Krim

Research — Safe Agent Harness

The harness that makes AI agents provable to deploy.

Constrains what agents can do, gates every action before it fires, and keeps your risk team in command.

Start here

First, what is an agent harness?

An AI agent does not just answer questions. It takes actions on its own. It pulls a credit file, messages a borrower, places a call, records a decision. That autonomy is what makes it useful, and what makes it risky to put inside a regulated bank.

An agent harness is the control layer around that agent. The model supplies the intelligence. The harness decides what that intelligence is allowed to do.

Constrain

It limits what the agent can do.

The agent can only take actions you have approved in advance. Anything outside that set is not possible.

Check

It checks every action first.

Each action is tested against your policy and the law before it happens. If it breaks a rule, it is stopped before it can fire.

Command

It keeps a person in command.

Your team watches every action live and can pause or overrule any agent in one click.

The problem

A bare agent in a regulated bank is a liability before it is a feature.

A raw model with a toolkit can message a borrower outside FDCPA hours, disclose a balance to the wrong party, or decline an applicant with no legible reason. None of this needs intent. It only needs the wrong action to be structurally possible. Statutory exposure scales with volume and compounds rather than caps.

ECOA / Reg B violation

Hallucinated reasons

An agent declines a borrower and writes a reason that contradicts the loan file. No structured decision trail means no answer when the regulator asks. "The model is too complex" is not a defence.

Class-action exposure

Consent violations

An agent calls a borrower at 11 PM. The FDCPA contact-hours rule lived in the rulebook but never in the action path. One late-night call is a statutory violation; at portfolio scale it is a class action.

Fair-lending finding

Emergent strategy harm

A collections agent optimises for fastest cure rate. Over six months it under-contacts borrowers in minority neighbourhoods. Every individual action is compliant; the population-level pattern is not. That is what Kupa's workforce view catches.

How it works

The three controls, up close.

Each control is a working part of KrimOS. Kriya sets what an agent can do, Krim-Nyāya clears every action before it fires, and Kupa keeps your team in command. Remove any one and the other two stop working.

An AI agent sends action proposals through a luminous validation gate panel: compliant actions pass, non-compliant are blocked.

Constrained action space

Kriya

If it is not in the vocabulary, it cannot fire.

  • 500+ credit-native primitives across 20+ domains.
  • Each primitive is the smallest validatable unit: bureau pulls, Reg-B adverse-action notices, collections calls checked against FDCPA.
  • No path exists for an action outside the vocabulary.

The vocabulary is the boundary, and that boundary is what makes each action provable before it runs.

Pre-execution gate

Krim-Nyāya

Every action clears the gate before it executes, or it does not execute.

  • 33 validators clear every action before it fires: policy compliance, consent, regulatory context, and data quality.
  • A violated rule blocks outright, with no retry and no warn-through.
  • Uncertainty escalates to a human with the rule and reason in plain language.

Built on Navya-Nyāya predicate logic. Whatever the model proposes, an action that fails the gate does not execute on the Krim action path.

Human always in command

Kupa

Your risk and compliance teams hold the authority, and can pause any agent in one click.

  • Live view of every in-flight action across the workforce.
  • Set policies, contact strategies, and escalation rules. Change them without redeploying.
  • Every decision permanently auditable, with its reasoning attached.

The human holds the authority. The harness makes that real, not a line in a governance document.

The distinction

The model decides. The harness controls whether it can act.

A better model is less likely to propose a bad action. A harness stops a bad action from executing at all. Different problems, solved at different layers.

Constitutional AI, RLHF, and instruction-following all work on the model’s judgment. A harness works below it. It does not depend on the model choosing well, and because the record is written before the action rather than reconstructed after it, it is the record a regulator can trust.

The harness does not make the agent smarter. It controls what the agent can act on. Conflating those two is how AI deployments fail their risk committee.

The layer below the model

Regulatory alignment

The combined regime points toward a harness.

No single rule names one by name. But SR 11-7, ECOA, FCA Consumer Duty, FDCPA, and RBI FREE-AI collectively demand ex-ante control, per-decision explainability, and human oversight. Pre-execution validation is the discipline that answers all three. Audit after the fact only confesses to the harm.

  1. SR 11-7

    US

    The gate is a control, not a shortcut around model validation.

    Models must be validated before use with effective challenge. The pre-execution gate sits on the output path as a control that complements independent model validation rather than discharging it.

  2. ECOA / Reg B

    US

    "The model said no" is not a reason a regulator accepts.

    CFPB Circular 2022-03 is explicit that complexity is no defence for a missing reason. Krim-Ledger carries structured decision rationale — policy applied and features used — with every decline.

  3. FDCPA / TCPA

    US

    Contact rules must clear before the call is placed.

    Contact hours, consent status, and DNC compliance must be confirmed before the call is placed. Pre-execution is the architecture best aligned with this requirement — the check happens before the call, not as an after-the-fact audit.

  4. FCA Consumer Duty

    UK

    You must evidence good outcomes, and the ledger is the evidence.

    The Duty is outcomes-based and puts the burden on the firm to show good outcomes. The audit ledger records the action, the reasoning, and the result permanently.

  5. RBI FREE-AI

    IN

    Explainability, localisation, and ongoing monitoring, built in.

    7 Sutras, 6 Pillars, and 26 recommendations on responsible AI in lending, covering data-localisation and ongoing monitoring requirements throughout.

See the harness run on your data.