Core IP
Trust pipeline, not chunk quality
Six-stage gating before any fact enters the trusted store. Conflict detection and human review are structural, not a prompt you hope holds.
VIITOR TOOLS · CONTEXT & TRUST PLATFORM
Make every enterprise AI answer safe to act on.
KEEL is the context and trust layer that sits between your data and your AI tools. It gives every AI system one permission-aware, provenance-tagged, vetted source of truth, so the answer your team acts on is auditable and attributable instead of confidently wrong. It is a ViitorCloud infrastructure accelerator we deploy inside your engagement.
What KEEL Is
KEEL is an enterprise context and trust platform. It sits between your data and your AI tools and gives every system one source of truth that is permission-aware, provenance-tagged, and vetted before use. Instead of each tool searching the same systems on its own and hoping the result is right, they all draw from a layer that has already resolved identity, corroborated the facts, and enforced who is allowed to see what.
The job KEEL owns is narrow on purpose: trusted context, exposed through a clean API. Your AI tools keep their own workflows and stay replaceable. We deploy and operate KEEL inside ViitorCloud engagements as infrastructure, in your environment, single-tenant and air-gap capable, so the trust layer your AI depends on is something you own rather than rent.
The Problem
Your data is ready for AI. Your trust layer isn't.
Enterprises are wiring AI into regulated, high-stakes work, then finding the hard part was never the model. It is the ground truth underneath it. Chunk-and-embed RAG retrieves text. It cannot resolve identity, prove provenance, or enforce who is allowed to see what.
01
Fragmented data
Truth is scattered across documents, email, CRM, ERP, and research. No system holds a unified, reconciled view.
02
Unverified retrieval
RAG returns text without checking whether it is accurate, current, or corroborated. Hallucinations propagate downstream.
03
No provenance
AI produces a confident answer with no link back to source. You cannot audit the reasoning or defend the output.
04
Permission gaps
Access control is bolted on after retrieval or left to the AI tool, so sensitive data can surface to the wrong user.
05
Confidently wrong
In BFSI, healthcare, or legal, one fabricated fact costs more in regulatory and reputational terms than the whole AI program.
06
Work that resets
Knowledge vetted in one engagement is rebuilt in the next. There is no reusable, owned foundation that compounds.
KEEL closes all of these at the infrastructure layer, not through prompt engineering. Trust becomes structural: built into how context is assembled, not hoped for at inference time.
Generic RAG vs KEEL
Retrieval is table stakes. Trust is the difference.
Every incumbent retrieves. KEEL vets, attributes, and permission-scopes context before any AI tool ever sees it.
The usual setup
Generic RAG
Enterprise data (CRM, ERP, Docs, Email)
Chunk-and-embed RAG
AI applications
- Retrieves text with no validation or corroboration
- Hallucinations pass straight through to the user
- No provenance chain to audit or defend
- Permissions applied late, if at all
- Every engagement re-derives the same research
The KEEL way
KEEL Context & Trust Platform
Enterprise data (CRM, ERP, Docs, Email)
KEEL vets, resolves, attributes, permissions
AI applications (Atlas, agents, copilots)
- A six-stage trust pipeline vets every fact first
- Identity resolved to canonical entities across sources
- Every answer links to immutable, citable evidence
- Default-deny permission pre-filter, before retrieval
- Vetted knowledge persists and compounds over time
The Six-Stage Trust Pipeline
Nothing enters KEEL's trusted store until it clears six gates. Contested facts go to a human-review queue instead of silently reaching your AI.
01 Is this worth keeping?
Relevance
Filters incoming content for signal before any heavy processing.
02 Pull the facts
Extraction
Structured facts and claims are extracted from source documents with Docling parsing.
03 One form of truth
Canonicalisation
Facts are normalised to a canonical form, so the same thing is represented the same way every time.
04 Remove the noise
Dedup
Duplicate facts across sources collapse into a single vetted record.
05 Surface disagreement
Conflict
Contradictions between sources are detected and routed to human review, not averaged away.
06 Score what survives
Confidence
Corroboration across sources sets a confidence score that travels with the fact.
The result is a trusted store where contested facts are flagged, not buried. That is the structural reason KEEL answers are defensible.
Why KEEL, Not Another RAG Layer
What KEEL does that incumbents don't.
Five structural choices separate a trust platform from a retrieval add-on.
Evidence
Immutable evidence records
Every answer links to immutable evidence, and AI outputs are stored back as derived evidence. Full lineage is queryable through the API.
Security
Default-deny permission pre-filter
Access is enforced before any retrieval. Identity is bound to authentication, never a parameter, and permission-denied returns a uniform not-found to prevent inference.
Ownership
A clean ownership boundary
KEEL owns context and trust, and your AI tools own workflows. The contract is versioned, so any MCP-compatible tool is replaceable without rebuilding your context layer.
Residency
Single-tenant and air-gap native
One tenant per deployment by design. On-premise and air-gapped inference are supported natively, not sold as an expensive add-on.
Your Data Stays Yours
The guarantees regulated buyers start with.
For regulated environments these are not features. They are purchase prerequisites, and in KEEL they are the default.
Single-tenant
One tenant per deployment. No shared cloud infrastructure, and no co-mingled data.
Residency-first
Data never leaves your boundary. Deployed via Docker, Helm, or Kubernetes in your environment.
Air-gap capable
Runs in classified and disconnected environments with on-premise inference.
Auditable
OpenTelemetry, Prometheus, and Grafana give full operational visibility end to end.
Own your AI context layer once, and never rebuild it for the next tool. See how KEEL would deploy in your environment.
Who It's For
One trust layer, four buying centres.
KEEL is horizontal infrastructure, and each stakeholder cares about a different edge of the same problem.
Chief AI Officer
Trust solved architecturally
You have watched RAG pilots fail on hallucination. KEEL vets every fact before it reaches a tool, so AI deployments are defensible by design rather than by prompting.
Enterprise Architect
No lock-in, no integration debt
KEEL owns identity, trust, and evidence, and your tools own workflows. The contract is versioned and replaceable, so you are not rebuilding the context layer for every tool.
CCO / CISO
No unverifiable answers, no leakage
Default-deny pre-filtering and immutable evidence records, with data that never leaves your boundary. AI that your auditors can read.
AI Vendor / SI
Integrate once, not per client
Stop rebuilding trust infrastructure for every engagement. Any MCP-compatible tool plugs into KEEL and inherits its guarantees.
Where Teams Deploy KEEL
KEEL is horizontal infrastructure. The trust problem is the same wherever a wrong answer is expensive.
01
Financial research Provenance-tagged context for due diligence and investment work, with company names, tickers, and legal entities resolved to one identity across filings, research, and news.
02
AML and KYC Identity resolution across names, aliases, and nationalities, with adverse-media corroboration, confidence scoring, and a regulator-ready audit trail behind every decision.
03
Institutional memory Knowledge management where vetted facts persist as a queryable foundation, so context does not leave when people do and new starters are productive sooner.
04
Legal and contracts Clause extraction and conflict detection anchored to the exact document, page, and version, with deal-room isolation so counterparty data is never cross-contaminated.
05
Regulated AI Clinical, claims, and underwriting AI inside HIPAA, GDPR, and ISO 27001 boundaries, with every output citable to a source protocol or guideline.
06
AI copilots One permission-aware context API for sales, support, HR, and finance copilots, so a new tool integrates in days rather than through a bespoke build per system.
07
Security operations Graph-based threat attribution across actor, technique, infrastructure, and target, with corroboration across feeds and a defensible evidence chain.
08
Consulting platform Engagement deliverables become vetted, queryable IP linked to industries and client types, so research compounds across engagements instead of staying in project folders.
Why the Trust Layer, and Why Now
Most enterprises have already proven that a model can answer a question. The harder, unsolved problem is whether the answer can be trusted enough to act on, and whether you can show your work when a regulator or a board asks. That problem does not live in the model. It lives in the context the model was given.
Retrieval has become a commodity, and every platform offers it. What separates a usable system in a regulated environment from a risky one is the layer that decides what is true, who may see it, and how it can be proven later. KEEL is built to be that layer, so the AI tools above it can move quickly without the organisation taking on risk it cannot defend.
What Changes
The shift is structural: trust moves from something each tool attempts to something the infrastructure guarantees.
An AI answer in a regulated workflow
Cited to source, not taken on faith
Identity across systems
Resolved to one canonical entity
A permission-denied request
A uniform not-found, with no inference
Onboarding a new AI tool
Days, through one API, not a bespoke build
Knowledge from a finished engagement
Vetted and reusable, not archived and lost
An audit request
A full evidence chain, queryable on demand
How a Deployment Lands
KEEL is designed to land small and earn its way wider. A typical start is a single use case in one division, for example AML screening for one investigation team. We connect the sources that matter, run them through the trust pipeline, and stand KEEL up in your environment behind your existing AI tool.
From there the measure is trust, not volume: the reduction in contested AI outputs, the audit-pass rate on reviewed cases, and the analyst hours returned. Those measures are defined with you before the work starts, so success is judged against your criteria rather than ours.
When the first team is working on vetted context, the same layer extends to the next without rebuilding anything. The connectors, the resolved identities, and the vetted facts are already in place, which is why the second deployment is faster and cheaper than the first.
Inside the Platform: Nine Functional Areas
- Data connectivity. LlamaHub and Airbyte connectors, ACLs extracted at ingest, and Docling parsing into one unified context layer.
- Trust and vetting pipeline. Six-stage gating that eliminates confidently-wrong answers and routes contested facts to review.
- Identity resolution. An entity registry that maps every mention to a canonical node across sources.
- Evidence and traceability. Immutable, provenance-tagged records, with AI outputs fed back as derived evidence.
- Permission management. Default-deny pre-filter and RBAC, so context assembly is always permission-scoped.
- Retrieval and context assembly. RAG (vector and hybrid), CAG, and GraphRAG behind
search()andget_context(). - Knowledge graph. Entities, relationships, and vetted facts in Apache AGE, temporal-aware with multi-hop traversal.
- Integration API. MCP-first plus REST and OIDC, so any MCP-compatible AI tool integrates with no custom work.
- Deployment and observability. Single-tenant Docker, Helm, or Kubernetes, with CLI and WebUI, OpenTelemetry, Prometheus, Grafana, and air-gap support.
KEEL owns context. Your tools own workflows.
KEEL is deliberately not a full-stack AI suite that locks your context to one vendor's tools. It owns one job: delivering trusted, attributed, permission-aware context, exposed through a versioned MCP and REST contract. Any MCP-compatible AI tool plugs in without bespoke integration, and stays replaceable.
That is why KEEL and Viitor Atlas fit together cleanly. Atlas executes multi-agent workflows and produces board-ready deliverables, and KEEL is the vetted ground truth those agents reason over. Atlas calls KEEL for context and writes its outputs back as derived evidence, so every engagement makes the next one faster.
How We Bring KEEL Into Engagements
- How You Get It
- KEEL is a ViitorCloud infrastructure accelerator. We deploy and operate it inside your engagement, in your environment. It is not licensed or sold separately.
- Entry Path
- Land with a single use case, such as AML in one division or research on one desk, measured against trust metrics you define: contested-output rate, audit pass rate, hours saved. Then expand to adjacent teams on proven results.
- Best Fit
- Financial institutions, consulting and professional services firms, enterprise SaaS with data-governance demands, and government, defence, and regulated industries that cannot accept black-box AI.
- Deployment
- Single-tenant by design. Docker, Helm, or Kubernetes in your environment, on-premise or air-gapped, with full OpenTelemetry observability.
Before You Ask
Questions Regulated Teams Ask
How is this different from the RAG layer we already have?
RAG retrieves text, and accuracy depends on chunk quality and prompting. KEEL runs a six-stage trust pipeline that vets, deduplicates, and conflict-checks every fact before it can reach an AI tool, and attaches an immutable evidence chain to each one.
What systems can KEEL connect to?
KEEL ingests from document stores, wikis such as Confluence and SharePoint, email, Slack and Teams, ticketing such as Jira, and line-of-business systems including CRM and ERP, through LlamaHub and Airbyte connectors, with access controls extracted at ingest.
Does KEEL lock us into a vendor's AI tools?
No. KEEL owns context and trust, and your tools own workflows. The contract is a versioned MCP and REST interface, so any MCP-compatible tool integrates, and you can switch tools without rebuilding your context layer.
How do you stop AI from surfacing data a user shouldn't see?
A default-deny permission pre-filter runs before any retrieval. Identity is bound to authentication, never passed as a parameter, and a permission-denied request returns a uniform not-found so users cannot infer what exists.
How does KEEL handle conflicting information?
Conflicts are detected in the trust pipeline rather than averaged away. When sources disagree, the contested fact is routed to a human-review queue instead of being passed to an AI tool as though it were settled.
Can it run in an air-gapped or classified environment?
Yes. KEEL is single-tenant and deploys via Docker, Helm, or Kubernetes in your environment, with on-premise inference and air-gap support. Data never leaves your boundary, which is how it aligns with HIPAA, GDPR, and ISO 27001 by architecture.
Will an auditor accept answers that came through KEEL?
That is the design goal. Every fact and AI output carries an immutable, provenance-tagged evidence record, and full lineage is queryable through the API. It is documented evidence a reviewer can follow, not an unexplained answer.
Do we own what KEEL builds?
Yes. The deployment runs in your environment, and the vetted knowledge, resolved identities, and evidence records belong to you. KEEL is the layer you own, not a service that holds your context.
Is KEEL a product we buy, or part of an engagement?
It is a ViitorCloud infrastructure accelerator. We deploy and operate it as part of your engagement, in your environment, and you own the deployment and the vetted knowledge it builds.
Put KEEL to work
Build your AI on a foundation that earns trust.
Start with a 30-minute discovery call. If a bounded KEEL deployment fits your program, we'll scope it against trust metrics you define. If it doesn't, we'll tell you.