KPT logo KPT
Talk to KPT
← Back to KPT

Trust + Architecture

Built for industrial buyers who can't afford surprises.

Industrial AI is judged on the worst day, not the best. KPT's architecture is designed around the question every plant manager actually asks: "what's the worst-case scenario if this thing misbehaves?" Six pillars that answer it.

01

Glass-box AI, not black-box rules

Every variable KPT promotes comes with a human-readable explanation: which features drove the lift, what the counterfactual says, what the next experiment would test. We can show the operator why the model is recommending a change before they approve it.

02

30-day shadow-run trust gate

Every variable KPT activates has been A/B-tested against your real data for 30 days minimum, with statistical significance before promotion. Industrial buyers fear 'what if it makes things worse?' — we built the answer into the product.

03

Cloud + On-Prem, one codebase

KPT runs as a multi-tenant SaaS at lighthouse.kpt.tech AND as an on-prem container in your datacenter. Same optimization engine, same UX, same release cadence. Cross-deployment learning happens via federated patterns, never raw data.

04

Planner-in-the-loop writes

KPT never writes to SAP / MES without explicit human approval. Recommendations flow through a review UI; planners audit, override, or approve. The system of record stays the system of record.

05

Per-tenant data isolation

Cloud tenants live behind Postgres row-level security and AWS Cognito authentication. On-prem tenants get a tenant-controlled KMS key — KPT cannot decrypt the local model fine-tune even with a full infrastructure compromise.

06

No SAP customization required

KPT layers on top of your existing SAP / MES / WMS / TMS via standard APIs. We never modify SAP-side configuration. Your system of record stays clean, audit-friendly, and migration-safe.

Architecture stack

AWS-native. Multi-tenant. Audit-clean.

Authentication. AWS Cognito for user identity, JWT-based session tokens with httpOnly cookies, refresh-rotation on every authenticated request.

Database. Aurora Serverless v2 PostgreSQL with row-level security policies. Every query carries an automatic tenant filter; cross-tenant reads are mathematically impossible without an explicit policy override.

Compute. ECS Fargate with auto-scaling. Each tenant's optimization runs in an isolated compute lane; the engine itself is stateless.

Secrets. AWS Secrets Manager for the Anthropic API key and the database DSN. Rotated quarterly. No long-lived keys in code, in env files, or in CI.

Observability. CloudWatch metrics + log aggregation. Login canary monitor at 15-minute cadence. Audit log of every privileged action (promotion, demotion, tenant switch).

Trust isn't a feature

It's the whole architecture.

The 30-day shadow-run trust gate, the glass-box AI, the planner-in-the-loop write path, the per-tenant data isolation — these aren't sales bullets. They're the answer to the only question that matters in industrial AI: what happens when it misbehaves?

Schedule a discovery call → See the live demo