PRIVATE BETA Request access
The control plane for enterprise AI

Take control of every AI your company runs.

Your developers, office staff, and agents already use AI everywhere — and most of it never touches your policies. Takoa routes every model call through one governed plane, where you set the rules for cost, data, and access once and the whole organization obeys them. Your teams keep their speed. You get your accountability back.

Request access See how it works
100%
Calls routed & audited
µ$
Per-call budget ledger
0
Raw keys on laptops
1 policy
Set once, inherited org-wide
takoa-os · control plane LIVE
Routing policy enforced org-wide opus → sonnet → haiku
onBudgetHardCap→ haltallow-list · 4 models
Engineering · BYO-IDE routed scoped key · per-dev
23 developers·every action logged$211 / $460
audit_event → prompt redacted · metadata only
Credential request approval-gated Director sign-off
write-only secretnever read back
The cost of ungoverned AI

You can't ban AI. Right now you can't see it either.

Your people adopted AI faster than anyone could govern it. The tools are genuinely useful — which is exactly why banning them fails. But every ungoverned tool is your exposure: data you can't trace, spend you can't cap, and an audit trail that doesn't exist.

~56%of employees use AI tools their organization hasn't sanctioned1
~38%of AI users have shared confidential data with an unapproved tool1
Your data leaves the building

Confidential work, in someone else's logs

Source code and customer data pasted into personal accounts — invisible to security, retained on servers you don't control, and on consumer plans, fair game as training data. No way to prove what left or where it went.

Spend you can't see

No ceiling, no ledger, no owner

Dozens of personal subscriptions and unmetered API keys. No per-team caps, no per-call record — just a cost line that grows and a finance team asking you why.

The audit you can't pass

Accountable for what you can't reconstruct

When the assessor asks who used which model on what data, "we're not sure" isn't an answer. The responsibility is already yours — the visibility isn't.

1 — Directional figures from vendor surveys (IDC 2025 · CybSafe/NCA).
Why we built this

You're held responsible for AI you were never given the tools to see.

We've sat where you sit. The mandate is to keep the company secure and compliant — but the AI showed up through every laptop at once, with no console, no policy layer, no audit. Saying "no" just pushes it further into the shadows.

So we built the layer that should have existed from day one: a single place to set the rules and a complete record of everything that runs inside them. You don't have to choose between moving fast and staying in control.

Security isn't a setting. It's the architecture.
Isolation, write-only secrets, and a full audit trail are how the system is built — not options you switch on and hope hold.
Namespace isolation
Data, spend, and secrets in one unit never cross into another. The boundary is the architecture.
Write-only secrets
Credentials are set, never read back — attached to outbound calls by host. The console only ever sees metadata.
Trust boundary on input
External content reaches models inside nonce-wrapped markers, so a poisoned page can't pose as an instruction.
Reversible by default
Fenced transitions and force-cancel mean a runaway run is always recoverable — nothing is one-way.
A clear path from sprawl to control

Three steps. Nothing changes for your people on day one.

You don't rip anything out and you don't slow anyone down. You put a governed path in front of the AI they already use — then grow into more only when you're ready.

1

Connect

Point your people's existing AI tools at one governed gateway. They keep their IDE; it just carries a scoped, revocable key instead of a raw provider key. Nothing about their workflow changes.

scoped keys · BYO-IDE · zero migration
2

Govern

Set routing, budgets, approvals, and audit as policy — in one place, inherited org-wide. Every call is now metered, logged, and bounded by rules you control.

routing · budgets · approvals · audit
3

Grow

When you're ready — and not before — the same rails run a fully governed agent workforce. Same budgets, same approvals, same audit. You expand on your timeline.

same rails · your timeline · never forced

Same governance, every step. Adopt for control today; the on-ramp to autonomy is already built in when you want it.

What you control

Set the rails once. The whole organization runs inside them.

Routing, spend, credentials, and approvals become policy — not per-team guesswork. Change a rail in one place and every person and every agent inherits it instantly.

Decide which models are allowed

Primary + fallback ladders, difficulty-aware routing, advisor escalation, and an allowed-models ceiling — global or scoped to a single team.

fallback · advisor · allow-list

Cap spend before it happens

Org, team, and per-person caps in micro-USD. Every call is metered and ledgered; breach a hard cap and the runner halts, downgrades, or escalates — your call.

µ$ ledger · hard-cap behavior

Gate every consequential action

Payments, credential requests, plan sign-off, disputed verifications — anything irreversible routes to a human. Approve, reject with a reason, or edit the payload first.

pay · credential · plan · dispute

Keep keys off every laptop

Provider keys and team secrets live write-only in the cluster, attached by host at call time. Defaults plus per-team overrides — the value is never read back, not even by you.

write-only · per-team override

Reconstruct exactly what happened

Every meaningful state change emits an activity event. Show any assessor who used which model, on what, when, and at what cost — transcript and ledger included.

events · transcripts · ledger

Govern people and agents the same way

Bring human teammates onto the Control Plane with their own budget caps and shared, opt-in memory — the same governance that bounds the agents bounds the people.

members · caps · shared memory
Start here · day one

Replace shadow AI with a path your people actually prefer.

You don't win this by banning tools — you win by making the governed path the faster, smarter one. The Control Plane sits between your people and their AI as a gateway plus approved templates, so the secure choice is also the obvious choice.

The reframe

"You don't ban shadow AI. You replace it with a path people prefer."

Confidential code in personal accounts, invisible to security, with no spend ceiling — you can't see it, so you can't govern it. Close the gap with a sanctioned path that's faster and smarter, and the shadow simply disappears. Same primitives as the agent fleet, inverted for humans in the loop.

BYO-IDE

Developers keep the IDE — or agent-driven design tool — they already use, Anthropic- or OpenAI-native. It points at your gateway with a scoped, revocable key — never the raw provider key — and your approved templates push in automatically.

  • Persona, rules, skills & tools injected from the Control Plane
  • A hard per-person budget and full per-action audit
Claude Code · OpenCode · Codex · open-design

One gateway, every call

Every request routed by policy, metered to a hard budget, and audited per action — no prompt storage by default, and routed through business API tiers that don't train on what you send. Provider-abstracted, so you switch models without touching a laptop.

  • Anthropic, OpenRouter's 400+ models, and local models
  • Allow-lists, cost tiers, advisor escalation, injection defense
route · meter · audit · abstract

Deploy it your way

Run it hosted and dedicated, self-managed in your own cloud, or fully air-gapped with local models inside your enclave. The plane runs in your boundary — nothing phones home.

  • Central SecretStore — keys never sit on laptops
  • Self-hosted gateway & on-prem inference for sovereign work
hosted · your cloud · air-gapped
When you're ready

The same rails that govern your people can run an agent workforce.

Most platforms make you choose between autonomy and control. Takoa is two planes of one machine — so when you grow into agents doing the work, governance grows with them instead of fighting them.

Control plane · where you start

Governance over every move

One accountability layer for every model, dollar, secret, and decision — across both the agent fleet and the AI your people run in their own IDEs.

Model routing policies
Author-once, assign-to-many routes with fallback ladders, an allow-list, and per-task spend ceilings.
Budget envelopes in micro-USD
Every model and tool call writes a ledger entry. Hard caps halt, downgrade, or escalate — your call.
Approvals on every side effect
Hiring, payments, credentials, plan sign-off, disputed audits — nothing irreversible happens without a Director decision.
Managed credentials & full audit
Write-only, team-scoped secrets with per-unit overrides; a complete activity stream behind every state change.
Autonomy plane · where you grow

Agents that run the work

A standing digital workforce that turns goals into shipped, verified work — without you in the loop for every step, but never outside your rails.

Business Units, fully isolated
Each unit is its own Kubernetes namespace with a scoped roster, budget envelope, and credentials. Nothing leaks across the boundary.
Digital employees you can inspect
Every role has a prompt stack, persona, role-gated skills, a model route, and a budget — inspectable and reassignable like a template.
Goals → tasks → verified done
A CEO agent decomposes; the dispatcher runs the work; an inline auditor cross-checks every result before it lands.
Memory, CRM & a live Work board
Episodic + canonical memory, a per-unit CRM and roadmap, and a real-time kanban of the whole fleet's work.
The lifecycle · always logged, budgeted, reversible

Every task — human or agent — follows the same audited path.

01
Goal drop
A goal lands in an inbox — plain language, optional plan-mode.
02
Triage
The unit's CEO agent reviews, decomposes, and assigns the work.
03
Dispatch & run
The dispatcher picks up ready tasks; work executes on a routed model.
04
Approval gate
Anything irreversible pauses for a Director decision, then resumes.
05
Verify
An independent auditor cross-checks the result — PASS, FAIL, or dispute.
06
Done
Verified work lands, with its full transcript, ledger, and audit trail.
One engine, many industries

The same control plane, grounded for your sector.

The plane and the fleet stay the same — only the grounding changes. Defense & Space is the first vertical; the rest are in active discovery, where data sovereignty and audit matter most.

Vertical · Defense & Space

Built for work that can't leave the building.

If your hardest constraint is that data physically cannot leave your boundary — ITAR, CUI, classified — commercial cloud AI is off the table the moment plaintext lands on someone else's servers. The Control Plane gives those teams governed AI inside their own enclave.

ITAR CMMC CUI air-gapped US-persons-only vendor-neutral sovereign
Sovereign by deployment

Self-host inside your ITAR / IL enclave and route only to local and authorized models. Nothing is shared, nothing leaves, no data-residency questions.

Provenance & audit

Scoped per-developer keys and a per-action trail give you the record of how work was produced — the provenance regulated programs require and shadow tools can't provide.

Vendor-neutral routing

Your own open-weight models plus the frontier models you're cleared for. No single-vendor lock-in — now a documented procurement and supply-chain risk.

Accreditation-friendly. Self-managed software is assessed inside your own ATO rather than gated on the vendor's certification — the same path GitLab Self-Managed and GitHub Enterprise Server took to IL4/IL5. Market framing is directional; a discovery track, not a pivot.
Picture your next audit

The visibility was always supposed to be yours.

  • Every AI call accounted for. Who, which model, on what data, at what cost — one query away.
  • Spend under a ceiling you set. No surprise bills, no orphaned keys — just budgets that hold.
  • Shadow AI gone — by replacement. Your people chose the governed path because it's the better one.
  • Still moving fast. You became the team that enabled AI safely — not the one that stood in its way.
Private beta

Stop being accountable for AI you can't see.

Takoa OS is in private beta. Tell us a little about your team and we'll reach out as access opens up.

Request access
No spam · we'll only write when there's something to show.