AI AGENT MANAGEMENT · ALL FOUR LAYERS
Manage every AI agent like production software.
Agents on Azure AI Foundry, AWS Bedrock, Google Vertex AI, Salesforce and ServiceNow — and the agents you build yourself — registered, observed, governed at the gateway and, when autonomy demands it, contained in a sandbox with a kill switch.
An AI agent management platform gives the enterprise one place to inventory, monitor, govern and control autonomous AI agents — regardless of which platform each agent runs on. Agents differ from chatbots: they call tools, write to systems of record and act. Managing them takes more than a dashboard. It takes a registry, a policy point and, for the highest-autonomy agents, runtime containment.
Kosmoy is that platform — hyperscaler-independent, deployed in your own Kubernetes, in production at regulated institutions including Banca d’Italia and Leonardo. Agent management in Kosmoy spans all four layers of the platform: register, observe, govern, contain.
Internal and external agents — two depths of control.
For agents you run inside an Action Capsule, you get the full set — inventory, observability, guardrails, routing, kill switch. For agents on someone else’s platform you get inventory, risk classification and use-case matching, plus observability where the upstream platform exposes telemetry. Same dossier. Two depths of control.
What agent management covers.
One registry across platforms
Internal Capsule agents and external agents on Azure AI Foundry, AWS Bedrock, Google Vertex AI, Salesforce and ServiceNow — one list, one record shape.
Cost and behaviour per agent
Spend, tokens, latency and feedback attributed to each agent. A budget at the gateway warns as the limit nears and can stop a runaway agent.
Policy at the gateway
RBAC, guardrails and budgets applied to every agent call that routes through Kosmoy — configured once, enforced everywhere.
A2A traffic governance
Agent-to-agent calls carry the same policy as LLM and MCP traffic. Identity travels across agent hops that pass through Kosmoy.
Sandbox for what acts
Action Capsules wrap agents in a kernel-enforced sandbox in your own Kubernetes. The only way out is the capsule's gateway.
Kill switch and evidence
Mission Control supervises the fleet: pre-flight authorisation, just-in-time credentials, kill switch. Every action lands on the audit trail.
Module questions, answered straight.
What is an AI agent management platform?
An AI agent management platform gives the enterprise one place to inventory, monitor, govern and control autonomous AI agents — regardless of which platform each agent runs on. It covers four functions: a registry of every agent, observability over cost and behaviour, policy enforcement on agent traffic, and runtime containment for agents that act on systems of record.
Can Kosmoy manage agents built on Azure AI Foundry, AWS Bedrock, Salesforce or ServiceNow?
Yes. The Agents Master Registry connectors pull each platform's agents into one inventory with risk classification and use-case matching. Monitoring applies where the platform exposes telemetry; gateway policy applies to traffic that routes through Kosmoy; full runtime control applies to agents running in Kosmoy Action Capsules.
Do we have to rebuild agents to manage them with Kosmoy?
No. External agents are harvested and registered as they are. Apps and agents that call models switch a base URL — the gateway speaks an OpenAI-compatible API — or use the platform's Bring-Your-Own-Model setting. An Action Capsule is only added when an agent needs containment, not as a precondition for management.
What does the agent kill switch do?
Mission Control can stop any Action Capsule mid-run. The execution lease expires, just-in-time credentials are revoked, and the agent's egress — which only ever went through its gateway — closes. The stop, like every other action, is recorded as an event with timestamp, actor and outcome.
How is AI agent management different from agent building?
Builders create agents — Kosmoy includes a no-code Agent Builder for that. Management covers every agent wherever it was built, including the ones your business units already shipped on other platforms. The platform that builds an agent only sees its own; the management layer sits above all of them.
See agent management end to end.
From harvest to kill switch: registry, traces, gateway policy and containment in one session.