K
Kairro
How Kairro Works Login to Kairro
AI Security, Governance & Visibility

Kairro Overview

Kairro is the enterprise platform for AI visibility, findings, policies, integrations, and governance across both browser activity and workstation telemetry.

Get a Demo
Browser + collector coverage Findings & investigations Policy sandbox Framework controls
Platform snapshot

One platform, four connected surfaces

Backend services, admin control plane, browser extensions, and endpoint collectors working together as one operating layer for enterprise AI use.

Visibility + findings
Browsers + collectors
Governance workflows
Kairro overview dashboard

Executive highlights

Enterprise-grade controls, real-time enforcement, and governance in one system.

Security-first

Policy enforcement, DLP-aware controls, device posture, and secure identity boundaries across the platform.

Investigations-ready

Findings, investigations, and recent device context stay aligned so teams can move from alert to action.

Governance-ready

Framework controls, evidence, review workflows, and control maturity tie live operations to governance posture.

Platform Architecture

Secure by design, with clear separation between the control plane, managed endpoints, and downstream integrations.

1. Fast, Secure Backend

Fastify + Prisma

  • Authentication, SSO, and MFA
  • Policy evaluation and bundle delivery
  • Findings, investigations, and event logging
  • Governance workflows and framework posture
  • Subscription, licensing, and notifications

2. Kairro Admin Control Plane

Security, governance, IT, and platform teams

  • Visibility overview and drilldowns
  • Findings, analyst queue, and investigations
  • Policies, sandbox testing, and rules management
  • Browsers, collectors, and subscription usage
  • Governance, frameworks, and controls

3. Kairro Browser Extension

Managed browser coverage

  • Evaluates prompts, tools, domains, and policy decisions in real time
  • Detects shadow AI and sends governed telemetry
  • Receives policy refresh, re-register, and disable commands
  • Registers activity for licensing and operational health

4. Kairro Collectors

Managed workstation coverage

  • Monitor endpoint posture and sensitive workstation workflows
  • Sync signed policy bundles and review commands
  • Generate findings and investigations from collector activity
  • Support credential-governance and local decision flows

Core Concepts

How Kairro models the enterprise AI landscape.

Organizations, Users, Teams & Identities

Multi-tenant with RBAC; every event, tool, endpoint, and policy is org-scoped.

AI Tools

  • Approved Tools — allowed with policies/DLP
  • Unapproved Tools — trigger warnings or blocks
  • Discovered (Shadow AI) — surfaced automatically from telemetry

Policies & Rules

  • DLP severity thresholds
  • Allowed/denied AI tools
  • Domain restrictions
  • Credential and collector-safe review actions
  • Org-wide defaults plus targeted rules

Events & DLP Matches

Every AI interaction logs action (Allow/Warn/Block), risk level, DLP match details/severity, and tool/identity/endpoint metadata.

Shadow AI Events & Findings

Unknown, unapproved, or risky AI usage is logged and surfaced in Shadow AI inventory.

AI Inventory & Use Cases

Catalog of approved AI use cases, external tools, product-embedded AI features, risk assessments, governance stages, reviews, and audit logs.

Subscriptions & Licensing

Validates license keys, allowed endpoints, event usage, and status (Active → Past Due → Expired) with fail-closed enforcement.

Integrations & Notifications

Slack, Email, Microsoft Teams, PagerDuty, Opsgenie, Webhooks, and SIEM/log tools (Splunk, Datadog, Elastic, Chronicle, etc.).

Managed Endpoint Workflows

Secure, deterministic flows across browser extensions, endpoint collectors, and the control plane.

Browser policy sync

Extensions retrieve approved AI tools, unapproved tool definitions, and command sync metadata.

Browser evaluate flow

  1. DLP scanning
  2. Policy evaluation
  3. Risk scoring
  4. Event & DLP match logging
  5. Integration/notification dispatch

Returns: action, riskLevel, reasons, eventId, and command sync data.

Collector policy & review sync

Collectors receive signed policy bundles, device posture updates, and deterministic review instructions.

Registration endpoints

Associate browser and collector activity with subscription limits, license tokens, and unique managed endpoints.

  • /v1/extension/register
  • /v1/extension/endpoint/register

Admin API Surface

  • Events: /v1/admin/events, /v1/admin/events/:id/dlp
  • Shadow AI: /v1/admin/shadow-ai/events
  • Governance: /v1/admin/governance/*
  • Policies: /v1/admin/policies
  • Integrations & Notifications
  • Ops / Health Dashboard
  • Subscription & Security Defaults

How Organizations Use Kairro

✔ Real-time AI security

DLP + policy enforcement everywhere users interact with AI.

✔ Shadow AI visibility

Automatic discovery of unapproved tools and risky behavior.

✔ Governance & risk scoring

Structured workflows for approving use cases and managing AI adoption.

✔ Compliance & audit readiness

Evidence, controls, logs, reviews, and policy enforcement in one place.

✔ Enterprise integrations

Notifications and events flow into your SIEM, SOC tools, and collaboration systems.