Your AI agents will fail in production.
You need to know how, when, and why —
before your auditor does.
Real-time governance, OWASP-aligned risk scoring, and EU AI Act-ready evidence — for every session your agents run.
Pre-execution policy gates · Causal investigation · Signed evidence packages
SOC 2 foundations
Architecture aligned to SOC 2 Trust Services Criteria
Open ingestion
HTTP, SDK, OTLP, or framework adapter — your choice
OWASP-aligned
Risk scoring across the Agentic Top 10 dimensions
EU AI Act ready
Evidence mapped to Articles 9, 12, 13, 14, 17
Works with your stack
Drop in. Zero refactor required.
Native adapters and open ingestion for every modern agent framework.
Don't see your framework? Send events with plain HTTP →
Guardian Mode · live action review
Built for what AI ops actually breaks
Stop discovering incidents in postmortems.
Kaplaix sits between your agents and the world — observing, scoring, gating, and recording every action in evidence-grade detail.
Score
OWASP Agentic Top 10, every session.
Real-time risk scoring across 10 dimensions covering prompt injection, excessive agency, supply-chain risk, and resource exhaustion. Every flagged session links straight to the offending event.
Gate
Block before, not regret after.
Guardian Mode evaluates every tool call against your active policy before execution. Approve, deny, or escalate dangerous actions — and trip a circuit breaker on repeat offenders.
Investigate
Why did the agent do that?
Causal-chain reconstruction, narrative summary, and key-moment detection across the full session. Drill from a flagged action down to the exact reasoning step that led to it.
Prove
Signed evidence. Court-ready.
Tamper-evident ZIP exports with PDF report, JSON event log, and a SHA-256 manifest. Aligned to the EU AI Act so your auditor sees exactly what they need.
Who it's for
Three teams, one source of truth.
Different jobs, same blocker: nobody can prove what your AI agents did and why.
Security teams
The problem
Your agents run autonomously in production. You have no idea if they're escalating privileges, exfiltrating data, or about to delete a customer table — until the alert fires at 3 a.m.
How Kaplaix helps
Guardian Mode intercepts dangerous tool calls before they execute. The OWASP-aligned risk engine surfaces anomalies in real time, and a circuit breaker shuts down repeat offenders automatically.
Compliance & audit
The problem
The EU AI Act lands in 2026 and your auditor wants Article 12 logging, Article 13 transparency records, and Article 17 incident reports. Your current logs are unstructured and impossible to defend.
How Kaplaix helps
Every session is a complete, signed evidence package: PDF report, JSON event log, SHA-256 manifest. Article-mapped exports for the EU AI Act, and a SOC 2-aligned audit trail you can hand to a regulator.
Engineering teams
The problem
An agent ran a destructive operation in prod that nobody approved. You have a Slack thread, a half-broken database, and twelve hours to figure out exactly which reasoning step caused it.
How Kaplaix helps
The Investigation Engine reconstructs the causal chain, flags the key moments, and writes a narrative summary of what the agent decided and why. Per-event payload inspection — no black boxes.
Compliance is a feature, not a checkbox
Regulators are coming. We're ready.
Every event is captured, signed, and mapped to a regulatory framework so you spend zero engineering cycles on audit prep.
EU AI Act, mapped to your events
Articles 9, 12, 13, 14, and 17 are auto-mapped from your event stream. Generate an Article-by-Article evidence pack any time an auditor asks.
SOC 2 foundations
Architecture aligned to the SOC 2 Trust Services Criteria from day one: tenant isolation, role-based access, immutable audit log, scrypt-hashed credentials. Certification is on the roadmap.
Evidence Package V3
Signed ZIP exports with PDF report, JSON event log, and a SHA-256 manifest. Tamper-evident, court-ready, and reproducible — the same package an investigator would build.
EU AI Act articles covered today
- Art. 9Risk management system
- Art. 12Automatic recording of events
- Art. 13Transparency & information
- Art. 14Human oversight
- Art. 17Quality management & incident reporting
Pricing
Start free. Scale when ready.
Full capabilities available from day one. No credit card required.
Free
Start instrumenting your agents today.
$0
No credit card required
- Full event ingestion
- Risk scoring engine
- Session investigation panel
- Basic audit export (JSON)
- Community support
Pro
For teams shipping agents to production.
$149
per month
- Everything in Free
- PDF audit export
- Team access & roles
- Webhook alerts on critical risk
- Email support
Enterprise
Custom governance for regulated environments.
Custom
- Everything in Pro
- Custom data retention policies
- SSO / SAML integration
- Dedicated SLA
- Compliance package (SOC 2 evidence)
- Custom risk rule configuration
- Dedicated support
FAQ
Common questions
What types of agent events does Kaplaix support?
Kaplaix supports seven event categories out of the box: identity (session lifecycle), reasoning (agent decisions and objectives), tool_api (tool invocations and results), browser_desktop (UI interactions), data_movement (read/write/delete operations), approval (human-in-the-loop gates), and environment (runtime context like detected production flags). Events are sent via plain HTTP, the typed SDKs, OTLP, or a framework adapter.
How is risk scoring calculated?
Risk is computed at read time across 10 dimensions aligned to the OWASP Agentic Top 10 — covering excessive agency, tool misuse, data exfiltration, prompt injection, supply-chain risk, and resource exhaustion among others. Each session gets a 0–100 score and a severity level (LOW, MEDIUM, HIGH, CRITICAL), with the contributing factors visible in the investigation panel.
Can I block dangerous actions before they execute?
Yes — that's Guardian Mode. Every tool call your agent attempts is evaluated against the active policy before execution. The action is approved, denied, or escalated to a human reviewer based on your rules. Repeat offenders trip an automatic circuit breaker. No code changes beyond adding the SDK or adapter.
Can I integrate Kaplaix without changing my agent code?
Yes. Kaplaix ships native adapters for LangChain, LangGraph, MCP, and OpenTelemetry — all zero-config. If you already export OTLP traces, point your exporter at the ingest endpoint and you're done. If you prefer code, the typed TypeScript and Python SDKs work in 30 minutes.
Is Kaplaix ready for the EU AI Act?
Yes. Articles 9, 12, 13, 14, and 17 are mapped from your event stream into a signed evidence package (PDF + JSON + SHA-256 manifest). When an auditor asks, you generate an Article-by-Article export in a single click. SOC 2 Trust Services Criteria align with the platform architecture; certification is on the roadmap.
How is Kaplaix different from general observability tools?
Datadog and Grafana track infrastructure metrics. Langfuse and Helicone track LLM calls. Kaplaix tracks agent intent, decisions, and policy compliance — the governance layer above observability. Pre-execution policy gates, OWASP-aligned risk scoring, causal investigation, and signed evidence packages are purpose-built for AI agent governance, not retrofitted from APM.