Centralized control over how your organization uses AI.
Kairro’s policy engine defines exactly what AI usage is allowed, when, and under what conditions. Policies combine DLP rules, tool restrictions, severity thresholds, and contextual logic into a unified enforcement layer—executed in real time inside AI workflows.
What Policies Control
Define allow/warn/block, scope, criteria, and downstream actions.
Allow, Warn, or Block an AI action.
Org-wide, team-level, or identity-level application.
DLP severity, regex patterns, AI tool/domain, input type, token limits, contextual metadata.
Log events, store DLP matches, update Shadow AI, trigger notifications/integrations.
Policy Model
Core entities that drive real-time AI enforcement.
Type: DLP, SHADOW_AI, ACCESS_CONTROL, OTHER
Status: DRAFT, ACTIVE, DISABLED
Scope: ORG, TEAM, IDENTITY
Priority: lower = earlier evaluation
isDefault: auto-applied by system
Rule kinds: DLP, ALLOW_TOOLS, DENY_TOOLS, DOMAIN_RESTRICTION, TOKEN_LIMIT, OTHER.
Actions: ALLOW, BLOCK, WARN, MASK, ALERT.
Criteria (JSON): minSeverity, regex (prompt/completion/both), allow/deny tools, token threshold, custom matching.
How Policy Evaluation Works
Evaluated in /v1/extension/evaluate with deterministic sequencing.
approvedSites (applyPolicies true/false), unapprovedTools (action/severity). Short-circuit unapproved; bypass if applyPolicies=false.
maxSeverity, matches, snippets, totalMatches feed the policy engine.
Org/team/identity policies; ruleMatchesContext; strongest severity wins. Fallback: HIGH/CRITICAL→BLOCK, MEDIUM→WARN, else ALLOW.
action, riskLevel, reasons, eventId, DLP summary. Extension enforces instantly and logs for telemetry.
Default Policies
Safe baseline via ensureDefaultPolicies.
Block on HIGH/CRITICAL DLP
Warn on MEDIUM DLP
Risky domains/tools
Paste sites, unapproved AI tools, optional model/domain blocks.
Identity-sensitive defaults
Admin Policy Management
Active, Draft, Disabled, Default, Custom.
Add/remove rules, adjust action/severity, regex, tool lists, scope, priority, advanced matching.
Actor, timestamp, change description, policy reference for compliance traceability.
Policy Delivery to Extensions
Policies enforced server-side; extensions fetch optimized config.
Returns approved AI tools (patterns + applyPolicies), unapproved tools (action/severity), and version metadata for caching.
Unapproved tool detection, fail-closed on invalid license/expired subscription; sensitive policy data stays server-side.
Subscription Enforcement & Fail-Closed
Subscription validation before any policy evaluation.
Valid license required
Active subscription
Endpoint limits enforced
Fail-closed on errors
Evaluate failures trigger fail-closed behavior in the extension.
Why Kairro’s Policy Engine Is Different
Evaluates prompt content, model details, identity, DLP matches, tool classification, and token usage.
Prompt-by-prompt enforcement before data is sent; redacted, privacy-safe logging.
Policies interact with DLP, Shadow AI, governance, event telemetry, integrations, notifications.
Clear priorities, structured rules, transparent fallback logic; fully logged for audits.
The Result
Kairro policies let organizations embrace generative AI with confidence.