Kamiwaza is a software-only AI orchestration platform that enters the buyer conversation at Layer 2C and works downward. It is one of only two vendors in the instrument — alongside Articul8 — whose primary product includes the reasoning plane. Where Articul8's Intelligence-2C focuses on mission decomposition and domain-specific agent routing, Kamiwaza's Intelligence-2C focuses on governance: cross-agent authority, relationship-based access control, and policy enforcement at execution time. The enterprise gets production-validated cross-agent governance that no other on-prem vendor provides independently.
The capture mechanism is governance-layer capture — a third pattern distinct from both coupled capture (data moves into the vendor's namespace) and decoupled capture (data stays open, proprietary opinion layer is captive). Kamiwaza's data stays in place, the infrastructure stays under enterprise control, and the enterprise feels free at the visible layers. What Kamiwaza captures is the authority to decide what the data means (the living ontology at Layer 1B) and what agents may do with it (the ReBAC governance at Layer 2C). These are arguably the most valuable layers to own — and the hardest to leave, because the ontology, relationship graph, and governance policies accumulate over time as proprietary Kamiwaza artifacts.
Three gap layers — L0 (compute), L1C (data movement), L2A (infrastructure orchestration) — are by design. A software-only vendor should not be at Layer 0. Kamiwaza's explicit 'no data movement' thesis means L1C absence is architectural, not accidental. L2A absence reflects that Kamiwaza orchestrates AI workloads and agents, not the underlying infrastructure. These gaps define Kamiwaza's scope, not its weakness.
The buyer's trade: production-grade cross-agent governance and distributed AI orchestration without moving data or committing infrastructure — in exchange for Ceding the governance and semantic layers to Kamiwaza's proprietary platform. The data is free. The understanding of the data is captive. A closed system is a closed system.
Kamiwaza's position in the instrument is structurally inverse to Dell's: Dell is strong at the bottom of the stack (L0, L1A) and absent at the top (L2C). Kamiwaza is strong at the top (L2C, L1B) and absent at the bottom (L0, L1C, L2A). HPE's Unleash AI program bridges the two — Kamiwaza as the Delegated Layer 2C partner on HPE's infrastructure substrate. That pairing is the only assessed combination that covers all eight layers with identified authority at each.
Layer-by-layer status: Layer 0 (Enterprise Responsibility), Layer 1A (Derived Artifact Layer), Layer 1B (Kamiwaza Differentiator), Layer 1C (Enterprise Responsibility), Layer 2A (Enterprise Responsibility), Layer 2B (Kamiwaza Runtime), Layer 2C (Kamiwaza Core), Layer 3 (+1) (Platform + Kaizen).
Assessment framework: 4+1 Layer AI Infrastructure Model. Scoring model: Decision Authority Placement Model (DAPM) — Retained, Delegated, or Ceded. Published by The CTO Advisor LLC. Author: Keith Townsend. Date assessed: May 26, 2026. Version: v1.0.
Raw compute, networking, and acceleration fabric
Validated deployment target with dedicated .deb package. Kamiwaza runs on DGX Spark but does not provide or manage the hardware.
Whitepapers with Intel Gaudi 3 (DHS deployment, 85% analysis time reduction) and Ampere processors. Hardware partner validations, not hardware authority.
Kamiwaza provides no compute hardware, networking, or acceleration fabric. The enterprise brings its own infrastructure — on-prem servers, cloud instances, edge nodes, DGX Spark — and Kamiwaza runs on top of it. The platform is validated on NVIDIA DGX Spark, Intel Gaudi 3, and Ampere processors, but these are deployment targets, not owned hardware. The enterprise retains full responsibility for Layer 0. This is by design — a software-only platform vendor should not own the compute layer.
The DGX Spark integration includes a dedicated ARM64 .deb package with CUDA dependencies, suggesting meaningful optimization work for that platform. The Intel Gaudi 3 whitepaper (DHS deployment) and Ampere whitepaper demonstrate silicon-agnostic deployment — Kamiwaza runs on NVIDIA, Intel, and ARM compute without hardware lock-in.
Durable, governed data foundation — the Governance Catalog that Layer 2C queries
Connector-driven pipelines ingest from S3, Postgres, Kafka, SharePoint, Slack, file systems into Kamiwaza's vector stores. Scheduled or one-time runs. Credential management via Kamiwaza secrets (encrypted at rest). Job monitoring via observability dashboards. Proprietary ingestion pipeline — connector logic and scheduling captive to Kamiwaza platform.
Metadata catalog for ingested documents and data assets. Tracks connector provenance, security markings, ingestion status. Proprietary catalog — metadata schema and query interface captive to Kamiwaza.
Document-level security classification enforcement. system_high clearance validation, default_security_marking per connector, X-User-System-High header validation at retrieval time. Designed for regulated environments (federal, healthcare, financial services). Proprietary security model captive to Kamiwaza platform.
Open-source vector databases for embedding storage and retrieval. Enterprise could extract vector data and operate Milvus/Qdrant independently. The vector data artifacts are portable; the pipeline that produced them is not.
Assessment pending
Kamiwaza does not govern the enterprise's source data stores — they remain in place under whatever authority already manages them. What Kamiwaza does provide is a derived artifact layer: the DDE ingests from source systems (S3, Postgres, Kafka, SharePoint, Slack, file systems) into Kamiwaza's own vector stores (Milvus/Qdrant) and application database (CockroachDB). The Data Catalog indexes metadata. The security markings system (system_high, X-User-System-High header, default_security_marking) enforces classification at the artifact level. This is a genuine 1A function — Kamiwaza creates and governs its own data artifacts — but it operates alongside the enterprise's existing data governance, not in place of it. Comparable to how Palantir's Ontology creates a governed semantic layer over open data substrates without replacing the underlying storage. The vector store substrate is open-source (Milvus, Qdrant) — the data artifacts are technically portable. But the ingestion pipeline logic, connector configurations, chunking strategies, and security markings are Kamiwaza IP.
Supported sources as of v0.9.3: File, Amazon S3, Kafka, Postgres, Hive, Slack. The connector model is extensible — additional connectors available through support agreements. DDE connector APIs are mounted under /api/dde/ with full CRUD, trigger, and document management. Rate limiting per connector and requester (HTTP 429 with Retry-After).
Low-latency retrieval for RAG — vector/hybrid search, context windows, semantic understanding
Automatically builds and maintains a knowledge graph across all data sources — entities, relationships, insights spanning organizational boundaries. No manual mapping or data centralization. Grounds AI in up-to-date enterprise context, reduces hallucinations. Proprietary ontology engine — the semantic understanding of enterprise data is captive to Kamiwaza.
Routes LLM reasoning to distributed data sources without moving the data. Decentralized inference adds intelligence to retrieval within the enterprise's security perimeter. Model-agnostic — supports multiple LLM providers via litellm integration. Proprietary routing and orchestration logic captive to Kamiwaza.
RAG pipeline connecting DDE-ingested vector data to LLM inference. Integrates with Milvus/Qdrant vector stores and the Context Manager ontology. Proprietary retrieval orchestration captive to Kamiwaza.
Assessment pending
Kamiwaza's primary product differentiator. The Context Manager automatically builds a living ontology across distributed data sources — a knowledge graph connecting entities, relationships, and insights that span organizational boundaries without manual mapping or data movement. The Inference Mesh routes LLM reasoning to data sources without moving the data, adding intelligence to retrieval without the security risk of sending internal data to public cloud APIs. The living ontology is the most architecturally significant 1B capability in the instrument alongside Palantir's Ontology. Both build a semantic layer over distributed data. The difference is architectural: Palantir pulls data into its namespace and operates the platform; Kamiwaza queries data in place and the enterprise operates the software on its own infrastructure. Both are Ceded — the semantic understanding is proprietary in both cases. The litellm fork on GitHub suggests open model routing for inference — Kamiwaza is model-agnostic at the inference layer, routing to whatever LLMs are available locally. This is a genuine differentiator vs. vendors locked to specific model providers. Open question: is the ontology exportable in an open format (RDF, OWL, JSON-LD)? If yes, the ontology data is portable even though the maintenance engine is captive. If no, both the engine and the accumulated knowledge graph are captive. This single fact would determine whether L1B capture is hard (nothing leaves) or soft (the snapshot leaves but the living maintenance doesn't). Either way, DAPM is Ceded — the ongoing ontology maintenance is proprietary regardless.
The Kaizen agent (v1.0) works across internal data sources through the Context Manager, drawing on information held across separate systems rather than a single repository. A skills library lets teams define what the agent can do and under which conditions. This is the L1B→L2B→L2C chain in action: retrieval (1B) feeds agent execution (2B) governed by policy (2C).
Move/transform data — ETL/ELT, lineage, cost-aware movement, KV cache tiering
Assessment pending
Kamiwaza explicitly does not move data — that is the product thesis. 'Stop moving data. Start running AI where your data lives.' ETL/ELT pipelines, lineage tracking, cost-aware data movement are not in scope. The enterprise's existing pipelines (Airflow, Spark, whatever they have) continue to operate. The DDE does ingest data into Kamiwaza's vector stores, but this serves Layer 1B retrieval, not Layer 1C data movement as the model defines it. There is no general-purpose pipeline orchestration, no lineage graph, no cross-system ETL. This absence is architectural, not accidental. A vendor whose core value proposition is 'we don't move your data' cannot also provide a data movement layer. The enterprise retains full responsibility for L1C.
The DDE ingestion from S3, Kafka, Postgres etc. creates vector artifacts for RAG — this is retrieval enablement (L1B), not data pipeline infrastructure (L1C). The boundary judgment: DDE serves retrieval context, not governed data movement.
GPU scheduling, quotas, RBAC, infrastructure lifecycle management
Assessment pending
Kamiwaza does not provision, schedule, or lifecycle-manage infrastructure. GPU scheduling, quota enforcement, VM lifecycle, cluster provisioning — none of this is Kamiwaza's domain. The enterprise's existing infrastructure orchestration (Kubernetes, VMware VCF, GreenLake, Run:ai) operates beneath Kamiwaza. The platform runs on Docker Swarm with Traefik, managed by Kamiwaza's own orchestration — but this manages Kamiwaza's internal services, not the enterprise's broader infrastructure estate. The enterprise retains full responsibility for infrastructure orchestration. Compare to VAST (Polaris manages the VAST fleet), VMware (VCF manages the entire estate), or HPE (GreenLake manages hybrid infrastructure). Kamiwaza has no equivalent — it is a tenant on the enterprise's infrastructure, not a manager of it.
Kamiwaza v0.5.0 addressed 'GPU waste, job starvation, dependency conflicts' — but this refers to managing Kamiwaza's own inference workloads on available compute, not infrastructure-level GPU scheduling across the enterprise.
Model serving, agent execution, inference APIs, distributed inference
Bounded collaboration spaces for teams and AI agents. Users and agents operate within existing permissions. Each Workroom contains its own data and tools available only to authorized users. Access boundaries enforced at the platform architecture level, not through manual policy changes. Proprietary runtime — execution model captive to Kamiwaza.
Configurable AI coworker that works across internal data sources through the Context Manager. Skills library defines what the agent can do and under which conditions. Multi-modal analysis and output. Expanded in v1.0. Proprietary agent framework captive to Kamiwaza.
Governed tooling platform enabling AI to access data and take action through controlled tools. Security enforced at the tool level — at execution time, AI can only perform actions the requesting user is authorized to take. ReBAC ensures permissions enforced when actions execute. Every action logged for audit. Proprietary governance model captive to Kamiwaza.
Ray Serve (model serving), CockroachDB (application database), Milvus/Qdrant (vector stores), Keycloak (authentication), etcd (service discovery), Docker Swarm (orchestration), Traefik (reverse proxy). Open-source components the enterprise could operate independently — though the Kamiwaza services layer that composes them is proprietary.
Assessment pending
Kamiwaza provides a genuine agent runtime: Workrooms (bounded execution environments with architecture-level access enforcement), Kaizen agent (configurable AI coworker with skills library), Tool Shed (governed tooling with ReBAC enforcement), and the Inference Mesh (local model serving). Chainguard-hardened containers provide attested infrastructure with SLSA Level 3 pipelines and verified SBOMs. What Kamiwaza does not provide is the broader model serving infrastructure — no NIM-equivalent optimized inference containers, no Triton, no KServe, no distributed training framework. The Inference Mesh serves models locally via Ray Serve, but the model serving story is thinner than a full 2B vendor like VAST AgentEngine or AWS Bedrock. The self-deploy model is notable: .deb packages for Ubuntu, .rpm for RHEL, MSI for Windows, macOS tarball. Enterprise Edition adds Terraform deployment. The enterprise operates the full platform on its own infrastructure with no Kamiwaza SaaS dependency at runtime. But self-deployable does not make it Retained — the runtime opinions are proprietary and captive. Authentication is built on Keycloak (open-source OIDC/JWT). RBAC policy is YAML-based. These substrates are open — the ReBAC governance layer above them is proprietary Kamiwaza IP.
Architecture stack: FastAPI gateway, Docker Swarm orchestration, CockroachDB (distributed SQL), Milvus/Qdrant (vector), etcd (service discovery), Ray Serve (model serving), Traefik (reverse proxy). The infrastructure substrate is heavily open-source — Python, React, CockroachDB, Milvus, Ray, etcd, Keycloak. The proprietary value sits in the Kamiwaza services layer that composes these into a governed platform.
Policy-driven placement and resource coordination — the Autonomy Layer
The ontology that determines what data means, how it relates across systems, and what policies apply — updated in real time across distributed sources. This is the governance foundation that the ReBAC layer and Tool Shed query to make authorization decisions. Proprietary semantic governance captive to Kamiwaza.
Constrains agent permissions based on relationship context, not just role. Emerged from production behavior — traditional RBAC breaks when autonomous agents cross department boundaries. Enforced at execution time with full audit logging. Proprietary governance model captive to Kamiwaza.
Rather than treating anomalies or requests as isolated events, Kamiwaza evaluates what else is happening across the environment to determine appropriate response. Agents surface relevant information, trigger correct workflows, and support operators as conditions change. Validated in Town of Vail fire detection coordination. Proprietary orchestration logic captive to Kamiwaza.
Determines which agents run, in what sequence, with what inputs, under what constraints. Enforces human-in-the-loop checkpoints. Manages agent lifecycle at the execution layer. Mission decomposition and decision authority placement. Proprietary agent governance captive to Kamiwaza.
Kamiwaza's governance and orchestration layer has no NVIDIA dependency. The platform is model-agnostic and silicon-agnostic at the reasoning plane.
Kamiwaza is one of two vendors in the instrument — alongside Articul8 — whose primary product includes Layer 2C. Both are strong at Intelligence-2C; they address different facets of the same layer function. Kamiwaza's Intelligence-2C is governance-first: the living ontology determines context, the ReBAC enforcement constrains agent actions at execution time, the Tool Shed governs what tools agents can invoke, and every action is logged for audit. Kamiwaza asks: 'may this agent act, on this data, under this policy?' Town of Vail production evidence validates this across multiple agent types — accessibility auditing, document processing, fire detection coordination — with cross-departmental authority boundaries and human-in-the-loop checkpoints. Articul8's Intelligence-2C is reasoning-first: mission decomposition, domain-specific agent routing, policy-constrained execution planning. Articul8 asks: 'which intelligence should handle this mission, and how should it be decomposed?' These are complementary, not overlapping capabilities. Infrastructure-2C (where inference physically runs at request time): Partial for Kamiwaza. The Inference Mesh routes inference requests across available models and compute, which is adjacent to live placement. But the documentation frames this as locality-aware data access rather than multi-variable infrastructure placement reasoning (cost + compliance + latency + data residency simultaneously). Neither Kamiwaza nor Articul8 provides full Infrastructure-2C — Articul8 explicitly acknowledges this as the responsibility of hyperscalers and platform vendors. The RBAC-to-ReBAC evolution is architecturally significant. Traditional role-based access breaks when autonomous agents operate across department boundaries. Relationship-Based Access Control, which emerged from Kamiwaza's production behavior at Town of Vail, constrains agent permissions based on context, not just role. This validates the 4+1 model's claim that Layer 2C requires governance architecturally distinct from Layer 2A infrastructure RBAC. Compare to: • Dell: Layer 2C gap. Enterprise retains responsibility. • HPE: Delegated to Kamiwaza via Unleash AI. Production-validated. • Articul8: Ceded (Intelligence-2C strong — mission decomposition, domain-specific agent routing. Complementary to Kamiwaza's governance focus). • Google: Ceded (Agent Platform — productized, comprehensive, captive). • VAST: Ceded (PolicyEngine + Polaris — announced, GA end 2026). • Palantir: Ceded (Ontology + Apollo — Intelligence-2C strong, Infrastructure-2C adjacent). • Kamiwaza: Ceded (governance-first 2C; cross-agent authority and ReBAC capture).
Town of Vail deployment velocity: concept to first-phase production in three months. 20-30 additional use cases projected in first year. Additional use cases compose from existing primitives (decision flows, authority boundaries, governance constraints) rather than requiring new infrastructure. Economic model: fixed-cost infrastructure on the town's own solar/wind-powered data center — billions of tokens without variable cloud API costs. The Community Edition on GitHub provides a partial open-exit path, but it is not feature-equivalent to the Enterprise Edition (Workrooms, full ReBAC, Chainguard hardening). The Community Edition does not constitute a real escape hatch under the methodology's litmus test.
AI-powered business capabilities — business logic, workflow automation
Configurable AI coworker with skills library. Multi-modal analysis and output. Works across internal data sources through Context Manager. The primary Layer 3 application Kamiwaza provides. Proprietary agent — captive to Kamiwaza platform.
Platform for discovering and deploying pre-packaged AI applications and services. Curated marketplace model. Deployment surface for enterprise and partner applications. Proprietary marketplace — captive to Kamiwaza platform.
Compliance automation, document processing, legal, HR, supply chain, sales acceleration, knowledge construction, smart cities. Templates and reference implementations, not packaged applications. Enterprise builds on these using Kamiwaza platform primitives.
Assessment pending
Kamiwaza provides one first-party Layer 3 application — the Kaizen agent, a configurable AI coworker with a skills library, multi-modal analysis, and integration across internal data sources via the Context Manager. Kaizen is the primary user-facing surface for enterprise AI interaction. Beyond Kaizen, the App Garden provides a deployment surface for additional applications, and the Tool Shed enables governed tool composition. The use-case library is extensive — compliance automation, document processing, legal, HR, supply chain, sales acceleration, knowledge construction — but these are deployment patterns and templates, not packaged applications. Kamiwaza is primarily a platform vendor, not an application vendor. The analogy is closer to VMware (platform that enables enterprise-built applications) than to ServiceNow (application vendor with a platform). Layer 3 applications will be built by the enterprise's own teams or partners using Kamiwaza's platform primitives. The HPE Unleash AI partnership positions Kamiwaza-built applications (ARIA accessibility agent, deed restriction processor, fire detection coordinator) as reference implementations — proof points for what the platform enables, not the platform's Layer 3 offering. Partner integrations: Dell + Intel Gaudi 3 joint solution, HPE Unleash AI program, DHS deployment. These are delivery partnerships, not ISV ecosystem depth comparable to Dell's (5,000+ customers, OpenAI/Palantir/ServiceNow) or HPE's (26+ Unleash AI members).
$11M total funding over 2 rounds (seed, Jan 2025). Early-stage company. The partner ecosystem is nascent compared to established vendors — delivery partnerships with HPE, Dell, Intel rather than a broad ISV marketplace.
Kamiwaza is a software-only AI orchestration platform that enters the buyer conversation at Layer 2C and works downward. It is one of only two vendors in the instrument — alongside Articul8 — whose primary product includes the reasoning plane. Where Articul8's Intelligence-2C focuses on mission decomposition and domain-specific agent routing, Kamiwaza's Intelligence-2C focuses on governance: cross-agent authority, relationship-based access control, and policy enforcement at execution time. The enterprise gets production-validated cross-agent governance that no other on-prem vendor provides independently.
The capture mechanism is governance-layer capture — a third pattern distinct from both coupled capture (data moves into the vendor's namespace) and decoupled capture (data stays open, proprietary opinion layer is captive). Kamiwaza's data stays in place, the infrastructure stays under enterprise control, and the enterprise feels free at the visible layers. What Kamiwaza captures is the authority to decide what the data means (the living ontology at Layer 1B) and what agents may do with it (the ReBAC governance at Layer 2C). These are arguably the most valuable layers to own — and the hardest to leave, because the ontology, relationship graph, and governance policies accumulate over time as proprietary Kamiwaza artifacts.
Three gap layers — L0 (compute), L1C (data movement), L2A (infrastructure orchestration) — are by design. A software-only vendor should not be at Layer 0. Kamiwaza's explicit 'no data movement' thesis means L1C absence is architectural, not accidental. L2A absence reflects that Kamiwaza orchestrates AI workloads and agents, not the underlying infrastructure. These gaps define Kamiwaza's scope, not its weakness.
The buyer's trade: production-grade cross-agent governance and distributed AI orchestration without moving data or committing infrastructure — in exchange for Ceding the governance and semantic layers to Kamiwaza's proprietary platform. The data is free. The understanding of the data is captive. A closed system is a closed system.
Kamiwaza's position in the instrument is structurally inverse to Dell's: Dell is strong at the bottom of the stack (L0, L1A) and absent at the top (L2C). Kamiwaza is strong at the top (L2C, L1B) and absent at the bottom (L0, L1C, L2A). HPE's Unleash AI program bridges the two — Kamiwaza as the Delegated Layer 2C partner on HPE's infrastructure substrate. That pairing is the only assessed combination that covers all eight layers with identified authority at each.