Trust

Built for AI work
you can actually deploy.

Qoris is the trust layer for enterprise AI workers. Scoped access, governed execution, isolated runtimes, and a full audit trail — so AI workers can use tools, access systems, and execute workflows under strict memory, policy, approval, and audit controls.

Book a Security Review Read the Patent Summary

AI workers should not get unrestricted access to your business. Qoris gives them scoped access, governed execution, and traceable actions.

Qoris Trust Stack

Identity

Knox · pre-execution governance

Memory · scoped + governed

Audit · full trace

AI Worker Security Is Different

Traditional security controls who can log in. AI worker security controls what the worker is allowed to do.

Traditional application security controls human access to software. AI worker security has to control what an autonomous system can remember, retrieve, write, call, send, update, approve, or trigger — across tools, memory, channels, browsers, and systems.

An AI worker may draft customer emails, update CRM, retrieve sensitive memory, call MCP tools, review documents, interact with a browser, or trigger workflows across business systems. Qoris is designed around that reality — every meaningful action is scoped, governed, and recorded.

The risk isn't only what the model says. It's what the worker is allowed to do.

How Qoris Protects AI Work

Four layers. One continuous control plane.

Trust in Qoris isn't a single feature. It's a stack — identity establishes who's acting, Knox decides what's allowed, Memory controls what's remembered, and Audit records what happened. Every action moves through all four.

Layer 1 — Identity

Every actor — user, worker, subagent, external agent, API key, runtime — has a clear identity.

Scoped

Layer 2 — Knox

Pre-execution policy checks on every sensitive action.

Structural · in container

Layer 3 — Memory

Scoped recall and governed canonical truth.

Repository-scoped

Layer 4 — Audit

Every action, decision, and approval recorded.

Immutable

Every governed action passes through all four layers.

Who — or What — Is Acting

Every actor in the system has a clear identity.

Every human, worker, subagent, external agent, runtime, API key, tool, and channel has an identity inside Qoris. That identity is the basis for permissions, policy checks, approval routing, audit events, and runtime controls. If Qoris can't identify the actor, Qoris doesn't trust the action.

Identity Types

Human user
Workspace admin
Worker
Subagent
Worker container
External agent
MCP client
API key
Tool integration
Runtime environment

Access Controls

Role-based access (RBAC)
Scoped API keys
Workspace permissions
Worker-level permissions
Subagent permissions
Memory repository scopes
Tool-specific permissions
Environment-aware access
Approval role routing
External agent scopes

Pre-Execution Governance

Knox is the execution firewall built into every worker.

Before a worker sends an email, updates CRM, writes memory, calls a tool, accesses protected data, or triggers an external system — Knox evaluates the action against policy. The decision happens inside the worker's container, which means it cannot be bypassed by prompt injection, jailbreak, or workflow re-routing.

Knox can allow, block, require approval, escalate, sanitize, defer, or log. Every decision is explainable, reviewable, and recorded.

Structural Enforcement

Knox runs inside the worker's container, not around it. No external loophole, no bypass via prompt injection.

Six Decision Types

Allow, block, require approval, escalate, sanitize, log only. Routed by policy.

Explainable Decisions

Every Knox decision includes the action, actor, resource, risk level, matched policies, approval requirement, and outcome.

Read the full Knox architecture →

Governed Context

Workers can remember. Teams control what becomes truth.

Qoris Memory separates fast recall from canonical truth. Workers find context quickly through scoped recall, but durable long-term memory — customer preferences, workflow rules, prior decisions — only becomes canonical after proposal, Knox check, and approval. Protected repositories require explicit role permissions to access.

Scoped Repositories

Memory is organized into scoped repositories — customer, sales, support, compliance, vendor, workflow. Workers access only what their role permits.

Propose-Review-Merge

Workers don't overwrite canonical memory directly. Updates are proposed, Knox-checked, reviewed by humans or policy, and merged with full history.

Protected Memory

Pricing rules, contracts, customer records, compliance decisions, HR policies — gated by role and require explicit approval to modify.

Read the full Memory architecture →

The Proof Layer

If an AI worker did it, Qoris can show what happened.

Qoris Audit records the full operational trail across workers, subagents, memory, tools, Knox decisions, approvals, external agents, and runtime events. When something happens, teams can inspect what was attempted, what policy applied, who approved it, what tool was called, what memory changed, and what happened next.

Knox controls what's allowed. Audit proves what happened.

Example Worker Run

run_id: wrk_sf_20260522_091402 · Sales Follow-Up Worker

Sales Follow-Up Worker started

09:14:02 UTC

worker · started

Lead details received

09:14:03 UTC

worker · context

Customer memory pulled

09:14:04 UTC

memory · scoped read · KNOX passed

CRM context retrieved

09:14:05 UTC

tool · CRM read · allowed

Email drafted

09:14:18 UTC

worker · draft created

Knox checked external communication

09:14:19 UTC

KNOX · policy: ExtComm v2

Approval requested

09:14:19 UTC

approval · routed to manager

Manager approved

09:22:41 UTC

approval · approved

Email sent

09:22:42 UTC

tool · email send · executed

CRM note proposed

09:22:44 UTC

memory · proposal · pending

Audit receipt written

09:22:44 UTC

AUDIT · evt_8f3a2c1d · sealed

Filterable by actor

Filter by worker, subagent, user, external agent, or runtime.

Filterable by policy

Filter by policy triggered, decision type, risk level, or approval status.

Filterable by resource

Filter by tool, MCP server, memory repository, customer, or account.

Receipts for lifecycle events

Template imports, worker launches, memory merges, runtime deployments — each leaves a traceable receipt.

Cross-stack

External agents (Claude, LangChain, CrewAI) emit audit events into the same trail.

Built for review

Designed for compliance, security, operations, and finance teams — not just engineers.

Where Workers Run

Run workers in isolated containers. Govern agents that run anywhere else.

Some workflows need more than hosted workers — they need dedicated runtimes, scoped credentials, environment separation, and customer-owned infrastructure. Qoris Worker Containers run AI workers in isolated environments with Memory, Knox, tool access, approvals, and Audit built in. The container ships with the control plane inside it.

For agents that run outside Qoris — Claude, LangChain, CrewAI, AutoGen, MCP clients, custom runtimes — the same controls apply via MCP. Scoped memory access. Knox checks on every sensitive action. Audit events streamed back into the trail. There is no “external agent” loophole because enforcement happens at the action, not at the agent.

Worker Containers

Dedicated, isolated runtimes for security-sensitive workflows.

Environment separation (prod / staging / dev)
Scoped credentials per container
Customer-owned infrastructure option
Audit retention configurable

External Agent Governance

Apply Qoris controls to agents running outside Qoris.

Scoped API keys per agent
Knox checks via MCP
Memory scope enforcement
Identity tracking across stacks

Built for Procurement

Controls for serious deployments.

Qoris is designed for teams evaluating AI workers in security-sensitive environments. Specific compliance, deployment, and data requirements can be reviewed during enterprise evaluation.

Access & Identity

SSO via SAML
SCIM provisioning (planned)
Role-based access
Scoped API keys
Workspace permissions
Environment separation

Deployment & Data

Dedicated worker containers
Customer-owned infrastructure option
Configurable audit retention
Secrets management
Memory access controls
External agent scoping

Patent Pending

U.S. 63/907,730 — Intent-level governance engine for autonomous AI workers.

NVIDIA Inception Program

Member — infrastructure validated for production AI workloads.

Claude Partner Network member

Native integration with Claude through Qoris Memory and Knox.

…

SOC 2 (in progress)

Type II audit underway. Available on request during enterprise evaluation.

Need specific compliance documentation (HIPAA, GDPR, ISO 27001)? Available during security review.