Responsible AI
KTLYST uses AI to help security teams learn faster, not to replace their judgment. Here is how we build and deploy AI responsibly.
Last updated:
Why This Matters
KTLYST sits at the intersection of AI and enterprise security. The artifacts we help create, detection rules, governance policies, and response playbooks, directly affect how organizations defend themselves. That means the AI in our platform must be trustworthy, transparent, and accountable.
We believe AI should amplify human expertise, not obscure it. Every design decision we make starts from that premise.
Our Principles
Transparency
Every AI-generated artifact includes a full provenance chain. You can trace any output back to its source input, the model that processed it, and the validation gates it passed through. No black boxes.
Human in the Loop
AI assists, humans decide. Every governed artifact requires human review and approval before it reaches production systems. We design for expert oversight, not autonomy.
Data Sovereignty
Your security data stays yours. We do not train models on customer data. We do not share customer data between organizations. Customer environments are isolated by design.
Zero-Inference Extraction
Our AI extracts what is explicitly stated in source documents, not what it infers or assumes. This eliminates hallucinated detections and ensures artifacts reflect real intelligence, not model speculation.
Validation at Every Step
AI-generated outputs pass through 27+ validation gates before reaching production. Schema validation, syntax checking, semantic review, and human approval are all required, not optional.
Measurable Outcomes
We track and report accuracy, false positive rates, and artifact quality metrics. If an AI component does not improve outcomes for security teams, we do not ship it.
How We Use AI in KTLYST
AI serves specific, bounded functions in the KTLYST platform. Here is what AI does and does not do.
AI does
- Extract structured data from unstructured security documents (advisories, postmortems, intel reports)
- Normalize findings into governed, schema-compliant artifacts
- Translate artifacts into platform-specific formats (Splunk SPL, Snowflake SQL, Elastic KQL, Sigma)
- Flag inconsistencies between existing detections and new intelligence
- Suggest improvements based on new learning events across the organization's history
AI does not
- Make deployment decisions - humans approve every artifact before it reaches production
- Access production systems autonomously - all enforcement requires explicit authorization workflows
- Train on customer data - customer data is never used to improve our models or shared across tenants
- Override human judgment - when AI output conflicts with expert review, the expert wins
- Operate without audit trails - every AI action is logged with full provenance
Data Governance in AI Workflows
Tenant isolation
Each customer's data is processed in isolated environments. No cross-tenant data mixing, no shared model fine-tuning, no data leakage between organizations.
No model training on customer data
We do not use customer security data to train, fine-tune, or improve AI models. Your threat intelligence, incident reports, and detection rules are never part of any training dataset.
Encryption in transit and at rest
All data is encrypted using TLS 1.2+ in transit and AES-256 at rest. AI processing occurs within encrypted environments.
Retention controls
Customers control data retention policies. When data is deleted, it is removed from all systems, including any intermediate AI processing caches.
Audit logging
Every AI interaction is logged: what input was provided, what model processed it, what output was generated, who reviewed it, and whether it was approved or rejected.
Bias and Fairness
In security contexts, bias in AI can mean missed threats, false positives targeting specific systems, or skewed prioritization. We address this through:
- Diverse validation sets - testing AI outputs against varied threat types, attack vectors, and platform configurations
- Human review gates - domain experts review AI outputs before deployment, catching patterns automated testing might miss
- Continuous monitoring - tracking output quality across different input types to detect degradation or skew
- Source diversity - supporting multiple intelligence sources to reduce single-source bias in extracted artifacts
Third-Party AI Models
Where we use third-party AI models (such as large language models for extraction and translation), we apply the following safeguards:
- We evaluate each provider's data handling, retention, and training policies before integration
- We use API configurations that disable model training on our inputs where available
- We do not send raw customer data to third-party models without anonymization or abstraction
- We maintain the ability to switch providers without affecting customer workflows
AI Incident Response
If an AI component produces harmful, inaccurate, or unexpected outputs:
- Validation gates catch and block the output before it reaches production
- Affected artifacts are flagged and quarantined for review
- The incident is logged with full context for investigation
- Customers are notified if any approved artifact is later found to be affected
- Root cause analysis informs updates to validation rules and processing pipelines
Regulatory Alignment
We design our AI practices to align with emerging AI governance frameworks.
- EU AI Act - our use of AI in security operations falls within risk categories that require transparency and human oversight, both of which we provide by default
- NIST AI Risk Management Framework - we follow NIST AI RMF principles for identifying, assessing, and mitigating AI risks
- ISO 42001 - our AI management practices align with ISO 42001 requirements for AI governance systems
- SEC/DORA - for regulated industry customers, our provenance and audit capabilities support compliance with disclosure and operational resilience requirements
Our Commitment
We are building a product that security teams trust with their most critical learning. That trust starts with how we use AI. We will continue to update this page as our practices evolve, as regulations develop, and as we learn from our design partners and customers.
Questions about our AI practices? Reach out at crew@ktlystlabs.com.