Trust + Architecture
Built for industrial buyers who can't afford surprises.
Industrial AI is judged on the worst day, not the best. KPT's architecture is designed around the question every plant manager actually asks: "what's the worst-case scenario if this thing misbehaves?"
This page reads top-to-bottom but is structured for three audiences: corporate stakeholders, plant + process engineers, and IT + security teams. Skip to your section if you're short on time.
For corporate stakeholders
Six promises KPT makes to every buyer.
The non-negotiables. They live in our contracts as warranties, not marketing claims.
Glass-box AI, not black-box rules
Every variable KPT promotes comes with a human-readable explanation: which features drove the lift, what the counterfactual says, what the next experiment would test. We can show the operator why the model is recommending a change before they approve it.
30-day shadow-run trust gate
Every variable KPT activates has been A/B-tested against your real data for 30 days minimum, with statistical significance before promotion. Industrial buyers fear 'what if it makes things worse?' — we built the answer into the product.
Cloud + On-Prem, one codebase
KPT runs as a multi-tenant SaaS at lighthouse.kpt.tech AND as an on-prem container in your datacenter. Same optimization engine, same UX, same release cadence. Cross-deployment learning happens via federated patterns, never raw data.
Planner-in-the-loop writes
KPT never writes to your ERP / MES without explicit human approval. Recommendations flow through a review UI; planners audit, override, or approve. The system of record stays the system of record.
Per-tenant data isolation
Cloud tenants live behind row-level security policies and managed authentication. On-prem tenants get a tenant-controlled encryption key — KPT cannot decrypt the local model fine-tune even with a full infrastructure compromise.
No ERP, MES, WMS or TMS customization required
KPT layers on top of your existing core systems — ERP (SAP, Oracle, Dynamics), MES, WMS, TMS — via standard APIs. We never modify your system-of-record configuration. Your core stack stays clean, audit-friendly, and migration-safe.
Update: know how KPT integrates with SAP S/4HANA — today, in 90 days, and certified.
For plant + process engineers
What it actually means on the plant floor.
The four design decisions that determine what happens on your shift when KPT recommends a change — or when KPT itself has a bad day.
Promotion gate
30 days, statistical significance, then live
Every new variable enters a shadow run: KPT computes the recommendation but doesn't apply it. We track the recommendation against what actually happened on your line for 30 days. Only variables that beat the baseline at statistical significance graduate to LIVE — and you see the full A/B history before the promotion button is enabled.
Write path
Planners approve. Always.
Even a LIVE variable doesn't auto-write. KPT generates a recommended change; your planner sees it in the review queue with the explanation and the projected impact; they approve, override, or reject. The write only happens after that approval — and the decision is logged with the planner's name.
Failure mode
If KPT misbehaves, nothing breaks
KPT is a layer that proposes changes. Your existing ERP / MES / WMS / TMS continue to run exactly as they did before KPT was installed. If we go down, your plant runs on the same workflows you had yesterday — we just stop sending recommendations until we're back. There's no critical path through KPT.
Three deployment shapes
Cloud SaaS, isolated cloud, or on-prem container
PoC and small-mid teams run on our shared cloud with tenant-isolated database storage. Enterprise customers get isolated compute lanes (separate network boundary, optionally separate database) on the same managed platform. Highly regulated or air-gapped sites run a signed container in their own datacenter — raw data never leaves your network.
For IT + security teams
Data protection, by architecture.
Four guarantees on data isolation + federated learning, plus six layers of standard security posture. Reviewable by your compliance team; enforceable by audit.
Raw data never leaves your premises (on-prem mode)
When KPT is deployed on-prem, the agent has no outbound endpoint capable of exporting sensor readings, MES events, recipe parameters, or any operational telemetry. Outbound traffic is restricted to a hardcoded allowlist: signed software updates from KPT's release registry, federated model warm-starts on agent boot, and (opt-in only) encrypted aggregated updates to the federation. The allowlist is enforceable by audit and is published in our contract documentation.
No single party — including KPT — ever sees an individual customer's gradients
When you opt in to federated pattern learning, your agent ships DP-noised gradient updates to KPT's coordinator. The coordinator runs secure aggregation: a cryptographic protocol that sums updates from all opted-in customers without decrypting any single contribution. KPT engineers see the aggregated federated model only — never your individual updates. This is mathematically guaranteed by the protocol, not just a policy commitment.
Aggregate statistics carry differential-privacy noise
Cross-customer aggregates KPT publishes (e.g., "across our confectionery customers, mixing-time variables averaged +0.5% yield improvement") are generated only when at least five tenants have contributed AND only after a calibrated noise term is added. The noise is sized to a formal differential-privacy budget tracked per publication. Even an adversary with auxiliary knowledge of all but one tenant cannot reverse-engineer the held-out tenant's contribution from any number of aggregates we publish.
Every cross-tenant pattern reaching another customer's screen was reviewed by a named KPT engineer
When a customer's variable graduates to LIVE and clears an impact threshold, the system proposes it as a generalizable archetype for the KPT Commons (the shared pattern library). Before that archetype is published, a KPT process engineer reviews it: abstracts the variable so it's stripped of any tenant-identifying detail, generalizes its preconditions, and decides whether it merges into an existing archetype, becomes a new one, or is rejected as tenant-specific. The review log lists the engineer's name, the date, and the abstraction decision.
Standard security posture
Six layers your security team will recognize.
Identity & access
Managed identity provider, JWT-based session tokens, refresh-rotation on every authenticated request, MFA-ready. Internal staff role-switching to a customer tenant is gated and logged with the staff member's identity, the originating tenant, the target tenant, and the timestamp.
Data isolation
Row-level security policies on the managed database enforce per-tenant filtering at the storage layer. A forgotten WHERE-clause in application code cannot leak data across tenants — the database refuses. Cross-tenant reads are mathematically impossible without an explicit policy override (which itself is audited).
Network edge
TLS 1.2+ everywhere, HSTS, CAA-pinned certificate issuance restricted to a single trusted CA, automatic DDoS protection at the CDN edge. No long-lived API keys in browser context; all privileged calls flow through the managed identity layer.
Secrets & encryption
Application secrets live in a managed vault and rotate on a fixed schedule; no long-lived keys in source, in env files, or in CI. Data at rest uses AES-256 at the storage layer. On-prem deployments get a tenant-controlled key so KPT cannot decrypt the local model fine-tune even with a full infrastructure compromise.
Audit log
Append-only per tenant. Every state-changing action — variable promotion, demotion, subscription change, KPT-staff tenant switch, suggestion approval, password reset — writes an immutable row with the actor, the subject, and the metadata. The log survives container restarts, infrastructure rebuilds, and migrations. Enterprise customers can export their full audit trail at any time.
Never-erase migration policy
Every database migration is additive by default. Destructive operations require an explicit BACKWARD_INCOMPATIBLE header in the migration docstring with a written justification. CI blocks any migration without it from reaching production. Combined with automatic pre-migration snapshots, customer data cannot be lost through engineering action.
For engineers
Architecture, in patterns.
Enough detail for your engineering team to evaluate KPT competently — not enough for a competitor to clone the integration glue. Specific vendor names, service IDs, and config detail live in NDA-gated docs we share during security review.
Ingestion
Connectors pull from your ERP / MES / WMS / TMS on a schedule you control. Validation + normalization + tenant-tagging happen at the boundary; raw input is never trusted as-is downstream.
Tenant isolation
Every request carries a tenant claim, set as a database session variable on entry. RLS policies on every customer-scoped table enforce filtering. The application code path doesn't enforce tenant scoping — the database does.
Optimization engine
Multivariate constraint solver (CP-SAT + custom branch-and-bound for the heavy edges) over your full variable surface, plus an ML pattern-discovery layer that proposes new variables, plus an LLM-assisted variable-suggestion stage for natural-language operator input. Stateless — every run is reproducible from inputs.
Promotion gate
Shadow-run harness records the model recommendation alongside the actual outcome for 30 days minimum. Variables only graduate when the lift is statistically significant. The gate is part of the engine, not a downstream check.
Planner UI
Glass-box presentation of recommendations: which variables drove the change, what the counterfactual says, what the next experiment would test. Planner approves, overrides, or rejects. The decision is logged with the planner's identity before any write-back.
Write-back
Standard APIs into your ERP / MES / WMS / TMS — no customization on your side, no schema changes. Writes are gated behind planner approval and audited. If your system-of-record refuses the write, the recommendation is parked, not lost.
Impact tracking
KPI attribution layer measures the actual delta between KPT-on and KPT-off windows for every promoted variable. Powers the leaderboard customers see; powers the contracts we sign (we get paid on measured impact, not vibes).
What's NOT in the stack
Five things we deliberately don't do — usually the question security reviewers ask second.
- × Third-party analytics or session-replay trackers on customer dashboards.
- × Outbound calls to KPT during on-prem mode that aren't on the published allowlist.
- × Customer raw data flowing to LLM providers — only abstract variable metadata does.
- × A "model improvement" pipeline that scrapes customer data without explicit opt-in.
- × KPT staff with standing access to customer data. Access is role-switched + logged per session.
Specific vendor + service IDs, version pinning, and integration test suites are shared under standard mutual NDA during security review. Contact security@kpt.tech to request the package.
How to engage
For deeper review.
We support most of the formal review processes enterprise IT and compliance teams use, on a standard mutual-NDA basis.
Security questionnaires. We answer the common ones (CAIQ, SIG, custom internal forms) within 5 business days for active opportunities.
SOC2-readiness review. We share our current control mapping, gap analysis, and remediation timeline. SOC2 Type 2 attestation is on the 2026 roadmap.
Third-party penetration audit. Enterprise customers can run a one-time pen test on the staging environment or contract their preferred auditor for an annual scope. We provide the test surface + remediation SLA.
Custom contractual terms. Federated-learning opt-out, data-residency commitments, breach notification windows, and audit rights are negotiable in the enterprise MSA.
Trust isn't a feature
It's the whole architecture.
The 30-day shadow-run trust gate, the glass-box AI, the planner-in-the-loop write path, the per-tenant data isolation — these aren't sales bullets. They're the answer to the only question that matters in industrial AI: what happens when it misbehaves?