Kynara is the control plane that decides what your AI agents can do — so we hold ourselves to the security bar our customers expect of a control plane. Here's how Kynara is built.
Kynara evaluates structured requests — subject, action, resource, context — not natural language. A prompt injection inside the model cannot change what Kynara receives or how it decides.
If the control plane is unreachable, the SDKs deny by default (fail_closed=True). An agent loses access on failure rather than gaining it.
An agent acting on behalf of a user can never exceed that user's permissions — the effective set is the intersection of both.
Deny-by-default policies, scoped capabilities, and least-privilege tool discovery shrink the blast radius of any single agent.
decisions.check).Every decision — allow, deny, or require_approval — is appended to a SHA-256 hash-chained, append-only log. Each record links to the previous one, so any modification or deletion of a past entry breaks the chain and is detectable on the next integrity check. Logs are queryable and exportable, supporting incident reconstruction and audit evidence (including EU AI Act Article 12 logging expectations). See our guide on agent logging.
Kynara's controls are designed to support your SOC 2, ISO 27001, GDPR, and HIPAA programs — tamper-evident audit, least privilege, encryption at rest, access reviews, and approval workflows map directly to common framework requirements. Enterprise plans include a HIPAA BAA and custom retention. For our current attestation status and to request security documentation, contact us.
We maintain a threat model and conduct security testing of the platform. Responsible-disclosure reports are welcome — see our disclosure policy or email [email protected].
We're happy to walk through architecture, data handling, and our security documentation.