Each package is a system of agents. Click-to-expand scope maps for Tony + Joana opportunity tracking.
100% audit coverage replacing sample-based QA. Tracks accuracy, completeness, consistency for every alert resolution.
Quality Assurance System
1
Alert Quality Scorer
Scores every alert resolution A/B/C. A = expected or above, B = missed but close, C = failed. Replaces human sampling with 100% AI audit.
Krishna: "We are doing 100% audits now with AI" (line 2285)
2
Human Decision Auditor
15% of transactions go to humans only. Compares human decisions against AI decisions to measure drift. Keeps analysts sharp + provides system-independent proof point.
Kush: "15 randomly will absolutely go to humans. Two reasons: humans always on their tips, and a system-independent proof point" (line 411)
3
AI Action Auditor
Audits the AI agent's own decisions using human-validated golden source. Kush: "Today we built it to audit humans; tomorrow it will audit these actions."
Kush: "That Audit agent does two things: A) audit our humans; B) audit these actions" (line 421)
4
Quality Dashboard Agent
Real-time quality monitoring with parameters varying by alert type (TM vs TI vs TH vs DE). Surfaces quality trends across all service lines.
Krishna: "Quality parameters are different depending on whether it's threat monitor, threat intel" (line 2282)
5
Feedback Loop Agent
Takes audit results → feeds learnings back into agent training. The "evergreen" mechanism. Accuracy, completeness, consistency as three pillars.
Kush: "The cornerstone is accuracy, completeness, consistency. That becomes the feedback loop into how this thing is evergreen" (line 427)
Service line transfer →
Same 5-agent architecture transfers to Identity (IAM compliance scoring), CaaS (service quality), GRC (audit completeness), Cloud+Infra (security posture). Different quality parameters per discipline.
Operational vitals dashboard tracking time-per-alert, SLA metrics, analyst utilization, and shared pool capacity optimization.
Operational Vitals System
1
Alert Efficiency Tracker
Tracks time-per-alert by severity. Critical alerts: 21 min → 5 min with AI. Measures efficiency gains that drive EBITDA improvement.
Krishna: "Previously for a critical alert, average of 21 minutes. With AI we have made it better, now tracking 5 minutes" (line 2168)
2
Shared Pool Optimizer
Manages analyst capacity across shared client pools. 20 MLAs serving 4 clients — can a 5th, 6th client be added based on efficiency metrics?
Krishna: "That shared pool could be 20 MLAs serving 4 clients, I can add more depending on efficiency metrics" (line 2261)
3
Volume Threshold Manager
Removes alert volume caps. Converts "staffed to capacity" limits into "unlimited alerts" by routing through AI. Enables outcome-based pricing over T&M.
Krishna: "We are going to drop Kindo and take all volume parameters out. Unlimited alerts." (line 2293)
4
EBITDA Impact Dashboard
Tracks per-agent EBITDA contribution. Maps efficiency gains to dollar savings. Proof engine for upsell justification (Deloitte → client, T&C → Deloitte).
Tony (May 19): "We're going to have to track those EBITDA gains because those are the proof points"
Service line transfer →
Every managed service line has vitals. Identity: auth response times, PAM session metrics. CaaS: multi-domain SLA tracking. GRC: compliance audit cycle times. Same efficiency flywheel, different operational metrics.
Automated IR playbook execution, escalation orchestration, and root cause analysis. The "complex workflow" agents Krishna described for F50 clients.
Incident Response System
1
Playbook Execution Agent
Executes standard IR playbooks: detection → containment → eradication → recovery. Automated first response, human escalation for novel threats.
Krishna: "My triage agent detects if a user account has been compromised... notify whoever you want me to notify" (line 2471)
2
Orchestration Agent
Multi-step response workflows. Account reset → confirm with team → verify with manager → execute. The "bespoke for billions" complexity layer.
Krishna: "Resetting an account in our environment is not easy. Confirm with team, verify with manager, three or four other steps" (line 2483)
3
RCA Automation Agent
48-hour root cause analysis automation. Correlates alerts across systems, identifies attack chains, generates timeline reports.
Structural — RCA is standard IR requirement. Krishna's team handles ~5,000 alerts/month.
4
Escalation Path Agent
Routes incidents by severity, client tier (F50 vs F500 vs F1000), and service model (MXDR vs Shared vs Dedicated). Different escalation rules per environment.
Krishna: "Fortune 50 — very specific, complex environments" vs F500-1000 — "cost is key" (line 2192)
Service line transfer →
IR patterns apply to every security domain. Identity: credential compromise response. Cloud+Infra: cloud breach containment. GRC: compliance violation escalation. The orchestration agent is the highest-value transfer — every client has unique workflows.
Agent onboarding for new client environments. Configuration, integration validation, data privacy, and go-live readiness. The "first 5-7 deployments" system.
Client Deployment System
1
Environment Setup Agent
Client-specific Kindo instance configuration. LLM selection (OpenAI, Anthropic — client choice), data boundary enforcement, sandbox isolation for F50.
Krishna: "Client picks your LLM. Agents operate in your environment using your LLM. Data doesn't leave your control." (line 2275)
2
Integration Validator
Tests client-specific integrations. MCP server connectivity, SIEM connections, ticketing system hooks. Validates before go-live.
Kush: "Integration privacy — client-specific MCP servers must be hidden from other customers" (May 7)
3
Agent Tuning Agent
Tunes standard agents (Tier 1) to client environment. Adjusts thresholds, alert categories, response rules. Kush: "We tune, tailor to the client environment."
Kush: "Even our standard agents, they're not fixed input, fixed output. We tune, tailor them to the client environment." (line 2507)
4
Go-Live Readiness Agent
Pre-deployment checklist automation. Validates all integrations, tuning, privacy, and SLA parameters before switching client to live Kindo agents.
Structural — Harish and Nathan handle first 5-7 deployments (Kush directive). Automation scales beyond initial manual deployments.
Service line transfer →
Every service line deploys to clients. Same readiness pattern, different integration types. Identity: directory connectors, SSO validation. GRC: compliance framework mapping. The deployment package is the most reusable across all 6 service lines.