Kakunin is an API-first compliance layer that issues cryptographic identities to AI agents, monitors their behavior in real time, and auto-revokes credentials when risk thresholds are crossed — built to satisfy MiCA and EU AI Act requirements without manual oversight.
Kakunin addresses the two core challenges regulators impose on AI agent deployments: proving who the agent is, and proving it behaved within its authorised scope.
Every AI agent gets an X.509 certificate issued via AWS KMS — a machine identity with cryptographically bound scope, a 365-day validity window, and automated revocation when behavioral risk exceeds threshold. Private key material never leaves the HSM.
Real-time behavioral monitoring scores every agent action across eight risk dimensions. WORM audit logs satisfy EU AI Act Article 12. Compliance reports export a signed PDF snapshot for regulators — generated without human intervention.
Identity and governance are not separate products — they share the same cryptographic foundation. Every behavioral event is attributed to a named X.509 identity. Every compliance report is signed by the same CA that issued the agent's certificate.
Register an agent via API. Kakunin issues an X.509 certificate backed by an AWS KMS RSA-2048 key. The certificate encodes operator, scope, and model hash — all cryptographically bound.
Your agent reports actions to /api/v1/events. Each event is risk-scored in real time across eight dimensions and written to the WORM audit log with the agent's certificate serial as the attribution anchor.
Risk score above 0.75 triggers a pre-revocation warning. Above 0.85, the agent's certificate is revoked within 60 seconds — blocking it at the gateway layer before it reaches any downstream service.
On demand, Kakunin generates a signed PDF compliance report: agent identity, risk history, revocation events, and audit log hash — ready for regulators, auditors, or counterparties.
Kakunin's API-first design means you can register your first agent in under five minutes, with no infrastructure to provision and no SDK required.