01 · Resources

Documentation, Guides,
and Research.

In development

Documentation

Full integration guides, CLI reference, and API documentation will be published when KYDE reaches public availability.

03 · Blog & Insights

Regulatory analysis, technical deep-dives, and operational guidance for enterprises deploying AI agents at scale.

◆ kyde/blog 9 min read

Trust Is a Number. It Always Has Been.

Introducing the KYDE Trust Score, a behavioral rating for AI agents computed on four inputs: identity, mandate, baseline, and benchmark. Why behavior at the boundary is the only thing that ever qualifies for a score, what coverage means, and where the Trust Score goes next.

Product · Strategic
◆ kyde/blog 16 min read

AI Agent Insurance: Liability, Coverage, and the Evidence Infrastructure

How liability is assigned under EU law (AI Act, PLD 2024, DORA), what AI agent coverage exists today (AIUC-1, Munich Re aiSure, HSB), why certification alone isn't enough, and what behavioral monitoring infrastructure makes AI agents insurable, including the four evidence requirements every enterprise must meet.

Insurance · Liability · Complete Guide
◆ kyde/blog 8 min read

Trust Is Not a Property of Technology. It Is a Property of Infrastructure.

Every transformative technology earns trust the same way: through the confidence infrastructure that grows around it. Hartford Steam Boiler, Lloyd's aviation pools, usage-based auto insurance, and what this means for autonomous AI agents.

Essay · Insurance · Part I of III
◆ kyde/blog 7 min read

The Law Has Assigned Liability. Nobody Can Yet Prove What Happened.

Three EU frameworks, EU AI Act, PLD 2024, DORA, have assigned liability for AI agent failures. The DRCF 'Many Hands' problem, AIUC-1's temporal limits, and the four evidence requirements (complete, continuous, independent, tamper-evident) that liability adjudication actually requires.

Essay · Regulatory · Part II of III
◆ kyde/blog 7 min read

The Telematics for Autonomous Systems

Usage-based auto insurance replaced proxies with real behavioral data. AI agent insurance will follow. This essay examines the technical architecture of continuous behavioral monitoring: Ed25519 signing, hash chaining, WORM storage, behavioral baselines, and why independence from the monitored system is non-negotiable.

Essay · Technical · Part III of III
◆ kyde/blog 14 min read

AI Agent Governance: The Complete Enterprise Guide

What AI agent governance is, why existing approaches (provider controls, application guardrails, framework observability) fall short, the four structural requirements (identity, scope, enforcement, ledger), and what compliant governance infrastructure actually looks like.

Governance · Complete Guide
◆ kyde/blog 12 min read

Shadow AI: What It Is, Why It's a Risk, and How to Stop It

78% of employees using AI tools at work are using tools IT did not provision. Shadow AI is already in your production systems, here is what it looks like, why it creates regulatory exposure under GDPR and the EU AI Act, and how to govern it without killing adoption.

Security · Complete Guide
◆ kyde/blog 15 min read

EU AI Act Compliance for AI Agents: The Complete Guide

Everything enterprises need to know about EU AI Act compliance for AI agents, Annex III classification, Articles 12, 14, 26 obligations, the December 2, 2027 deadline, the three structural gaps most organizations have, and a six-step action plan for building compliant infrastructure.

Regulatory · Complete Guide
◆ kyde/blog 5 min read

The US and EU Are Converging on the Same Requirements for AI Agents in Critical Infrastructure

NIST, the EU AI Act, and NIS-2 were developed independently, in different jurisdictions, over different timelines. They are converging on the same answer: traceable identity, causal context capture, tamper-evident records, in a governance layer independent of the agents it governs.

Regulatory · Strategic
◆ kyde/blog 5 min read

When Four Regulators Speak in Unison, the Message Is Not Optional

The UK's Digital Regulation Cooperation Forum, CMA, FCA, ICO, and Ofcom, co-signed a foresight paper on agentic AI. The core message: 'my agent did it' is not a defense. Organizational accountability is unchanged regardless of agent autonomy. Here are the seven risks, the 'Many Hands' problem, and what to do before enforcement begins.

Regulatory
◆ kyde/blog 5 min read

Agent Hijacking: The Security Risk Most Enterprises Can't Even Detect

OWASP ranks Agent Goal Hijacking ASI01, the #1 risk facing autonomous AI agents. 48% of security professionals name agentic AI as the top attack vector for 2026. Classical security tools are blind to it. Here is how it works, why it evades detection, and what forensic infrastructure is actually required.

Security
◆ kyde/blog 5 min read

The EU AI Act Is Coming. Regardless of What Brussels Decides in May.

The Digital Omnibus trilogue collapsed on 28 April 2026. No delay has been adopted. The August 2, 2026 enforcement deadline for Annex III high-risk AI systems remains in law. Here is what the collapse means, what four scenarios exist between now and August, and what enterprises deploying AI agents must do now.

Regulatory
◆ kyde/blog 6 min read

AI Agent Security, AI Governance, and Agent Enforcement: Three Categories Enterprises Are Confusing

CISOs and compliance teams are evaluating products that all describe themselves as 'AI governance', but solve fundamentally different problems. This article defines the three distinct categories, maps them to regulatory requirements, and identifies where each falls short.

Reference
◆ kyde/blog 6 min read

Every Vendor Governs Their Stack. Nobody Governs the Chain.

Microsoft has a governance story. Google has a governance story. Every major platform vendor is building agent governance, for the agents that run inside their own stack. Nobody is building governance for what happens between stacks. That gap is not an oversight. It is where most of the risk lives.

Strategic
◆ kyde/blog 5 min read

Your Employees Are Already Using AI. You Just Don't Know How.

78% of AI users bring their own tools to work. Your employees are not waiting for your AI strategy. They already have one, and the data they're processing with it isn't yours to govern yet.

Security
◆ kyde/blog 6 min read

The End of the App Layer: Why MCP Changes Everything About AI Governance

MCP lets AI agents connect directly to enterprise systems, bypassing the application layer that was always the implicit governance control point. The app layer doesn't get rebuilt. It gets bypassed. Something needs to replace the control point it represented.

Technical · Strategic
◆ kyde/blog 5 min read

What Happens When an AI Agent Gets Compromised, And Nobody Has the Logs

ForcedLeak demonstrated prompt injection against production enterprise agents in 2025. The most important question it raises isn't technical, it's operational. If this happened in your environment, would you know?

Security
◆ kyde/blog 5 min read

Shadow AI Is Already in Your Production Systems, You Just Can't See It

Shadow AI is the same problem as Shadow IT, at a different order of magnitude. Every LLM call that touches enterprise data without logging, attribution, or scope is a liability accumulating in silence.

Security
◆ kyde/blog 5 min read

The Missing Layer in Every Agent Architecture

The distinction between agent core and agent harness cuts to the heart of what most enterprise deployments get wrong. Single-user architecture breaks at scale in four predictable ways. The harness isn't an add-on, for enterprise, it's the product.

Technical
◆ kyde/blog 5 min read

HBR Just Described the Problem. Here's the Infrastructure That Solves It.

Harvard Business Review identified four frictions that derail enterprise AI agent deployments: identity, context, control, and accountability. The article stops short of specifying what the infrastructure layer looks like. That's what we build.

Thought Leadership
◆ kyde/blog 4 min read

DORA and AI Agents: Why Your LLM Provider's Log Doesn't Satisfy Article 30

DORA is already in force. Financial entities using AI agents for operational functions have a specific problem: vendor-provided logs don't constitute an independent audit trail. Here's why, and what does.

Regulatory
◆ kyde/blog 5 min read

What the EU AI Act Actually Requires for Audit Trails, And What Most Enterprises Are Missing

The enforcement deadline is August 2, 2027. Most enterprises assume their LLM provider's logs will be sufficient. They won't be. Here's what the regulation actually demands, and where the gaps are.

Regulatory
Technical Why Software Logs Are Not Tamper-Evident, And Why It Matters for AI Agents Coming Soon
Technical MCP Servers and Governance: Every Tool Call Is an Audit Event Coming Soon
Technical The Case Against Provider-Native AI Governance Coming Soon
Thought Leadership Your AI Agents Are Your Workforce. Courts Already Agree. Coming Soon
Thought Leadership From Deploy-and-Hope to Govern-by-Design Coming Soon
04 · Regulatory Context

The frameworks KYDE is designed to address.

EU AI Act

Risk-based framework for AI systems. High-Risk AI System logging requirements.

Urgent

Enforcement: Dec 2, 2027

NIS-2 Directive

Network and Information Security for essential and important entities.

In force: December 2025

DORA

Digital Operational Resilience Act for financial sector entities.

In force: January 2025

GDPR

Art. 22 covers automated decision-making. Art. 35 requires DPIA for high-risk processing.

In force

Questions?

Questions before the docs arrive?

We respond to every message.

hello@kyde.com →