Kevros AI Governance Gateway

Kevros AI Governance Gateway enforces verifiable governance on every AI agent decision before execution.

Autonomous AI agents are making high-stakes decisions at machine speed. Compliance infrastructure built for human-paced workflows cannot keep up. Kevros closes that gap. Every agent action receives a signed ALLOW, CONSTRAIN, or DENY verdict before it executes. Use cases include agent-initiated trade workflows, automated claims handling, industrial control supervision, and payment authorization. If governance is unreachable, execution halts. No exceptions. No silent failures.

Deploys inside your AWS account using AWS CloudFormation, Amazon ECS on AWS Fargate, Application Load Balancer, Amazon EFS, AWS Secrets Manager, and Amazon CloudWatch. Customer data and signing keys are not transmitted outside your account by default.

Six-Layer Formal Verification Kevros is the only AI governance offering on AWS Marketplace with end-to-end formal verification of the enforcement kernel. Six independent verification layers spanning model checking, SMT proofs, bounded checks, runtime assertions, cross-language vector regression, and interactive theorem proving collectively explore 1.94 billion system states and produce 71 SMT proofs and 20 mechanically-checked theorems with zero counterexamples and zero unproven assumptions.

Why Kevros Tamper-evident provenance ledger. Every governance decision is recorded in a hash-chained, append-only ledger on Amazon EFS. Auditors verify chain integrity using the published verifier specification.

Fail-closed architecture. Governance unavailability triggers automatic execution blocking. Agents cannot circumvent oversight under any failure condition. Dual-lane post-quantum signatures. ML-DSA-87 (FIPS 204) anchors every 100-record block of the hash-chained ledger. SLH-DSA-SHA2-256f (FIPS 205) provides the off-chain co-signing lane on settlement-class events. Quantum-resistant from day one.

Tier-conditioned rate limiting. Per-tier API Gateway UsagePlan throttling at the publisher edge. Free Trial 5 requests per second; Starter 25; Professional 50; Enterprise 200.

ML behavioral drift detection. Latency-drift and semantic-drift monitors flag anomalous agent behavior before violations materialize. CloudWatch and CEF observability. Container metrics and governance events surface in CloudWatch dashboards. CEF-formatted syslog export for any CEF-capable collector.

Built for AWS Deploys via AWS CloudFormation as a customer-side stack. Talon classifier inference runs in the TaskHawk publisher account; classifier weights never enter the customer image. Image is signed with cosign against an AWS KMS key; signatures verify against the publisher KMS public key.

Compliance-Aligned Evidence Generates evidence designed to support governance reviews under NIST AI RMF, EU AI Act risk classification (Annex III), and SOC 2 control families. Hash-chained decision records, post-quantum-signed block roots, and certifier-grade evidence bundles in auditor-ready format. Kevros provides verifiable technical evidence; it does not replace your compliance program, risk assessment obligations, or legal determinations.

Plans Free Trial. $0 per month. 1,000 calls. Hash-chained evidence. Starter. $499 per month. 100,000 calls. Production capacity. Professional. $1,499 per month. 1,000,000 calls. Adds ML drift plus dual-lane post-quantum signing. Enterprise. $4,999 per month. 5M inclusive calls plus AWS Marketplace metered overage. Adds fleet drift, CEF syslog export, evidence bundles.

Click Continue to Subscribe to deploy in your AWS account. Typical deployment under 20 minutes.