Announcement4-week governed pilot: move one real workflow into controlled production
KLA Digital Logo
KLA Digital
Documentation Menu
KLA Documentation
Core Concepts

Security & Compliance

How KLA protects data in flight, isolates tenants, and turns every control into audit-ready, cryptographically verifiable evidence.

5 min read1036 words

The KLA Control Plane is a govern-in-place runtime safety, audit, and governance layer for enterprise AI agents. Because KLA sits in the execution path of agents that touch real customer data and trigger real business actions, its security posture is not a feature list. It is the foundation that makes the evidence trustworthy. This page is written for compliance, risk, and audit officers, and for security reviewers conducting due diligence. It explains how data is handled, how trust is enforced cryptographically, who can do what, and how every control maps to the frameworks you report against.

A single principle runs through everything below: controls produce evidence, and evidence is tamper-evident. A policy decision is not merely enforced; it is captured as a Lineage Record (a structured trace of an agent's actions and the decisions made on them) and anchored to a cryptographic ledger so it can be independently verified later.

Data Handling

KLA is built to minimize what sensitive data ever leaves your environment and to isolate what does.

  • PII redaction in transit. Agent activity is captured as OpenTelemetry spans and sent to the KLA Collector, which redacts personally identifiable information (emails, payment numbers, secrets, API keys) before the data is written to durable storage. Redaction happens in flight, so raw PII is not persisted in the evidence pipeline.
  • Tenant isolation. Every record is scoped to a tenant. API calls carry an x-tenant-id header alongside the bearer token, and storage enforces row-level isolation so one tenant can never read another's Lineage Records, Releases, or Sealed Evidence Bundles.
  • Least-privilege execution. Agents act through a governed Tool Catalog (the inventory of tools an agent is permitted to call) and Secrets Vault (governed secret storage). A Decision Request is evaluated against policy before a tool runs, so an agent only ever executes the narrowest set of actions a policy explicitly allows.
ℹ️ Note
Redaction is applied before persistence, not after. If a value is masked in transit, the unmasked value never reaches the cryptographic ledger, so it cannot later be reconstructed from your evidence.

Encryption & Signing

Trust in KLA is enforced with cryptography at three points, not by convention.

Control What it secures
mTLS between services Every internal hop is mutually authenticated and encrypted. Each service proves its identity with a certificate, so traffic cannot be spoofed or intercepted between components.
Signed policy packs Declarative YAML policies are simulated, then compiled into a Control Pack-grade signed policy pack. The runtime only loads packs whose signature it can verify, so an unauthorized or modified policy cannot take effect.
Sealed Evidence Bundles Exports are cryptographically sealed and carry a Merkle proof for each Lineage Record, so any third party can verify the export is complete and unaltered.

Identity & Access

KLA authenticates every caller through standard OAuth2 / OIDC (OpenID Connect). There are no static, shared API keys for human users.

  • Human users sign in through a browser-based PKCE flow against your identity provider and receive a short-lived bearer token.
  • Service accounts (machine callers such as a CI pipeline registering a Release) use a confidential OAuth2 client and exchange a client secret for a token.
  • Roles govern what a principal can do. For example, a reviewer role can act on the Decision Desk, while an approver role can resolve a paused Escalation.

Every API request presents both headers:

curl https://api.kla.digital/v1/tenants.current \
  -H "Authorization: Bearer $KLA_ACCESS_TOKEN" \
  -H "x-tenant-id: $KLA_TENANT_ID"
💡 Tip
For token issuance, client registration, and the PKCE versus service-account decision, see the [Authentication](/docs/getting-started/authentication) guide.

Tamper-Evident Audit

The evidence pipeline is what lets a reviewer trust a record they did not personally observe being created.

flowchart LR
  A["Agent action"] --> B["OpenTelemetry spans"]
  B --> C["KLA Collector"]
  C -->|"PII redaction"| D["ImmuDB ledger"]
  D -->|"Merkle proof"| E["Sealed Evidence Bundle"]

Spans are hashed and committed to ImmuDB, an append-only cryptographic ledger. Records cannot be deleted, modified, or re-ordered after the fact. Each batch publishes a Merkle root hash, and any auditor can recompute hashes from a Sealed Evidence Bundle to confirm the history was not tampered with. This is what we mean by Independent Verification: you do not have to trust KLA's word, you can verify the math.

Trust Boundary

The diagram below shows where your data is, where KLA enforces controls, and what crosses each boundary.

flowchart TD
  subgraph Customer["Customer environment"]
    AG["Instrumented agents"]
  end
  subgraph KLA["KLA Control Plane"]
    GATE{"Policy decision"}
    COL["Collector and redaction"]
    LED["ImmuDB ledger"]
  end
  AG -->|"mTLS spans"| COL
  AG -->|"Decision Request"| GATE
  GATE -->|"require_approval"| DESK["Decision Desk"]
  COL --> LED
  LED --> ROOM["Evidence Room"]

Policy is evaluated in process for the Govern in Place pattern, so a block or require_approval outcome stops the action before it executes. Only redacted, signed evidence crosses into long-term storage.

Control Mapping

The Evidence Room is where security posture becomes a compliance deliverable. Control Mapping links KLA's controls to the requirements of the frameworks you report against, and a Control Pack is the export you hand to an auditor. The table below maps a KLA capability to what it gives a reviewer.

KLA capability What a reviewer gets
Policy-gated execution (allow, warn, require_approval, block) Evidence that risky actions were enforced or escalated, satisfying EU AI Act Annex IV records of human oversight and risk controls.
Decision Desk escalations A signed record of every human approval, including who approved, when, and on what context.
Lineage Records + ImmuDB A tamper-evident audit trail demonstrating SOC 2 Type II logging, integrity, and change-management controls.
PII redaction + tenant isolation Evidence of data-minimization and segregation controls for privacy and confidentiality reviews.
Sealed Evidence Bundles A self-verifying export with Merkle proofs, removing the need to trust the provider's storage.
🛡️ Important
A **Control Pack** is generated from sealed evidence, not re-assembled by hand. The artifact you submit is the same data that was anchored at runtime, so what you attest to and what actually happened cannot diverge.
PreviousEvidence-by-Default
NextCommand & Dashboard
Security & Compliance | Developer Docs | KLA Control Plane