Visca

Security & compliance

Nothing leaves the perimeter, every operation is on one record, and even maintenance is evidence — by construction.

You're accountable for agents you didn't build and can't fully see. Hosted AI vendors are data egress you can't sign off; a self-hosted stack stitched from a dozen projects hands you a dozen identity models and audit trails to correlate by hand — plus hand-run maintenance that never appears in the evidence at all. Visca makes the answers structural: every agent is a named principal, every access is a scoped credential, and every operation — maintenance included — passes through one governed gateway onto one tamper-evident ledger. Most of what you'd write as policy is a property of the stack.

Why the data can't leave

Hosted AI is out. A stitched stack is the only thing left — and it breaks here.

Agents with credentials you can't scope

Production agents hold broad, long-lived credentials. Your policy says least-privilege; the infrastructure offers all-or-nothing.

Audit you have to assemble

Answering an incident or an examiner means correlating framework traces, tool logs, identity events, and model-provider logs by hand. The answer takes hours; the question is urgent.

Maintenance off the record

SSH sessions, console clicks, tribal knowledge — how the stack is kept alive never shows up in the evidence. You find out what was changed, and by whom, during the incident it caused.

One stack, not a stitched one

How the stack answers the review, applied to security & compliance.

Identity

No actor without identity

Least-privilege starts with knowing who's acting. Every agent is a named principal with a verifiable identity, by construction — 'who is this agent' has one answer.

Credentials

No access without a scoped grant

Long-lived credentials disappear. Every access is scoped, time-bound, consented where required, and audited — least-privilege as the only available mode.

Runtime

Nothing leaves the perimeter

Models, prompts, and data execute inside your walls. The egress finding never opens, and there's no vendor chain to review one contract at a time.

Audit

No action unaccounted for

Every operation is a principal acting within a scope through one governed gateway — append-only, chained, exportable to your SIEM and GRC tooling. The control isn't asserted; it's recorded.

Operators

Maintenance as evidence

Patches, rotations, and recoveries are performed by the stack's own operators as principals in scopes — signed, on the same ledger you read. Humans keep three jobs: declare intent, sign approvals, hold the kill-switch.

What you get

Outcomes.

In practice

A security review that doesn't block the launch

An application team wants to ship an agent with production access. The review is short: the agent is a named principal, its access is scoped and time-bound, every action lands tamper-evidently on one ledger — and the stack underneath is maintained by operators whose every patch and rotation is on the same record. The controls aren't promises in a doc; they're properties of the runtime, with evidence.

Other roles

The Autonomy Stack for regulated industries

The stack that gets you approved — and then maintains itself.

Identity, credentials, runtime, and audit — shipped as part of your product, run inside your customer's walls, operated by agents under the same ledger as everything else. Nothing leaves the perimeter. Nothing is off the record.