KOSMOY · THE PLATFORM
Four layers around enterprise AI — inventory, observability, governance and runtime containment. Built as one platform, not four products. Deployed in your own Kubernetes.
Or email sales@kosmoy.com.
Some AI you can only register. Some you observe. Some you govern. Some you contain. One platform — one identity, one policy, one audit trail.
AI INVENTORY
You can’t govern what you can’t see. Every AI system, model, agent and MCP server gets a state, an owner and an audit trail — including agents on Foundry, Bedrock and other external platforms. Each entry is classified under the EU AI Act and feeds the dossier as it evolves.
Modules
AI MONITORING
Kosmoy logs every LLM, MCP and agent call — prompt, model, latency, cost, feedback, guardrail event. The price gap between a frontier model and a small one is often two orders of magnitude; customers regularly cut spend 90% on routable workloads. User feedback by app, negative-feedback rate over time and guardrail alerts feed the dashboard alongside cost.
AI GOVERNANCE
One policy point between your apps and every AI they call — LLMs, MCP servers, A2A agents. Guardrails, RBAC, routing and logging configured once and applied on every call. Approved models exposed through a private OpenAI-compatible API, so existing code keeps working.
AI ACTION CONTROL
When an agent stops just answering and starts calling tools, writing to systems of record or moving money, the runtime needs containment. Each Action Capsule is a Kubernetes-native container plus in-container sandbox; Mission Control supervises the fleet — pre-flight authorisation, JIT credentials, kill switch.
Horizontal tools that span the four layers — used to build, ship and supervise governed AI inside the Kosmoy platform.
Kosmoy Chat
Kosmoy Chat is the human surface for every governed AI interaction. Use it to build chatbots and assistants on top of the Gateway, and to keep humans in the loop when agents run inside Capsules — clarifications, approvals, stop and rerun.
RAG-in-a-Box
Pre-built ingestion pipelines and retrievers so the AI team builds high-performance RAG systems quickly. Connect sources, chunk, embed, retrieve, govern — without rebuilding the same plumbing for every project.
Kosmoy deploys as standard Helm charts into your own Kubernetes cluster. No host changes, no node patches, no custom container runtime. Cloud-portable: Azure, AWS, GCP, or on-prem. Air-gapped deployments supported. Single-tenant by default — your data, your cluster, your network.
Models
External AI
Enterprise systems
Communication
Pre-built connectors. New ones added each release. Custom integrations via the Kosmoy API.
The EU AI Act asks for evidence: Article 9 risk management, Article 11 documentation, Article 12 record keeping, Article 14 human oversight, Article 17 quality management, Article 50 transparency.
Most companies build it by hand — logs from one tool, screenshots from another, exported tickets, attached emails. By the time the auditor asks, the team has spent a quarter rebuilding the trail.
Kosmoy builds the dossier as a side effect of running. Every guardrail decision, approval and override is an event — timestamp, actor, system, outcome. When the auditor asks, the dossier is already there.
| Article | What it requires |
|---|---|
| Article 9 | Risk management |
| Article 11 | Technical documentation |
| Article 12 | Record keeping |
| Article 14 | Human oversight |
| Article 17 | Quality management |
| Article 50 | Transparency |
They share one identity model, one policy model and one audit trail. RBAC defined in Inventory applies at the Gateway and inside Action Capsules. A guardrail configured at the Gateway runs at the Capsule boundary too. Every event from any layer lands in the Insights Dashboard and the AI Act dossier. The layers are different control surfaces, not different products.
Yes. The Agent Registry includes external agents — agents that live on someone else's platform. Kosmoy registers them, classifies their risk under the EU AI Act, and where the platform exposes the right APIs, monitors their activity. You can't always govern an external agent at runtime, but you can always inventory it and capture audit evidence.
The Gateway is policy enforcement at the API boundary. The Capsule is containment at the runtime boundary. The Gateway assumes apps cooperate by routing through it. The Capsule assumes the runtime can't reach anything except through Kosmoy. They share the same control surface — the Action Plane — and the same policy library. You add the Capsule when an agent acts on systems of record, not just generates text.
Standard OIDC and SAML. Tested with Okta, Microsoft Entra ID and Auth0. Group-to-role mapping flows from the IdP into Kosmoy RBAC. Service accounts are issued just-in-time credentials for inter-service calls.
A Helm chart with a small set of services: registries, gateway, action plane, monitoring backend, web console. Stateless services scale horizontally. State is held in a small set of databases — Postgres-compatible — that you provide or the chart can install. Resource footprint scales with traffic; a typical mid-sized enterprise install is in the tens of cores.
Yes. The platform was designed for regulated environments where outbound traffic to vendor cloud is not permitted. All control-plane and data-plane traffic stays inside your network. Updates are applied by your team from a private registry.
Kosmoy Chat is the end-user interface — the chat window your employees actually use. Behind the chat, every conversation is routed to one or more agents built in the Kosmoy Agent Builder, or to external agents registered in the platform. Kosmoy Chat is one front-end. The platform supports any front-end you build.
TLS in transit, end-to-end. Encryption at rest using your KMS provider — AWS KMS, Azure Key Vault, Google Cloud KMS, or HashiCorp Vault. Customer data never leaves the cluster.
Kosmoy emits structured events that ship to your existing log and metrics pipeline. The Insights Dashboard is the AI-native view; your APM stack still gets every event for cross-correlation with the rest of your infrastructure.
Versioned Helm chart. Upgrades are controlled by your team — Kosmoy does not push updates into your cluster. Minor versions ship every two to four weeks; major versions every quarter or so. Backwards compatibility is maintained on the Kosmoy API across minor versions.
Or email sales@kosmoy.com.
