Outbound intent

Leave Kenshiki Labs

You're about to open another destination.

Destination

external destination

Talk to Kenshiki

Send us the decision you need to defend.

Call, text, email, or message us on LinkedIn. Send the decision type, deployment surface, and the record you would need to produce if challenged. Weird is allowed.

Voice Call us +1 917-426-3082 Fastest Text us +1 917-426-3082 Written record Email us contact@kenshikilabs.com Trust path Message us on LinkedIn Use the company page if you want a human trust path first.
Kenshiki Labs

The air gap becomes part of the assurance story.

Clean Room

Disconnected operation. Hardware-rooted trust. Full attestation. The deployment tier where the air gap becomes part of the assurance story.

Clean Room is the highest-assurance deployment tier — fully disconnected operation with TPM-anchored hardware attestation chains that an outside auditor or partner can independently verify. Every Claim Ledger entry is signed at generation in hardware, every retrieval boundary is enforced inside the air gap, and the assurance record itself can survive procurement-grade and regulator-grade scrutiny. The air gap solves where the system runs; Clean Room solves whether a third party can confirm what it did — without trusting the operator's word.

Without this: you can air-gap the environment and still produce answers that can't be independently reviewed. Isolation solves where the system runs. It doesn't solve whether a third party can confirm what it did.

Today

Your team operates AI inside a secure, disconnected environment. The model is isolated. The data never leaves. But when an external reviewer asks to verify a specific output — what it was based on, what the model saw, whether the process was followed — you have logs, not an attestation chain. The record depends on trust in the people who ran the system, not on the system itself.

With Clean Room

The same request produces a signed attestation chain. Every step — prompt compilation, evidence retrieval, model input, claim evaluation, output state assignment — is recorded, signed, and anchored to verified hardware. An external reviewer can verify the chain without trusting your team or your infrastructure.

How Clean Room works

Clean Room runs the full Kenshiki Labs bounded-synthesis pipeline inside a disconnected, air-gapped environment on verified hardware. The prompt is compiled, evidence is retrieved from local governed sources, the self-hosted model generates a proposal, and the Claim Ledger evaluates it against evidence and local telemetry. The output is signed with a full attestation chain before it reaches anyone.

Kenshiki Labs control plane · Signed envelope · Chain of custody
Your data · Outside Kenshiki Labs

Output states

AUTHORIZED
PARTIAL
REQUIRES_SPEC
NARRATIVE_ONLY
BLOCKED
AUTHORIZED Claims verified, signed, attestation chain complete
PARTIAL Evidence gaps flagged, logged, and signed
REQUIRES_SPEC Question needs tighter scope — logged as incomplete
NARRATIVE_ONLY Descriptive but not decision-grade — explicitly labeled
BLOCKED Structurally prevented from emission

What Clean Room is

A fully disconnected deployment of the Kenshiki Labs stack on customer premises with hardware root of trust. Same Compiler, retrieval, Claim Ledger, and output-state contract as Workshop and Refinery — plus signed attestation at every step, anchored to physical hardware.

  • Air-gapped deployment on customer premises
  • Hardware root of trust for verified execution
  • Full attestation chain on every output

The Kenshiki Labs contract

Same contract. Attested execution.

Same Kura/Kadai contract as Workshop and Refinery. SIRE scopes evidence retrieval within the disconnected boundary. The difference is that every step is signed, timestamped, and anchored to verified hardware. The assurance case does not rest only on operator assertion — it rests on the attestation chain itself.

  • No external dependency at runtime — fully self-contained
  • SIRE scopes evidence retrieval within the disconnected boundary
  • Every step signed and anchored to hardware root of trust
  • The attestation chain carries the assurance case, not just operator assertion

Who this is for

The Security and Compliance Team

deploying AI where the output may face external inspection, legal discovery, or regulatory review — and where the attestation record must stand on its own.

The Inspector

examines the attestation chain, not the output text. Verifies the system followed its own rules, evidence was in scope, and the record is anchored to verified execution — without trusting the operator.

Go deeper

API Developer Guide

Full API reference — endpoints, request/response schemas, streaming, error handling, attestation verification. Same contract as Workshop and Refinery.

Claim Ledger

The verification engine at the core of every Clean Room output. In this environment, every Ledger evaluation is signed and anchored to hardware.

Platform Architecture

How the same Kura/Kadai contract runs across Workshop, Refinery, and Clean Room — and how the assurance boundary changes at each tier.

Integrations

How Kenshiki Labs plugs into AI factories, enterprise SSO, evidence systems, and GRC workflows.

Kura

The governed source layer — ingestion, provenance, chunking, and retrieval-ready evidence inside the air-gapped environment.

Pricing

Contract-based. Hardware, installation, license, and service.