Works within your rules
A Kin Agent works on its own inside the boundaries you agree. The moment something falls outside them, it stops and asks you.
SECURITY
Most software asks you to trust it. Kin Agent is built so you don't have to. The controls below aren't policies someone follows — they're walls built into how Kin Agent works. There is no code path around them.
There are two ways to make software safe. One is rules the software is asked to follow — and might not. The other is walls: build the system so the unsafe path doesn't exist. Kin is built the second way wherever it matters most. Where we use rules, we say so. Where we built walls, we can prove it.
A Kin Agent works on its own inside the boundaries you agree. The moment something falls outside them, it stops and asks you.
Everything a Kin Agent sends out is checked first. Anything sensitive waits at the gate for your yes. That includes what reaches the AI itself — it only sees what your rules allow.
Every Kin Agent works inside its own sealed computer. No Kin Agent can see another's work — or another company's.
Your passwords live in a locked vault. A Kin Agent is signed in for a task and signed out after — it never sees or holds your password.
Every action a Kin Agent takes is written to a permanent record — what it did, when, and who approved it. Check it anytime. Nothing is off the books.
An independent checker reviews the Kin Agent's work and flags anything unusual — before it becomes your problem.
When you're ready, ask us the hard questions. We built Kin Agent to answer them with proof, not promises.
FOR YOUR IT TEAM
Below is the real architecture — the same picture we draw for a CIO. Plain language stays; the parentheses carry the precise terms.
Every Kin Agent runs in its own sealed machine (a Firecracker micro-VM) with its own private network. Agents can’t reach each other’s machines, files, or data — and one company’s agents can’t reach another’s — because no connecting path exists. Isolation is enforced again inside the database (row-level security keyed to organization and agent), so even a software fault in one layer doesn’t open the next. The platform layer that operates the machines is itself walled off from your business data — and isolated per organization all the way down.
Passwords live in a vault the agent has no access to. When a task needs a login, the platform signs the agent’s session in at the boundary — the password itself never enters the agent’s machine, is never visible to the AI, and is never stored where the agent works. An agent cannot leak what it never held. Anything designated sensitive stops and waits for a human yes before it happens.
Everything a Kin Agent sends out — every web request, message, file — passes through one gate the platform controls. The gate classifies what’s passing, applies your rules, and records the result. Sensitive payloads wait at the gate for approval. There is no other route out of the agent’s machine; the gate isn’t a checkpoint on one road, it’s the only road.
The AI inside a Kin Agent only ever sees what the structure lets through. Your passwords can’t reach it — they’re vaulted outside the agent’s machine and are never part of what the AI reads. Everything that does go out passes the same single gate: it’s classified against your rules first, and anything sensitive waits for your yes. And for organizations that want the strongest guarantee, the Sovereign tier runs the AI model itself on your own hardware — so even the thinking never leaves.
Work isn’t finished until it’s checked. An independent review step examines the Kin Agent’s output and flags anything unusual before it reaches your live systems. And every action — the agent’s and yours — is written to a permanent record: what was done, when, and on whose approval. Any day, any task, any decision can be audited after the fact.
How do you know the agent can't exfiltrate data? What happens when it's wrong? Who can see what? These are the right questions — and the architecture above is built to answer them with proof, not policy. Bring your IT team; we'll walk them through it.
Hire a Kin Agent, onboard it, and watch it dry-run your real work — free. You pay only when you put it on the job.
✓ Thanks — your interest is recorded. Our team will personally get back to you within 1 business day.