Agents request.
kiss executes.
Stop handing agents your API keys. With kiss, agents can only request actions — we evaluate every request against identity, policy, context, and risk, then execute it ourselves. Credentials never leave our infrastructure.
refund_customer(
customer_id: "cus_123",
amount: 8500
)The agent never touched a Stripe key.
The problem
Agents have quietly become execution authorities.
The moment you hand an agent an API key, OAuth token, or service account, you hand it the power to act. Monitoring, policies, and just-in-time access all help — but the agent still holds the ability to execute. The blast radius is whatever those credentials can touch.
Compromised agents
A stolen key or hijacked session turns your agent into an attacker with standing access to production systems.
Prompt injection
A poisoned document or tool response can convince an agent to issue actions it was never meant to take.
Bad decisions
Even a well-behaved agent can misread context and issue a real refund, delete a repo, or change infrastructure.
The principle
We separate intent from execution.
Agents are great at deciding what should happen. They should never be the thing that makes it happen. kiss draws a hard line between the two.
Generate intent
“I want to refund customer cus_123 for $85.00.” Agents describe the action they want — nothing more.
Governs & executes
We authorize each request, then run the action through our own connectors. Credentials live only with us.
How it works
From intent to execution, in four steps.
Agent requests an action
The agent submits intent — action, parameters, user identity, agent identity, and context. It holds no credentials of its own.
kiss makes a decision
We evaluate the request against identity, policy, context, and risk — then return ALLOW, DENY, or REQUIRE_APPROVAL with human-in-the-loop when needed.
kiss executes it
On approval, we perform the action through our managed connectors and runtime. API keys, tokens, and service accounts never leave our infrastructure.
Everything is recorded
Each action produces a complete audit record: who, what, the decision, risk score, approvers, result, and timestamp.
The decision layer
Every request is judged on its merits.
kiss weighs each action across five dimensions and resolves it to a single, auditable outcome.
Identity
Which agent is asking, and which human is behind it?
Policy
Role-based and resource permissions, plus your business rules.
Context
Ticket data, customer metadata, environment, time, and location.
Risk
Anomaly detection, sensitive actions, and high-value transactions.
Approvals
Manager, finance, or human-in-the-loop sign-off when it matters.
One decision.
Fully recorded.
How we're different
Others grant access. We authorize and execute.
“You may access this system for 15 minutes.”
IAM grants access to systems. Once granted, whatever holds the credential can do anything that credential allows — including a compromised agent.
“We’ll monitor what the agent does.”
Monitoring, detection, and prompt-injection defenses assume the agent still owns the execution path. They watch the action — they don’t hold it.
“You may request this exact action. We decide whether it's allowed — and execute it for you.”
The agent never owns execution. Authority is centralized in kiss, per action, with a record for every one.
Managed connectors
Execution flows through us — never the agent.
kiss runs approved actions through hardened connectors. The pattern is always kiss → system, never agent → system.
Stripe
Refunds, payouts, charges
AWS
Infrastructure changes
GitHub
Repository modifications
Salesforce
Record updates
PostgreSQL
Database writes
Custom
Your internal APIs
Audit trail
Every action leaves a complete record.
Because execution happens inside kiss, the audit log is the source of truth — not a best-effort reconstruction. Answer “who did what, and who approved it?” for any action, instantly.
Let agents generate intent. Keep execution to yourself.
See how kiss authorizes and executes agent actions — without ever handing over a credential.