Core Concepts
How Kakunin uses X.509 certificates and behavioral monitoring to make AI agents auditable in regulated environments.
The Problem Kakunin Solves
When a human employee makes a bad decision in a bank, there is a clear chain: the person, their manager, the firm, the regulator. When an AI agent makes a bad decision, that chain dissolves. The agent has no legal personhood, no fiduciary duty, no license to revoke.
Kakunin creates that chain for AI agents.
Cryptographic Identity
Every agent registered with Kakunin receives an X.509 certificate — the same standard used to secure HTTPS connections on the web.
X.509 is an international standard (RFC 5280) for public key certificates. It is the foundation of TLS, code signing, and email encryption. Kakunin applies it to AI agent identity.
Each certificate contains:
- The agent's unique identifier (a URN:
urn:kakunin:agent:{id}) - The agent's model name and version
- The issuing tenant
- A 365-day validity window (required by MiCA Article 70)
- A serial number usable for real-time verification
Private key material is generated inside AWS KMS and never exported. Kakunin stores only the KMS key ARN, not the key itself.
The CA Model
Kakunin operates as a Certificate Authority (CA) — the same role played by DigiCert or Let's Encrypt for web certificates.
| Web PKI | Kakunin Equivalent |
|---|---|
| Certificate Authority | Kakunin — issues X.509 certs to AI agents |
| Website cert in TLS handshake | Agent presents cert serial in request header |
| Browser trust store | Your gateway running the @kakunin/verify SDK |
| OCSP real-time check | GET /v1/verify/:serial — public, no auth required |
| Certificate revocation | POST /v1/certificates/:id/revoke — propagates in seconds |
Behavioral Monitoring
Certification alone proves identity. It does not prove behavior. Kakunin adds a second layer: behavioral fingerprinting.
Every action your agent takes — tool calls, data access, decisions — can be streamed to Kakunin as a behaviour event. Each event is scored in real time by an AI anomaly detector. The score drives a risk band:
| Band | Score | Meaning |
|---|---|---|
low | < 0.3 | Normal operation |
medium | 0.3–0.84 | Elevated — monitored |
high | ≥ 0.85 | Triggers auto-revocation check |
This is the equivalent of a trader surveillance system — not blocking the agent, but creating a defensible record of everything it did.
AI Agent Audit Trail (WORM Storage)
Every operation in Kakunin writes to an append-only, tamper-proof AI agent audit trail backed by S3 Object Lock (WORM storage). Rows cannot be modified or deleted — not even by Kakunin.
This means a compliance officer can reconstruct exactly what an agent did, when, and whether it was authorized at the time.
What This Enables
A Chief Risk Officer who deploys AI agents via Kakunin can say:
"Agent ID
trading-bot-7f3a, credentialed on this date, with this model version, was authorized to access this system. Its certificate was valid at the time. Here is the behavioral record. Nothing was modified after the fact."
That is the artifact that makes AI deployment defensible in regulated industries.