Capabilities & packages

See it. Protect it. Prove it.

One platform, three tiers — each with one job. Foundation sees your AI, Growth protects it, Fortress proves it to your regulator and scales. Plus Sovereign for air-gapped deployment. Buy a tier, or add single features à la carte.

Your gateway shows your API bill. Who is scoring the security, compliance and cost of every copilot and agent?

Foundation
Illuminate · see your AI
Trust & Risk Score, full estate + shadow-AI discovery, peer benchmarking and AI cost — plus three à-la-carte bridges (Firewall, DLP, Identity) to sample enforcement.
6 always-on capabilities · 3 bridges
Most popular
Growth
Defend · protect your AI
The runtime stack: gateway + prompt firewall, router, agentic monitor, DLP, identity, compliance & evidence, incident response and budget control. Threat intel, governance, red-team, SBOM, SIEM and chargeback as add-ons.
All Foundation + the Defend runtime stack
Fortress
Command · prove it & scale
Everything included — every Growth add-on plus regulator evidence packs, hash-chained and audit-ready. No add-ons, no surprises. APRA · ISO 42001 · NIST AI RMF.
All features · API · no add-ons
Coming soon
Sovereign
Your jurisdiction, your perimeter
Everything in Fortress, deployed air-gapped and fully data-resident with dual-region — for government, defence and tier-1 BFSI.
Fortress + air-gapped / data-resident overlay

One platform from Illuminate to Command — move up a tier, never re-platform. Talk to sales for full entitlement detail.

Packaging

Simple to buy. Hard to outgrow.

Each tier is a superset of the last; three bridges let you sample enforcement from Foundation; Growth add-ons build on the runtime stack. Sovereign is Fortress, air-gapped.

Rule 1

Buy up the ladder

Each tier is a superset of the one below, so every feature’s prerequisites are always present. Foundation → Growth → Fortress.

Rule 2

Three Foundation bridges

Firewall, DLP and Identity are the only à-la-carte way up from Foundation — each self-contained, so you sample one enforcement capability without buying all of Growth.

Rule 3

Growth add-ons need Growth

Threat Intel, Governance, Red-Team, SBOM, SIEM and Chargeback build on the runtime stack — offered once you’re on Growth, never on Foundation. Fortress includes everything, no add-ons.

Enforced, not just stated. The platform’s feature-dependency model blocks any purchase whose prerequisites are missing — a Foundation tenant can’t buy Regulator Evidence Packs without the compliance stack. Sovereign = everything in Fortress, deployed air-gapped and fully data-resident.
Highlight a tier
FeatureFoundationIlluminateGrowthDefendMost popularFortressCommandSovereignAir-gapped
Always-on — included on every tier
AI Risk ScoringRisk scored from live AI telemetry
Peer BenchmarkingBenchmarked against anonymised peers
Remediation RoadmapRanked fixes and the score lift
AI Estate DiscoveryFinds every AI and shadow AI
AI Trust & Risk ScoreOne headline Trust Index
AI Cost ObservabilityAI spend by model, team and app
AI security & guardrails
AI Gateway & Prompt FirewallBlocks injection, jailbreak, leakageBridge
AI Gateway RouterSmart routing, failover, fallback
Agentic AI Behaviour MonitorFlags anomalous agent behaviour
AI Threat IntelligenceLive AI-threat feed enrichmentAdd-on
AI Governance PoliciesAuthor and map governance policiesAdd-on
Data, identity & compliance
AI Data Security (DLP)Detect and redact PII and egressBridge
AI Identity & AccessHuman and non-human AI accessBridge
Compliance & EvidenceTrack obligations and posture
Incident Response PlaybooksCorrelate signals into incidents
FinOps & cost control
Rate-Limit & Budget ControlCap spend; runaway-agent safety belt
Showback / ChargebackAttribute AI cost to teamsAdd-on
Enterprise & model integrity
Model Threat Simulation / Red-TeamAdversarial model stress-testsAdd-on
Model Supply-Chain SBOMModel BOM: CVEs, signing, licenceAdd-on
XDR / SIEM IntegrationStream events to Splunk, SentinelAdd-on
Regulator Evidence PacksRegulator-ready, hash-chained
Coming soon
Agentic AI Security (MCP)MCP tool-call guardrailsSoonSoonSoonSoon
includedBridge sample one capability from FoundationAdd-on needs Growth not availableSoon coming soon
Assessment service suite

See your exposure before you subscribe.

Five fixed-scope engagements (CAT01–05) — each produces a board-ready finding and a clear recommendation. The consulting motion that seeds every platform deal.

CAT01 · 60 questions

LLM Security & Hardening

Workbook, executive deck, technical playbook, executive + practitioner test cases

CAT02 · 50 questions

Agentic AI Risk

Full 8-deliverable set incl. SOW, staff awareness, outreach

CAT03 · 60 questions

AI Privacy & Data Governance

Full 8-deliverable set

CAT04 · 50 questions

Model Integrity & Supply Chain

Full 8-deliverable set

CAT05 · 70 questions

AI Governance & Risk Management

Full 8-deliverable set

Each assessment delivers a questionnaire workbook, executive deck, test cases and an SOW. Engagement scope and entitlements shared on request.

Request a briefing

Govern your AI before your regulator asks.

A 30-minute walkthrough of the Trust Index, the three observation modes and your regulator’s evidence chain — on your estate.

FAQ

Frequently asked questions

What are the Kapālins packages?
Four tiers: Foundation (Illuminate — see your AI), Growth (Defend — protect your AI), Fortress (Command — prove it and scale, everything included), and Sovereign (air-gapped and data-resident, built on Fortress, coming soon).
How many features does the platform have?
21 features across four tiers and six AI categories, spanning security, compliance, identity, agentic and FinOps.
How does Kapālins pricing work?
Pricing is tiered with à-la-carte add-ons, metered on a value metric (the Guard Unit). It is sales-led — request a briefing for a quote scoped to your estate.
Can we start small and add capabilities later?
Yes. Start on Foundation and add one of three bridges to sample enforcement, then move up the ladder as you grow — you move up a tier, you never re-platform.
What are the Foundation bridges?
Three à-la-carte capabilities that let a Foundation customer sample enforcement without buying all of Growth: Firewall (gateway and prompt firewall), DLP (data security) and Identity (identity and access).
What is the difference between Growth and Fortress?
Growth adds protection — gateway, agentic monitor, data security, identity, compliance and evidence, incident response and budget control. Fortress includes everything — red-team, Model SBOM, XDR and SIEM, chargeback and regulator evidence packs — with no add-ons.
Is there an air-gapped or sovereign option?
Sovereign is a deployment overlay — everything in Fortress, air-gapped and data-resident — for the highest-assurance environments. It is on the roadmap (coming soon).
Do we have to re-platform to upgrade?
No. It is one platform from Illuminate to Command — move up a tier, keep your configuration and evidence.