Kakunin vs. the Alternatives
Why purpose-built AI agent compliance infrastructure outperforms DIY builds, generic monitoring, and manual governance — especially under MiCA and EU AI Act scrutiny.
| Feature | Kakunin | DIY Build | Generic Monitoring | Manual Governance |
|---|---|---|---|---|
Per-instance X.509 agent identity Cryptographic identity bound to each agent deployment — not a shared API key or service account. | ✓ | ~ | ✗ | ✗ |
KMS-backed private key custody Private key generated in AWS KMS HSM and never exposed to application code. KMS ARN is stored, not key material. | ✓ | ~ | ✗ | ✗ |
Certificate-embedded scope policy Authority limits (max size, allowed actions, counterparties, geographies) are signed into the certificate. Cannot be changed without CA reissuance. | ✓ | ✗ | ✗ | ✗ |
Scope enforcement independent of LLM Scope is checked at the tool layer before any action executes — prompt injection cannot bypass it. | ✓ | ✗ | ✗ | ✗ |
Behavioral baseline profiling Per-agent baseline established from 7–14 days of observation. Scored against p50/p99 metrics across size, frequency, counterparty, time-of-day. | ✓ | ~ | ~ | ✗ |
Per-action anomaly scoring Every action produces a [0,1] risk score against the behavioral baseline. Not just threshold alerts on individual fields. | ✓ | ~ | ~ | ✗ |
Automatic certificate revocation Score ≥ 0.85 triggers instant revocation — no human required. The agent halts before further damage can occur. | ✓ | ✗ | ✗ | ✗ |
Pre-revocation human review window Score 0.75–0.84 triggers a configurable grace period (default 5 min) for human ACK before auto-revocation. | ✓ | ✗ | ✗ | ~ |
WORM audit log PostgreSQL rules block UPDATE and DELETE on audit_log. No application code — including admin code — can alter the record. | ✓ | ~ | ✗ | ✗ |
Cryptographic action signatures Each logged action includes a KMS signature over the payload — proves a specific agent instance authorised a specific action. | ✓ | ~ | ✗ | ✗ |
MiCA Articles 67–72 compliance evidence Compliance report exports the evidence package regulators request: registration record, certificate chain, baseline approval, audit log, incident history. | ✓ | ~ | ✗ | ~ |
EU AI Act Annex III technical documentation Article 11 package generated on demand: risk management records, data governance, human oversight procedures, cybersecurity controls. | ✓ | ✗ | ✗ | ~ |
LangChain / AutoGen / CrewAI integration Native SDK integrations: KakuninToolGuard (LangChain), KakuninConversableAgent (AutoGen), kakunin_node (LangGraph), KakuninCrewAgent (CrewAI). | ✓ | ~ | ✗ | ✗ |
Time to first agent registered 5 minutes via API or CLI. DIY requires building CA infrastructure, KMS key policies, and scope enforcement layer from scratch. | ✓ | ✗ | ~ | ✗ |
Why Not Build It Yourself?
CA infrastructure is non-trivial
Building a certificate authority requires KMS key policies, certificate profile design, OCSP responder, revocation propagation, and renewal workflows. Most teams underestimate the ongoing maintenance.
Behavioral baselines require statistical modeling
Anomaly scoring that avoids false positives on variable workloads while catching real threats requires percentile tracking, weighted deviation models, and configurable thresholds per agent type.
WORM logs require database-level enforcement
Audit trail integrity under MiCA/EU AI Act requires that even admin code cannot modify records. Postgres-rule WORM enforcement is straightforward to implement but easy to get wrong — a misconfigured rule silently allows mutations.
Compliance evidence must be regulator-ready
MiCA Article 71 and EU AI Act Article 11 require structured evidence packages on request. Generating these from raw logs is an engineering project — Kakunin generates them on demand.
Ready to skip the build?
Register your first agent in 5 minutes. Certificate, baseline, and monitoring — all active.