Runtime Authority Infrastructure for agent-human system

Your AI agents decide what to do. But who is responsible for their actions?

Alethesis AI ensures every AI agent decision is transparent, risk-assessed, controlled, and routed to the accountable human - at runtime, before anything executes.

Full name

Work email

Company

Job Title

I agree to the Privacy Policy and consent to Alethesis AI processing my personal data.*

I would like to receive marketing communications about Alethesis AI.

Seamlessly integrates with the global AI ecosystem

The Problem

Four accountability gaps every agentic AI deployment hits.

Most organizations enforce what their AI agents can do. Almost none govern who is responsible when an agent acts. As agents move from suggesting to executing, three structural gaps impact your business.

The wrong hands on the wheel.

The team that built the agent isn't the team accountable for its decisions. When an action goes wrong, the technical owner can explain how the agent works but can't answer for what it did. The person who should be answering wasn't part of the decision.

The agent drifts past its limits.

Agents change after they're deployed. They accumulate memory, learn from tool use, and develop strategies no one designed. The shifts look normal day to day. By the time anyone notices, the agent is operating outside the boundaries it was originally approved for and often outside what regulation allows.

The human's contribution disappears.

When a person does step in to review or correct an agent, there's no record of what they prevented. Oversight starts to look like overhead. Leadership cuts what it can't measure and the reviewers who quietly stopped the most damage are the first to go.

Oversight is all-or-nothing.

Today's controls treat every agent action the same: stop the workflow, wait for sign-off, resume. Low-risk and high-risk actions get the same friction, so teams either pull the agent or wave everything through. Neither is real oversight.

The Solution

Infrastructure for human-AI interaction.

Alethesis AI sits between your agent's reasoning and its execution. Every planned action is intercepted, classified, scored and routed to the right authority level, before anything irreversible happens.

Fill the Accountability Gap

Every AI action traces back to the person who reviewed it and why.

Risk Scored on every Action

Stakes, scope, reversibility, and confidence, then routed accordingly.

Oversight with Business Continuity

Only critical actions pause; the rest of the workflow runs.

Continuous Compliance

Generates audit-grade evidence on every action, every day, not just at deployment.

Beyond Policy Gates

Not "is this allowed?" but "who is accountable?" with the context to decide well.

The Human Data Asset

Every review logged with its outcome, making human judgment a measurable, auditable asset.

Why This Matters Now

Enforcement is solved. Authority isn't.

AI agents have crossed the line from suggestion to execution. They write to production databases, send funds, deny credit, reject candidates and trigger downstream systems, often within seconds.
The tools to control what they can do have matured.
The infrastructure to govern who is responsible when they act has not.

Agentic AI is in production

Autonomy is no longer a research demo. Agents are taking consequential actions in finance, HR, healthcare, and operations and the failure modes are no longer hypothetical.

Regulators want proof

The EU AI Act and other frameworks increasingly require evidence that human oversight is happening. Static documentation no longer satisfies high-risk.

The accountability gap

When something goes wrong, you need to show who reviewed what, when, and on what basis. Without runtime authority, that evidence doesn't exist.

Integration & Deployment

Alethesis AI slots into the infrastructure you already have.

One integration surface, three deployment options.

Integration

One SDK. One set of keys. One configuration.

Model-agnostic: AWS Bedrock, Azure OpenAI, GCP Vertex, on-prem, open source
Framework-agnostic: LangGraph, AutoGen, Google ADK, OpenAI SDK, Anthropic SDK, Vercel AI SDK, Claude Code, or custom

Deployment

No vendor lock-in. Your data, your environment, your choice.

Managed SaaS: hands-off, up in minutes
Customer-managed cloud: your own VPC on AWS, Azure, or GCP
On-premise / bare metal: full data sovereignty, air-gap read

Full Lifecycle

Present from local development to production.

Development & Testing: Build and iterate safely with mock approvals and simulated workflows.
Production: Enterprise-grade routing, uncompromised auditing, and real-time oversight.

Architecture Flexibility

Adapts to how your AI operates.

Workflow Agents: Seamless integration for deterministic, multi-step orchestrated pipelines.
Autonomous Agentic AI: Dynamic, context-aware oversight for non-deterministic agent actions.

Frequently asked questions.

About Alethesis AI

Is this an observability tool?

No. Observability tools log what happened. Alethesis AI governs what happens, intercepting before execution, scoring and routing to a named human authority. Logging is a byproduct of the architecture, not the product.

Is this a guardrails or eval framework?

No. Guardrails and evals work at the prompt or output level, typically pre-deployment. Alethesis AI works on agent actions, the tool calls and external effects an agent proposes and decides whether each one needs human authority before it lands.

Will it slow our agents down?

The opposite. What slows agents down today is the absence of trustworthy oversight when every action gets the same friction, teams either pull the agent or skip the controls. Alethesis lets routine actions run and brings in a human only when it matters, so you can deploy responsibly without trading speed for quality.

Does it work with our existing oversight workflows?

Yes. Alethesis AI fits around the reviewer roles you already have (risk, compliance, HR, operations) and respects how your organisation already assigns responsibility.

About Runtime Authority

What is runtime authority for AI agents?

Runtime authority is the property that tells an organisation who is responsible when an AI agent acts. It's distinct from runtime enforcement, which tells the system what the agent is allowed to do. Most AI governance tools handle enforcement (rules, guardrails, permissions) but leave authority unaddressed: when an agent takes a consequential action, no qualified person is consulted and no owner is recorded. Runtime authority closes that gap by routing each agent action, before execution, to the human accountable for its outcome.

What's the difference between AI guardrails and runtime authority?

Guardrails define the rules an AI agent must follow - what tools it can call, what data it can access, what outputs are blocked. They answer "is this action allowed?" Runtime authority answers a different question: "who is accountable for this action, and should a human decide before it executes?" Guardrails are necessary but not sufficient: an action can be technically permitted and still warrant human judgment because of its stakes, scope, or reversibility. Runtime authority sits on top of guardrails to ensure consequential decisions reach the right person at the right moment.

What's the difference between human-in-the-loop, human-on-the-loop, and human-out-of-the-loop?

These three terms describe how much human involvement an AI system has at decision time.
- Human-in-the-loop (HITL): a person reviews and approves each action before it executes. Maximum control, minimum scale.
- Human-on-the-loop (HOTL): the AI acts autonomously, but a person monitors its behaviour and can intervene. Higher scale, but oversight depends on the human noticing a problem in time.
- Human-out-of-the-loop (HOOTL): the AI acts autonomously with no real-time human involvement. Maximum scale, no live oversight.

Is human-in-the-loop enough to oversee AI agents?

Not on its own. Traditional human-in-the-loop requires a person to approve every consequential action, which doesn't scale once agents operate at machine speed across multi-step workflows. Effective oversight for agentic AI needs three things classical HITL doesn't deliver: risk-proportional routing, assignment to the right human authority based on context, and an immutable record linking each human decision to the action it governed. The shift is from "human approves everything" to "the right human approves what matters."

Does the EU AI Act require human oversight at runtime?

Yes and this is where many high-risk AI deployments fall short. Article 14 of the EU AI Act requires that human oversight be effective during the period of use, not merely designed at deployment. For agentic systems that act autonomously across multi-step workflows, this means providers must be able to demonstrate that a qualified human reviewed consequential decisions in real time, with traceable accountability. Static documentation and pre-deployment evaluations don't satisfy this requirement. Runtime authority, intercepting agent actions before execution and routing them to accountable humans, is how operational oversight becomes provable.

Who's responsible for your AI agents' actions?

See how Alethesis AI makes every agent decision transparent, risk-assessed, and accountable.

Request a Meeting

Privacy Notice

Alethesis AI (in formation), represented by Elena Maran | Last updated: 28.04.2026 | Version 1.0

This Privacy Notice explains how Alethesis AI (a Swiss company in formation, hereafter “Alethesis”, “we”, “us”), represented by Elena Maran, collects and uses personal data when you visit www.alethesis.ai, contact us, request a demo, subscribe to our communications, or otherwise interact with us.

We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

Status note: Alethesis AI is in the process of being incorporated in Switzerland. Until registration in the Swiss commercial register is complete, Elena Maran acts as data controller in a personal capacity on behalf of the company in formation. This notice will be updated upon incorporation, at which point the registered legal entity will assume the role of data controller for ongoing processing.

1. Who we are

During the company-formation period, the data controller is:

Elena Maran, acting on behalf of Alethesis AI (in formation)
Via architetto Rino Tami 18D, 6924 Sorengo, Ticino, Switzerland
Email: contact@alethesis.ai

Once Alethesis AI is registered in the Swiss commercial register, the registered company will assume the role of data controller and this notice will be updated to reflect the registered entity’s name, address, and commercial register number. Acts performed during the formation period will be ratified by the company upon registration in accordance with Article 645 of the Swiss Code of Obligations.

For any privacy-related question or to exercise your rights, contact us at contact@alethesis.ai.

2. Scope of this notice

This notice covers personal data we collect through our website, marketing channels, and direct interactions with prospects, customers, partners, and visitors.

It does not cover personal data that our customers process within the Alethesis platform on behalf of their own users or employees. In that context, our customer is the data controller and Alethesis acts as a data processor under a separate Data Processing Agreement.

3. Personal data we collect

3.1 Information you provide to us

Identity and contact data: name, job title, employer, business email, business phone number, country.
Inquiry content: the message and context you provide when you submit a contact form, request a demo, or correspond with us.
Marketing preferences: subscription choices and consent records.
Commercial information: details exchanged in the course of evaluating, negotiating, or providing our services, including procurement, due diligence, and contractual information.

3.2 Information we collect automatically

Technical data: IP address (truncated where feasible), browser and device type, operating system, referring URL, pages viewed, time spent, and approximate location derived from IP.
Cookies and similar technologies: see Section 8.

3.3 Information from third parties

Public sources and business databases: professional information from sources such as LinkedIn, company registries, and B2B data providers, used to qualify outreach and verify business contacts.
Referrals and event registrations: contact details shared with us by partners, conference organisers, or mutual contacts.

We do not knowingly collect special categories of personal data (such as health, biometric, or political data) through our website. Please do not submit such data through our forms.

4. Why we use your data and on what legal basis

We process personal data for the following purposes. Where GDPR applies, we identify the corresponding legal basis.

4.1 Responding to your inquiries and providing our services

Replying to contact forms, demo requests, and emails.
Negotiating, entering into, and performing contracts with prospects and customers.

Legal basis: performance of a contract or pre-contractual steps (Art. 6(1)(b) GDPR; Art. 31(2)(a) FADP).

4.2 Operating and improving our website

Ensuring availability, security, and proper functioning of the site.
Measuring traffic and improving content and user experience.

Legal basis: our legitimate interest in running and improving our service (Art. 6(1)(f) GDPR), or your consent for non-essential analytics where required (Art. 6(1)(a) GDPR; Art. 31(1) FADP).

4.3 Marketing and business development

Sending newsletters, product updates, and event invitations to subscribers and existing business contacts.
Targeted business outreach to professional contacts whose role suggests interest in AI governance solutions.
Managing event participation and follow-up.

Legal basis: your consent where required, or our legitimate interest in promoting our B2B services to relevant professional audiences. You can opt out of marketing at any time using the unsubscribe link or by contacting us.

4.4 Compliance, security, and protection of rights

Preventing fraud, abuse, and unauthorised access.
Complying with legal obligations, regulator requests, and tax or accounting requirements.
Establishing, exercising, or defending legal claims.

Legal basis: legal obligation (Art. 6(1)(c) GDPR), legitimate interest, or, where relevant, vital interests.

5. Who we share your data with

We do not sell personal data. We share it only as necessary, with the following categories of recipients:

Service providers (data processors): hosting, email, CRM, analytics, customer support, and similar tools that operate under written agreements requiring confidentiality and adequate safeguards. A current list is available on request.
Professional advisors: lawyers, auditors, accountants, and consultants bound by confidentiality.
Authorities and regulators: where required by law, court order, or regulatory request.
Successors: in connection with a merger, acquisition, financing, or sale of assets, with appropriate protections.

6. International data transfers

Some of our service providers are located outside Switzerland or the EEA, including in the United States. When we transfer personal data to a country that does not provide an equivalent level of protection, we rely on appropriate safeguards such as:

European Commission adequacy decisions and Swiss Federal Council recognitions of adequate protection.
Standard Contractual Clauses (EU SCCs) supplemented, where required, by the Swiss FDPIC addendum.
Additional technical and organisational measures, such as encryption and access controls.

You can request more information about our transfer safeguards by contacting us at the address in Section 1.

7. How long we keep your data

We keep personal data only as long as necessary for the purposes described above, or as required by law. Indicative retention periods:

Inquiries and demo requests: up to 24 months from last interaction, unless a commercial relationship is established.
Customer and contractual records: for the duration of the contract and up to 10 years after termination, in line with Swiss commercial and tax law.
Marketing data: until you unsubscribe, with a suppression record kept to honour your opt-out.
Website analytics: typically up to 14 months in aggregated or pseudonymised form.
Security and access logs: typically up to 12 months, longer in case of investigation.

8. Cookies and similar technologies

We use cookies and similar technologies to operate the site, remember your preferences, and (with your consent where required) measure usage. You can manage your choices at any time through our cookie banner or your browser settings.

For details about the specific cookies we use, see our [Cookie Notice / link].

9. Your rights

Depending on where you are located, you have the following rights regarding your personal data:

Right	What it means
Access	You can ask whether we hold personal data about you and request a copy.
Rectification	You can ask us to correct inaccurate or incomplete information.
Erasure	You can ask us to delete your personal data, subject to limited legal exceptions.
Restriction	You can ask us to suspend processing while a dispute or correction is resolved.
Objection	You can object to processing based on legitimate interests, including marketing.
Portability	You can ask to receive your data in a structured, machine-readable format.
Withdraw consent	Where we rely on consent, you can withdraw it at any time without affecting prior processing.
Automated decisions	You can ask not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you.
Complaint	You can lodge a complaint with the Swiss FDPIC or your local EU data protection authority.

To exercise your rights, contact us at contact@alethesis.ai. We respond within 30 days (Switzerland) or one month (GDPR), with the possibility of a reasoned extension for complex requests. We may need to verify your identity before acting on a request.

You can also contact the Swiss Federal Data Protection and Information Commissioner (FDPIC) at edoeb.admin.ch or, if you are in the EU/EEA, your national data protection authority.

10. Security

We apply technical and organisational measures designed to protect personal data, including encryption in transit, access controls, logging, vendor due diligence, and staff training. No system is fully secure; if you have reason to believe your interaction with us is no longer secure, please contact us immediately.

11. Children

Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children under 16. If you believe we have, please contact us so we can delete it.

12. AI and automated processing

Alethesis develops governance technology for AI systems. We do not use personal data submitted through our website to make decisions that produce legal or similarly significant effects on you. Information you share with us is not used to train third-party generative AI models without your consent.

13. Changes to this notice

We may update this Privacy Notice to reflect changes in our practices or legal obligations. We will post the updated version on our website and update the date at the top. Material changes will be signalled prominently or notified directly where appropriate.

14. How to contact us

Elena Maran, for Alethesis AI (in formation)
Via architetto Rino Tami 18D, 6924 Sorengo, Ticino, Switzerland
Email: contact@alethesis.ai