Visca
Visca

Thesis

The stack that gets you approved.

Agents in regulated industries fail security review, not benchmarks. Visca is the whole stack — identity, credentials, runtime, audit — run inside your customer's walls, with its own operators keeping it alive.

Visca · v0.2

visca.ai

Published 2026

Table of Contents

Contents

  1. 01The approval problemp. 2
  2. 02One stack, inside the wallsp. 2
  3. 03Operators in the boxp. 3
  4. 04Nothing off the recordp. 3
  5. 05The human rolep. 4
  6. 06Proven on ourselves firstp. 4
  7. 07What we sellp. 5

01 · The approval problem

Security review is the bottleneck.

A bank, a hospital, or a government agency cannot approve an agent product stitched together from a dozen SaaS vendors. Each vendor is a data egress path, another contract to negotiate, another breach surface to underwrite.

The model is not the blocker. Agent pilots clear the demo and stall at the review, because the review asks questions the stitched stack cannot answer: who is this agent, what can it touch, where is the record. When the answer spans a dozen vendors, the answer is no.

This paper is for teams building agents for regulated customers — and for teams building them inside.

02 · The stack answer

One stack, inside the walls.

Visca is the whole stack — identity, credentials, runtime, and audit — shipped as part of the builder's product and run inside the customer's perimeter. The agent arrives with the answers security teams demand.

Identity

Every agent is a first-class principal with a recorded human sponsor. Who is this agent has one answer, and a person stands behind it.

Credentials

Scoped, short-lived credentials in place of standing keys. Authority is granted, reviewed, and revoked — what can it touch has one answer, and it expires.

Runtime

Agents execute inside the perimeter, on infrastructure the customer controls. No model call, tool call, or byte of data crosses the wall to make the product work.

Audit

One tamper-evident ledger of every action, every grant, every approval. Where is the record has one answer, and the security team can read it.

One stack means one contract, one deployment, one review. Nothing leaves the perimeter.

03 · The ops answer

Operators in the box.

Self-hosted has always failed on the ops burden. That burden — not architecture — is the reason SaaS won everywhere it was allowed to win: the vendor's ops team kept the system alive so the customer never had to.

Visca ships with its own operators: agents that deploy, upgrade, patch, rotate credentials, and answer incidents — inside the perimeter, under the same identity, credentials, and audit as everything else they share the stack with. Self-hosted, without inheriting an ops team's job.

04 · Total record

Nothing off the record.

Hand-run systems leak history. SSH sessions, console clicks, tribal knowledge — the operations that keep a system alive are exactly the ones that never make the audit log.

A stack operated only by principals acting within scopes, through one governed gateway, closes that gap by construction. Every patch, every credential rotation, every incident recovery lands on the same tamper-evident ledger as the agents' own work — signed, attributable, queryable.

Maintenance itself becomes evidence. The audit trail is not a feature bolted onto the stack; it is how the stack works. There is no off-the-record path, because there is no hand on the box.

05 · The human role

Humans keep three jobs.

Autonomy does not mean absence. It means the human role is narrowed to the decisions that must stay human — and every one of them is recorded.

1

Declare intent

Humans state what the system is for and what it may pursue. Agents act within that declaration, never beyond it.

2

Sign approvals

Consequential actions stop at a human gate. The signature, the signer, and the scope go on the ledger.

3

Hold the kill-switch

Any human with the authority can halt an agent, a workload, or the stack. The halt is itself a recorded act.

Around those three jobs sit deterministic guardrails — policy walls, budgets, circuit breakers — enforced outside the models, where no amount of reasoning can argue past them. In regulated contexts, human approval gates are permanent by design, not a transitional stage to be automated away.

06 · Proven on ourselves first

We ran the gauntlet before asking you to.

A clinical AI product built on this stack is approved and in pilot at Stanford — it passed the security review this paper describes. And the stack runs its own production.

Compliance certifications are targeted, not claimed. The architecture is built so the evidence exists before the auditor asks for it.

07 · What we sell

What we sell.

We don't sell compliance, and we don't sell software that becomes your ops problem.

We sell the stack that gets you approved — and then maintains itself.

visca.ai

About Visca

About Visca.

Visca is the Autonomy Stack for regulated industries — identity, credentials, runtime, and audit for software agents, shipped inside the customer's perimeter and maintained by its own operators. For more information, visit visca.ai.

Copyright © 2026 Visca, Inc.Visca · v0.2