dry-run your real work — free. You pay only when you put it on the job.