AI agents are making real decisions β executing trades, accessing patient data, filing documents. But there's no way to prove what an agent is, what it's allowed to do, or what it actually did. Kakunin fixes that. It issues X.509 certificates to AI agents, monitors their behavior in real time, and auto-revokes access when risk crosses a threshold. Regulator-ready audit reports in one click. Works with LangChain, CrewAI, AutoGen, CAMEL, Mastra, Vercel AI SDK. Python and TypeScript SDKs.
Interactive





Free Options
Launch Team / Built With





Which specific MiCA articles does Kakunin satisfy? Will a regulator actually accept this?Β Β
@kushwaha_8521Β Specific articles Kakunin addresses evidence for:
MiCA (Regulation EU 2023/1114)
Art. 70 β Operational resilience: cryptographic agent identity + kill switch + incident audit trail
Art. 72 β Record keeping: immutable append-only audit log (WORM-backed), revocation reasons structured per spec, 5-year retention
Art. 75 β Outsourcing/third-party AI: provable chain of who authorised each agent and when
EU AI Act
Art. 9 β Risk management system: continuous behavioral risk scoring with documented thresholds
Art. 12 β Record keeping for high-risk AI: tamper-evident decision chain logs
Art. 14 β Human oversight: revocation API + kill switch with signed halt receipt
Will a regulator accept it?
Honest answer: Kakunin produces the evidence β signed certs, immutable logs, structured compliance reports. Whether a specific regulator accepts that evidence depends on their interpretation and your overall compliance posture. We don't claim to be a certification body.
What we do claim: if a regulator asks 'prove this AI agent was authorised to operate, what it did, and that you could stop it' β Kakunin answers all three with cryptographic proof.
How is the X.509 cert different from just using an API key or JWT?
@manish_mehta6Β 1. Cryptographic identity, not shared secret 2. Regulator-recognisable format 3. Lifecycle with legal weight - answered in more detail in another comment with similar query.
@palash_bagchi How do you handle high-frequency agents? (trading bots firing 1000s of events/min)
@maurya_abhiranjanΒ Built for it. Event ingestion is async/non-blocking β fire and forget, queued via QStash, processed in background. No per-event latency. Risk scoring runs on sliding windows, not triggered per-event. Rate limits configurable per tenant β reach out for high-volume trading workloads.
@palash_bagchi Can I self-host this, or is it cloud-only?
@suyash_krΒ Self hosting may be possible, but only in the Enterprise plan.
Β
What happens if an agent's cert is compromised β how fast is revocation?Β Β
@kumar_ritesh21Β Revocation is instant. One API call to POST /v1/certificates/{id}/revoke and:
Cert status β revoked in DB immediately
Agent β suspended in the same DB transaction
certificate.revoked webhook fires to your systems within seconds
CRL (Certificate Revocation List, RFC 5280) regenerated immediately via background job β not on a 24h schedule
For auto-revocation: if an agent's risk score hits 0.85+ (our high-risk threshold), revocation triggers automatically β no human needed.
Verifiers checking the CRL see the revoked cert within seconds of the job completing. The CRL is KMS-signed so it can't be tampered with in transit.
Retainly Email Content Spam Checker
Does it delay the transactions, and if yes, then by how much ?
@raajesh_rpΒ Nice question. Kakunin adds zero latency to agent transactions.
Architecture is out-of-band, not inline:
Cert issuance β happens once at agent registration. KMS signs (~200β400ms). Never repeated per transaction.
Behavioral events β your agent POSTs to /api/v1/agents/{id}/events fire-and-forget. Kakunin queues via QStash and returns 202 immediately. Event processing (risk scoring, anomaly detection) runs async in background.
Cert verification β standard X.509 check. Done by the verifier locally against the cert PEM. No Kakunin server call required.
Kakunin is a compliance observer, not a transaction proxy. It never sits in your agent's critical path.
Only latency touchpoint: if you build a gate that blocks an agent when cert is revoked β that's your architecture choice, not Kakunin's default.