Frequently asked questions
Plain answers for executives and boards—plus technical detail for security and compliance teams.
Executive & Board Quick-Pass
Q: What business problem does Kovera solve?
A: Enterprises want to deploy autonomous AI agents to automate high-value tasks, but security, legal, and compliance boards block deployment because they cannot control what an autonomous agent will do in real time. Kovera stops unauthorized AI behavior before damage occurs and provides unalterable audit trails so legal/compliance teams can safely sign off on AI production rollouts.
Q: Why can't existing security tools or logging platforms do this?
A: Traditional tools look at logs after the fact (post-mortem). If an AI agent accidentally triggers an unauthorized data deletion or multi-million dollar transfer, traditional logging just records the disaster. Kovera intercepts the action inline, validates it against enterprise rules, and forces high-risk actions to wait for a human manager's digital signature.
How is Kovera different from CloudTrail-style logs or gateway-only AI guardrails?
CloudTrail-style products excel at recording API activity once credentials are exercised. Gateways excel at routing, quotas, and routing policy at the edge. Neither replaces runtime interception that binds agent identity to tool calls before irreversible effects, nor produces tamper-proof activity receipts your reviewers can verify outside Kovera's UI. Kovera sits on those enforcement paths and writes tamper-evident records to the Kovera Ledger tied to approvals when policy demands human involvement.
Does sensitive payload data leave our environment?
Governance metadata and cryptographic summaries sync for ledger anchoring per your deployment model. Payload handling follows your retention and residency controls. Your security team defines what crosses the boundary; receipts reference hashes and decision context suitable for auditors without dumping raw prompts into shared logs by default.
Will auditors accept signed exports?
Compliance-in-a-Box, The Sovereign, and Fortress engagements ship digitally-signed PDF and JSON bundles with identifiers auditors expect: timestamps, signatures, Merkle linkage where enabled, and cited controls. SOC 2 and HIPAA-oriented packs pair narrative controls language with artifacts mapped to evidence lockers. Automated Vanta and Drata synchronization is included with Compliance-in-a-Box and above.
Can verification hooks run inside CI/CD or deployment pipelines?
Pipelines can call Kovera verification endpoints or require presence of an approved tamper-proof activity receipt before promoting builds. That pattern mirrors runtime guardrails extended into release governance rather than repurposing legacy static scanners that never observed production agents.
What happens when policy routes an action through human approval?
High-risk flows pause after sandbox simulation and structured Slack approvals with cited rules. Approvals mint a tamper-proof activity receipt that anchors into the Kovera Ledger so incident response and audit teams share one authoritative timeline instead of fragmented threads.
Which stacks does Kovera integrate with?
Deployments commonly pair Kovera with enterprise identity providers, Slack or Teams escalation channels, observability sinks, and AI gateways such as Portkey for complementary routing controls. Tier-specific packs expose REST hooks for verification portals including verify.kovera.tech. Tell us about your stack during onboarding so engineers wire runtime interception closest to production agents.