TRUST · RESPONSIBLE AI
KAVACH supports three operating modes — manual engineering, deterministic automation, and AI-assisted acceleration. Engineer review is the source of truth in every mode. AI-assisted workflows can be configured or disabled per programme.
ENGINEER-IN-THE-LOOP, BY DESIGN
KAVACH does not produce autonomous risk-treatment decisions or Cybersecurity Case content. Every AI-assisted suggestion is presented to the engineer for review and can be accepted, modified, or rejected before it becomes part of the recorded work product.
THREE OPERATING MODES
MODE 01
Engineers drive every step of the workflow — architecture entry, threat identification, attack-path construction, risk treatment, evidence assembly. AI-assisted suggestions are not invoked. This mode is first-class, not a fallback.
Use case: Programmes that require fully engineer-driven workflows, customers with internal policies that restrict AI assistance, or teams running training and onboarding sessions where each step is taught explicitly.
MODE 02
Engineers drive the engineering decisions; rule-based automation handles repetitive structuring — mapping architecture elements to standard asset classes, propagating shared properties, or stamping consistent metadata across linked artefacts. The same input produces the same output.
Use case: Programmes that want consistency across repeated ECU families or platforms but do not want generative AI in the workflow. Auditable, deterministic, and reproducible.
MODE 03
Engineers drive the engineering decisions; AI-assisted features suggest candidate threats, attack-path patterns, control mappings, and draft work-product text from a curated automotive cybersecurity corpus. Every suggestion is presented for engineer review and can be accepted, modified, or rejected.
Use case: Programmes that want to shorten the time from architecture to a first reviewable TARA draft while keeping engineer review as the source of truth. AI-assisted acceleration can be enabled, scoped, or disabled per programme.
AI CONFIGURATION CONTROLS
Each AI-assisted feature can be configured at the workspace level — enable, scope to specific workflows, or disable entirely.
Engineer review is required before any AI-assisted suggestion becomes a recorded work product.
Suggestions are accompanied by source references from the curated corpus, so reviewers can trace where a recommendation came from.
AI-assisted features do not perform autonomous risk-treatment decisions or sign-off on Cybersecurity Case content.
AI configuration is part of the programme deployment agreement — changes are auditable and visible to the customer.
BOUNDARIES — WHAT KAVACH IS NOT DESIGNED TO DO
Training models on customer architecture, TARA outputs, attack paths, or other programme data, unless explicitly agreed in writing.
Sharing customer data across customer-dedicated deployments. Each customer-dedicated VPC is single-tenant.
Replacing engineer review. AI-assisted suggestions never become recorded work products without engineer confirmation.
Producing legally-binding regulatory submissions. Cybersecurity Case content is prepared by engineers and reviewed by the customer team before submission.
FAQ
Some customers require AI off; others want it scoped to specific workflows; others want full acceleration with engineer review. We walk through configuration options in a working session.