Enterprise-Grade Security, Built in from the start

Kenome is designed for enterprises where data residency, access control, and regulatory compliance are non-negotiable. Your data stays in your environment

Certificatons & Compliance

Independently verified

ISO 27001

Information Security Management System. Risk assessment, access controls, and incident response. — Certified

ISO 42001

AI Management System standard, covering transparency, bias, and responsible AI deployment — Certified

SOC 2 Type II

Security controls independently audited and verified over a sustained period, not just a point in time. — Report available under NDA

GDPR

Data subject rights, data minimization, and sub-processor management. DPA available for all customers. — Compliant

Security You Can Trust. Governance You Control.

Data Security

Encrypted end to end

In transit

All traffic encrypted between services and on external connections. No plaintext data traverses the network.

At rest

All data stores encrypted at rest using industry-standard cryptography. Backups encrypted and regularly tested.

No model training on your data

Kenome never trains models on customer data. Inference stays within your own model gateway.

Deployment

Your infrastructure. Your data.

Kenome deploys fully on-premises or in your private cloud. No shared infrastructure, no data routed through Kenome servers. You retain complete custody of your data.

On-premises or private cloud deployment

No outbound dependency on Kenome infrastructure

Compatible with air-gapped environments

Zero data custody retained by Kenome

Access and Identity

Permissions enforced at every layer

SSO & role-based access control

Enterprise SSO via SAML 2.0 and OIDC. Granular RBAC enforced at query time — users and agents only access data within their authorized scope

Credential governance

Integration credentials are admin-configured and centrally managed. Agents operate within scoped profiles and cannot acquire access beyond what is explicitly granted.

Full audit trails

Every agent action, tool call, knowledge retrieval, and admin change is logged and traceable back to the originating user, session, and task.

Agentic Governance

Agents governed like digital workers

Autonomous agents that can read documents, call APIs, and trigger workflows introduce a distinct security surface. Kenome treats every agent as a first-class identity with defined boundaries, not a shared user session.

01 Least-privilege execution

Each agent has an explicit permission boundary. Agents cannot acquire access beyond their assigned scope

02 Human-in-the-loop approvals

High-stakes actions require human confirmation before execution, with full context provided to the reviewer

03 Centralized agent management

Admins control agent sharing and access organization-wide. All changes are logged with mandatory reason capture

04 Prompt injection defense

Input validation and output filtering reduce exposure to malicious instructions embedded in retrieved content.

Security questions before you evaluate?

Architecture walkthroughs, security questionnaires, and compliance documentation available for qualified prospects.

Talk to us