Architecture

Five layers. Defense in depth for AI.

AI adoption is here; governance is not. The KinHelm stack closes the gap with enforcement in the execution path, not policy on paper. Select a layer to inspect it.

Situation report

The governance gap, by the numbers.

67%

of employees use AI tools at work, while only 18% of organizations have formal AI security policies.

Salesforce · 2026
14

distinct AI tools in active use at the average enterprise. IT is aware of four or five of them.

Productiv · 2026
22%

of organizations have faced legal claims tied to AI use; 40% report inaccurate AI outputs.

Optro · 2026

Restrict and wait

Blocking AI until governance catches up drives usage underground into ungoverned consumer tools, increasing risk while sacrificing the mission advantage.

Adopt and hope

Deploying without governance creates sprawling, unaudited AI usage that no one can see, control, or account for.

The third path

Governed adoption: AI capabilities that are useful, with controls that are enforced. Every interaction, every change, every commit passes through the governance layer. There is no alternative path.

The stack

Select a layer to inspect it.

Layer 5 · Lifecycle oversight

WALDO

Weighted Assessment of Lifecycle Drift Oversight. WALDO watches every AI component in the ecosystem, wherever it runs: registry, compliance monitoring, drift detection, and a 0-1000 trust score for each system. It answers the question platform governance cannot: has anything drifted from its approved baseline?

INSPECT WALDO →
Why layers

Each layer answers a question the others cannot.

Kindo asks

Is this interaction allowed?

Identity, role, DLP, model access, and tool-action policy checked on every request before it reaches a model or data source.

Assistant asks

Is this action the user's to take?

The agent operates as the user, never above them, so AI access can never exceed human access.

VILK asks

Is this change safe and approved?

Infrastructure change is planned, reviewed, executed within the operator's privileges, and recorded.

Studio asks

Does this code meet the standard?

No commit without an approved plan and 14 passing validation gates, with security profiles applied at generation time.

WALDO asks

Is the whole ecosystem still trustworthy?

Registry, trust scores, and drift detection across every component, wherever it runs.

Together

Defense in depth

Each layer reinforces the others, closing gaps that would exist if any layer operated in isolation.