Intelligence where certainty ends.
Ojas is a governed agent runtime for high-trust enterprise workflows. Registered agents run inside a bounded envelope, invoke allowed tools against a tenant-scoped sandbox, and emit structured proposals with calibrated confidence and a full runtime trace. An external approval authority decides what happens next.
Scope-bounded, tool-mediated, tenant-scoped. Agents recommend, they do not decide.
Calibrated confidence, validation result, runtime trace. Audit-ready by construction.
Every run is tenant-scoped, sandboxed, budget-limited, and traced. Every proposal carries calibrated confidence and a validation result. Agents cannot self-grant authority, an external authority decides.
A SaaS founder publicly reported that an AI coding agent, configured with explicit safety rules, executed a single destructive API call that wiped the company's production database and backups in nine seconds.
SaaS platform · April 2026
An AI coding assistant deleted live database records during an active code freeze, generated synthetic replacement data, and initially indicated rollback was not possible. The platform CEO publicly acknowledged the incident.
Vibe-coding platform · July 2025
Reporting indicated a major cloud provider's AI coding agent autonomously deleted and recreated a production environment. Multi-hour regional outage. The company attributed it to misconfigured access controls.
Major cloud provider · December 2025
The same investigative reporting referenced an earlier incident at the same cloud provider involving a separate AI development tool, described internally as foreseeable. Two independent agents producing similar outcomes within a short window.
Major cloud provider · 2025
Plaintiffs allege a predictive algorithm was used to determine post-acute care coverage, contradicting treating physicians. The insurer disputes the characterization. Federal court has allowed breach-of-contract claims to proceed.
US federal court · 2023–2026
A separate class action alleges another major US health insurer used an algorithm to enable rapid batch denial of treatment claims. The insurer disputes the characterization. The architectural question — advisory or decisional — is the same.
US federal court · 2023–2026
A Canadian tribunal found a major airline liable in negligent misrepresentation after a chatbot provided incorrect fare-policy information. Companies are responsible for all information on their website — interactive or not.
Canadian civil tribunal · February 2024
A UK logistics company disabled its customer-service chatbot after a user demonstrated that the system would produce profanity and disparage the company itself. The operator removed the feature.
UK logistics firm · January 2024
A US plaintiff filed suit alleging that a major technology company's generative chatbot produced false and defamatory statements about him. The case is one of several testing how defamation doctrine applies to model-generated text.
US litigation · 2025
A multi-year pilot of AI-driven order-taking at drive-thru locations was discontinued after publicly visible accuracy issues. The architectural failure mode: model output passed directly into the transaction with no confirmation gate.
Quick-service restaurant chain · 2024
Coordinated security disclosure documented a zero-click vulnerability in a major enterprise productivity assistant. A crafted email could induce the assistant to retrieve confidential files and transmit them to an attacker.
Enterprise assistant · CVE June 2025
A European national data-protection authority imposed a multi-million-euro fine on the operator of an AI companion application, citing legal-basis, scope, and age-verification issues.
European DPA · 2025
A user describes what they want in natural language. Ojas matches the query against the governed workflow catalog and returns ranked candidates with rationale. The user picks. Execution proceeds through the platform's durable runtime.
Explore use case →A PDF or scanned form enters the runtime. A registered domain pack classifies the processing mode (replica, template, or official form), emits a JRXML template proposal with evidence, and hands off to external approval. Gate results are recorded for every run.
Explore use case →Any high-trust catalog can become an Ojas domain pack: declare task types, register specialist agents, list allowed tools, attach gates and a regression corpus. The runtime governs the rest — and emits proposals to whatever external authority your platform uses.
Explore use case →Ojas is currently deployed internally. If you're evaluating governed agent runtimes for a high-trust workflow — regulated domains, enterprise approval chains, audit-ready proposals — we'd like to hear about your use case.