Causum is engineered for the assumption that it might be wrong.
Six guardrails on every AI action. A cryptographic audit trail. SSO standard. SOC 2 Type II in scope. VPC-bound deployment available. The kill switch is always visible.
The same trust contract for every action.
The autonomy ladder
| Level | Mode | What happens |
|---|---|---|
| 1 | Observe | Output visible, no actions taken |
| 2 | Assist | Drafts runbooks, specs, postmortems; recommends remediation |
| 3 | Supervised | Executes allowlisted low-risk actions; human can override |
| 4 | Autopilot | Runs narrow closed-loop fixes within strict policy bounds |
The six guardrails (on every action)
- 1️⃣
Allowlist
Is this action permitted for this service at this level?
- 2️⃣
Confidence
Does the model confidence meet the per-action minimum?
- 3️⃣
Blast radius
What services / capabilities are affected? Within policy?
- 4️⃣
Approval gate
If approval is required, who authenticated and approved?
- 5️⃣
Pre/post checks
Preconditions verified before; postconditions verified after.
- 6️⃣
Kill switch
Tenant-wide halt one click away, always visible.
Cryptographically chained. SIEM-streamable. Forever-queryable.
Every action — human-initiated or agent-proposed — is signed and chained into an immutable audit log. Stream it to your SIEM (Splunk, Sentinel, Chronicle), query it at any time, retain it forever. The complete record is your evidence trail for compliance, postmortem, and continuous improvement.
Enterprise security defaults, not afterthoughts.
SSO standard
Okta, Azure AD, generic SAML/OIDC. No customer onboards without SSO.
SOC 2 Type II
In scope; certification underway. We'll share the bridge letter on request.
VPC-bound deployment
For regulated workloads — your AWS / Azure / GCP VPC, your data, your encryption keys.
Your code stays your code
Domain Intelligence reads source under explicit policy. No persistence of customer source outside your tenant.
Security brief, security questionnaire, sample DPA — available.
We share these with prospective customers under NDA. Talk to engineering and we'll route you to the right packet.