Pilot overview · for CFO, GC, CISO, CRO, Board

Prove that every AI action in your business was authorised, accountable, and auditable — in 4 to 10 weeks.

A KYE Audit Pilot™ takes one real AI agent in your business and turns its actions into bytes a regulator or court can replay. You walk out with a signed Evidence Pack™, a regulator-mapped control crosswalk, and an adoption roadmap your board can sign off on.

Three phases. Four signed artefacts. One report mapped to the regulatory frameworks you already answer to. No code change to your existing agents on day one — the pilot runs in shadow mode first.

rocket_launch Apply for a pilot verified_user See the underlying surface inventory_2 What you receive
Pilot anatomy

Three phases. Every phase ends with signed artefacts in your hands.

No long discovery cycle that yields a slide deck. Every week of the pilot ends with bytes — cryptographically signed, regulator-mapped, replayable from public keys alone.

01 Week 1 – 2

Discovery & scoping

We pick one privileged AI agent in your business, map who it acts on behalf of, and lock the purpose-permission scope it is allowed to operate within. You stay in control of which agent, which data, which decision class.

  • Scoped Purpose-Permission Manifest™ — signed JSON declaring what the agent may do and on whose behalf
  • Control-mapping diagram — the agent’s actions mapped to your declared regulatory frameworks (EU AI Act, NIST AI RMF, DORA, GDPR Art 22, sector-specific)
  • Agent inventory snapshot — canonical list of every AI tool the agent reaches for, with risk class assigned
02 Week 3 – N

Worked instance & governance plumbing

The agent runs against real traffic, in shadow mode at first, then in enforce mode once your team is comfortable. Every action it takes lands in a signed event chain. Your auditor can replay any one of them from the public key alone.

  • Live Evidence Pack™ — one signed bundle per privileged agent action, growing daily
  • Signed Decision Map™ — the rule path the agent followed, every input it weighed, every threshold it cleared
  • Replay-Proof™ bundle — bytes anyone with the public key can re-derive the same verdict from, six months from now
03 Final week

Acceptance & handover

We write the pilot up the way a regulator would want to read it. You receive a board-ready report, a framework crosswalk, and a costed roadmap for taking KYE™ into the rest of the business at your own pace.

  • Pilot report — executive summary + per-phase findings + verdict against each declared control
  • Regulator-mapped framework crosswalk — every control claim with the Evidence Pack™ that satisfies it, ready for an external auditor
  • Post-pilot adoption roadmap — staged plan, costed, with named decision gates for your board
What you receive

Four signed artefacts. Each one satisfies a different audience.

These are the deliverables. Not slide decks. Not consulting reports. Signed bytes a third party can verify without us in the room.

Artefact What it contains Who it satisfies Sample
Signed Evidence Pack™ One signed bundle per privileged agent action: the request, the policy decision, the rule path, the inputs hashed, the verdict, the public-key chain. Auditor, regulator, board, court Auditor view →
Decision Map™ The rule path the agent followed for a given action: which policy fired, which thresholds cleared, which inputs were weighed, the deterministic verdict. General Counsel, DPO, dispute counsel GC view →
Replay-Proof™ bundle The deterministic re-execution package. Bytes that re-derive the same verdict from public keys alone, with no help from us, six months from now. CISO, external auditor, regulator CISO view →
Framework crosswalk Every control claim from your declared frameworks (EU AI Act, NIST AI RMF, DORA, GDPR, sector packs) mapped to the Evidence Pack™ that satisfies it. CFO, Board, Chief Risk Officer, regulator Board view →
Before & after

The line a pilot crosses.

Most teams running AI agents today cannot answer the regulator’s first question: who authorised that action, on whose behalf, with what scope? After a pilot, the answer is bytes, not a conversation.

Today, without KYE™

  • The agent acted. Nobody knows exactly why. Logs are scattered across vendors and most do not survive a year.
  • Your auditor asks for the authorisation chain. You schedule a working session. Three weeks later you hand over a narrative document.
  • A regulator opens a dispute. Your evidence is a story your team tells, not a signed bundle the regulator can verify alone.
  • Insurance carriers exclude AI loss because nothing better exists than “commercially reasonable effort”.

After a pilot, with KYE™

  • Every privileged agent action is signed, scoped, and replayable by anyone holding the public key — including the regulator.
  • Your auditor pulls the Evidence Pack™ for the action in question and re-derives the verdict in minutes. No working session.
  • A regulator opens a dispute. You hand over the Replay-Proof™ bundle. They verify it from public keys alone. The dispute closes on bytes, not narrative.
  • Counsel can hand a court a signed Decision Map™ that maps directly to your declared control framework.
Pilot tiers

Three tiers. Pick the one that matches the agent estate you are governing.

Every tier produces the same artefact contract — signed Evidence Packs™, Decision Maps™, Replay-Proof™ bundles, framework crosswalk. The tier sets the scope of what gets governed, not the strength of the proof.

Tier Investment Scope Deliverables Timeline
Foundation £45k One privileged agent, one decision class, one regulatory framework. Pilot report + Evidence Pack™ sample set + control crosswalk for the declared framework. 4 weeks
Standard £150k Up to three privileged agents, multi-framework crosswalk (EU AI Act + NIST AI RMF + sector pack), shadow-to-enforce transition. Everything in Foundation, plus live Replay-Proof™ bundle, Decision Map™ per action, regulator dry-run. 6 – 8 weeks
Enterprise £350k Agent estate (up to ten), all declared frameworks, integration with your existing risk & audit tooling, board-level governance loop. Everything in Standard, plus signed board pack, integration with your SIEM / GRC, named on-call governance review for the pilot window. 8 – 10 weeks

Sector-specific specialisations (legal practice, healthcare, payments, public sector) carry their own pilot SKUs. Ask in your application and we will route to the matching pack.

What good looks like

Three measures a CFO or CRO can defend on a board call.

These are the shapes the artefacts move; the actual numbers depend on your starting position. Ask for the worked instance from a customer of similar size and regulator posture in your pilot application.

Regulator readiness
days, not quarters

Time to answer a regulator’s evidence request for a given AI action, measured from request received to signed bundle handed over.

Audit retrieval
minutes, not weeks

Time for your auditor to retrieve, verify, and re-derive the verdict on a single privileged agent action, working from public keys alone.

Agent incident response
first hour

Time to identify the exact action, exact scope, exact rule path that fired during an incident — before the dispute window with the regulator closes.

Next step

Two paths in.

Pilots are closed-signup; we qualify manually within two business days. If you want a conversation first, the second path is for you.

rocket_launch Apply for a pilot forum Talk to a human business_center Read the buyer overview