The agent-action governance problem
An AI agent inside an application can read customer records, create invoices, send emails, post to Slack, run shell commands, and delete data. Each of those is a different risk profile. A read of a public document is fine. A delete of production records needs a human in the loop. A prompt with a leaked API key needs to be blocked outright. The control surface between the agent and the destination has to make those decisions in milliseconds.
Three-tier human-in-the-loop
Vaikora ships a pre-built CRUD policy matrix mapped to a three-tier approval model. Tier 1 reads auto-approve with silent logging. Tier 2 creates and updates require self-justification through the developer Slack OOB. Tier 3 deletes and merges escalate to the SecOps Slack with the agent held in a WAIT state until an admin signs off. Approvers click through to a web UI for the full action context and resolution token.
Built-in attack defenses
The Vaikora content modules detect prompt injection attempts, jailbreak patterns, leaked credentials, financial data exfiltration, and egress to known training-data endpoints. The defenses run synchronously inside the policy pipeline; bad actions never reach the LLM.
Audit and evidence
Every decision is signed into a SHA-256 append-only audit chain. Compliance presets cover SOC 2 Type II, HIPAA, GDPR, PCI DSS, and ISO 27001. Auditors can replay the chain and verify integrity without any vendor cooperation.