Culvii gives your platform teams the identity, governance, and auditability infrastructure needed to deploy AI agents across your organization — and the managed operations team to keep them running — without asking your CISO to look the other way.
They're both right. Culvii was designed to end that standoff. Culvii Kit gives engineering teams the primitives they need to build fast. AgentOps gives operations teams the specialists they need to run at scale. Security teams get both — structural governance and operational accountability.
Every agent is assigned a Decentralized Identifier (DID) backed by Ed25519 cryptography. Agents sign every action. Your security team can verify the identity of any agent, at any point in time, without trusting a central log. No more "the AI did something" in an incident report.
Define a precise trust surface for every agent. Capabilities can be time-scoped, rate-limited, and revoked instantly. Key rotation happens without downtime. Trust elevation requires an explicit grant from an authorized human — not a config file that might be overridden.
Every agent action flows through a hash chain buffer into a Merkle Tree. The resulting audit log is cryptographically verifiable — not just readable. If regulators ask for evidence of what an AI agent did on a specific date, you produce a mathematical proof, not a screenshot. Retention configurable up to 7+ years.
Critical decisions require human sign-off before execution. HITL suspends workflow execution, notifies approvers via Slack or email, and only resumes after explicit approval. Approval actions are themselves logged and signed. Governance that lives in the code, not in a policy document.
Every tenant is a hard boundary. Separate keys, separate audit logs, separate capability namespaces. Run a single Culvii deployment across multiple business units, customer accounts, or environments with complete isolation — no data sharing, no key sharing, no log bleed.
Through AgentOps, you get an embedded team — Enterprise Operations consultants, AgentOps Engineers, and Runtime Experience Engineers — to run your agent infrastructure without expanding headcount. Fractional or dedicated, depending on your scale.
Same Culvii Kit. Same AgentOps. Three deployment models — choose based on your regulatory, data residency, and procurement requirements.
Fully hosted by Culvii. AWS-backed, multi-region, with EU, US, and APAC data residency options.
Culvii data plane in your cloud (AWS, GCP, Azure). Control plane managed by us, fully isolated per tenant.
Fully air-gapped Kubernetes deployment. For the most sensitive regulated environments — healthcare, defense, public sector.
Every agent and tool call must be explicitly authorized through a signed capability grant. No role can "escalate on demand."
TLS 1.3 in transit. AES-256 at rest. BYOK via AWS KMS, GCP KMS, or Azure Key Vault. Keys rotate without downtime.
Okta, Azure AD, Google Workspace, OneLogin, JumpCloud. Automated provisioning and deprovisioning via SCIM 2.0.
Pin tenant data to US, EU, or APAC regions. Per-tenant database isolation. No cross-tenant inference.
Every agent action is hash-chained and rolled into a Merkle tree. Tamper-evident, independently verifiable by your auditors.
Capability-scoped tool access means a successful prompt injection still can't exceed the agent's granted authority.
Route to Anthropic on AWS Bedrock, OpenAI on Azure, or your own fine-tuned models on-prem. No data leaves your perimeter.
24/7 security on-call with a 1-hour response for P0 incidents. Annual tabletop exercises with your team included.
Culvii is the first agent framework we've found where our security team finished the review faster than the engineering review. Capability governance and cryptographic audit trails turn AI agents into just another governed service.
30-minute technical scoping with a solutions engineer. We map your agent use cases, compliance, and deployment model.
Trust Center access, SOC 2 report, DPA, DPIA, BAA, pen-test summary. Fast-track your InfoSec questionnaire with pre-filled SIG Lite.
Dedicated Slack channel, paired engineer, tenant provisioned. We build your first production agent together with your team.
Staged rollout, HITL thresholds tuned, PagerDuty wired. Handoff to your team with a runbook and a quarterly business review cadence.
Self-serve access to SOC 2 Type II, ISO 27001, pen-test summary, DPIA, SIG Lite, and a pre-signed MSA template.
Visit Trust CenterMSA, DPA, BAA, custom redlines welcome. Average time-to-signature from intro call is 22 days. We redline on Google Docs, not DocuSign.
View standard termsAvailable through AWS Marketplace (private offer), GCP Marketplace, and Azure Marketplace. Committed spend and credits accepted.
Purchase via marketplaceYes. Air-gapped deployment is available under Enterprise plans. Culvii Kit can run entirely within your network with no external dependencies.
Bring Your Own Cloud means Culvii Kit runs inside your VPC — your network, your storage, your keys. We manage the software; you own the infrastructure.
Yes. Email enterprise@culvii.com with your questionnaire. Standard turnaround is 5 business days. We also have a pre-filled SIG Lite for faster turnaround.
Enterprise customers can integrate their own KMS (AWS KMS, Azure Key Vault, HashiCorp Vault) for agent private key storage. Per-tenant isolation is enforced at the cryptographic layer.
Enterprise plans are annual contracts. Minimum commitment varies based on deployment option and support tier. We start with a pilot so both teams can validate fit before committing.
Book a demo using the form on this page, or email enterprise@culvii.com. You'll speak with a founder — not an SDR. Typical pilot launches in under 4 weeks.
Talk to a founder — not an SDR. We'll understand your regulatory environment, your existing stack, and your specific requirements before proposing anything.