Kyvvu
A behavioral firewall for AI agents
Your organization has rules. About customer privacy, data handling, decision transparency, escalation, and what your agents are and aren't allowed to do. When you deploy AI agents, those rules have to be enforced at runtime — not hoped for in a prompt, not checked after the fact in a log.
Kyvvu sits between your agents and everything they touch. Every atomic behavior an agent attempts — every LLM call, every tool invocation, every write to a system of record — is intercepted, evaluated against your policies in the context of the full execution path so far, and either allowed, blocked, or routed to human approval. In under a millisecond per policy evaluation.
Think of it as Cloudflare for agents: the same architectural pattern — a thin, always-on control layer that sees every request and enforces your rules — applied to non-deterministic AI systems instead of HTTP traffic.
How it fits together
Two audiences, one runtime. On the left, developers integrate their agent via an SDK (Python, LangChain, LangGraph), a proxy (Claude Code), or a connector (Microsoft Copilot Studio, MS Agent SDK). On the right, CISO and legal teams define governance rules in plain language. The Kyvvu Engine mediates between the two: it consumes agent behaviors, evaluates them against the policy library, and enforces the decision back on the agent — allow, block, or stop.
How it works
Policies are defined centrally in plain language and translated into path-dependent rules. The engine evaluates them on every atomic behavior:
from kyvvu import Kyvvu, Policy
kv = Kyvvu(api_key="your-key", environment="prod")
# Define a policy once — applied to every agent in the environment
Policy(
name="No customer writes without human approval",
scope="agent_group:customer-support",
when="behavior.type == 'TOOL_CALL' and behavior.writes_to_system_of_record",
require="human_approval",
otherwise="block"
)
# Wrap the agent — Kyvvu intercepts every behavior on the path
with kv.guard(agent_id="support-agent-01"):
agent.run(user_query)
# Each LLM call, tool call, and state change is evaluated in context.
# Violations are blocked at the moment of execution — not after.The same enforcement layer works across frameworks. No changes to your agent's logic. No reliance on the LLM following instructions.
Three outcomes, one layer
- Runtime enforcement — Policies on paths, evaluated in sub-millisecond time before the next behavior executes. Allow, block, or escalate — deterministically.
- Structured observability — Every intercepted behavior and every enforcement decision becomes a hash-chained, tamper-evident log entry. Audit-ready by construction.
- Incident escalation — When a policy is violated or human approval is required, Kyvvu generates a structured incident with the full execution path as context, routed to your existing workflows.
Works with the frameworks you already use
Kyvvu is framework-agnostic. We have production integrations for:
- Core Python agents (SDK)
- LangChain and LangGraph (callback handlers)
- Microsoft Copilot Studio and MS Agent SDK (connector)
- Claude Code (local proxy)
- Any other framework — via our locally running kyvvu-engine
EU AI Act compliance, from the bottom up
Most compliance tooling is top-down: policies written in documents, referenced in audits, with no mechanical link to what agents actually do. Kyvvu is the opposite. Because every atomic behavior is intercepted and logged, and every policy is enforced at the step level, you get the runtime evidence Articles 9, 12, 14, and 15 of the AI Act actually require — continuous risk management, automatic logging, meaningful human oversight, and accuracy/robustness monitoring.
One unified vocabulary (atomic behaviors), clear policies, demonstrable enforcement — across every agent you deploy.
See how policies on paths map to the AI Act →
Where we are
Kyvvu is deployed in enterprise environments across regulated industries in the Netherlands — financial services, insurance, healthcare — inspecting agent behavior in production. Our approach to runtime governance is documented in our arXiv paper Runtime Governance for AI Agents: Policies on Paths, and has been discussed in a joint perspective with a leading AI conformity and certification partner.
How to engage
Kyvvu is delivered through a small set of authorized partners — tier-1 consultancies and AI governance specialists who handle integration, policy design, and ongoing support. We work alongside them on every deployment.
For end-customers: free proof-of-value
If you're deploying AI agents in a regulated industry, we offer a scoped, no-cost proof-of-value in your environment. We deploy the Kyvvu Engine alongside one or more of your agents, work with you to define policies on paths aligned with your internal rules and AI Act obligations, and produce a structured report on what we observed and enforced.
- Kyvvu runs on your infrastructure — your data stays with you
- Typically scoped around one agent and a defined policy set
- Outcome is a runnable enforcement layer plus a report you can take to your CISO, legal team, or auditor
- No commercial commitment during the evaluation
To start a proof-of-value: email jeroen@kyvvu.com.
For prospective partners
We work with a select group of consultancies, systems integrators, and AI governance specialists who deliver Kyvvu to their clients. If you're advising enterprises on AI agent deployment or AI Act readiness and want runtime enforcement as part of your offering, we'd like to talk.
To discuss partnership: email jeroen@kyvvu.com.
Technical questions, integration details, and research: maurits@kyvvu.com
Recent Posts
- Nine Seconds, Two CVEs, and a Three-Axis Vocabulary May 12, 2026
- The Hot Path Tax: Why Runtime Governance Has to Be Sub-Millisecond Apr 29, 2026
- Agents Don't Share a Language — And That's a Governance Problem Apr 16, 2026
- From Plain English to Enforceable Policy — Meet the Kyvvu Policy Generator Apr 10, 2026
- The Month AI Agents Went Rogue Mar 31, 2026
About Kyvvu
Kyvvu is an enterprise AI governance company founded by Maurits Kaptein and Jeroen Ghijsen, based in the Netherlands. We build runtime infrastructure for governing autonomous AI agents in regulated industries.
Learn more about us or see open positions.