AKIOS — Blog

AKIOS v1.0 is the security runtime you've been waiting for. Run AI agents with confidence — they can't leak data, burn budgets, or escape their sandbox. Everything is auditable, provable, and production-ready.

This isn't a general-purpose AI framework. It's the secure runtime: kernel-level isolation, real-time PII redaction, tamper-proof audit trails, and enforced budget controls.

What's New in v1.0

🔒 Hard Kernel Isolation

AI agents run in a locked-down sandbox. On Linux, this uses kernel-level controls (cgroups + seccomp-bpf) to enforce hard limits on CPU, memory, disk, and network. On other platforms, Docker provides strong container isolation. Either way: default-deny access control means agents can only touch what you explicitly allow.

🛡️ Real-time PII Redaction

Over 95% accuracy detecting and redacting sensitive data in under 50ms — before it reaches agents. Built-in rule packs for EU AI Act basics and French GDPR presets.

📊 Tamper-Evident Merkle Audit

Every action is cryptographically proven with a Merkle ledger. Complete execution traces with clean PDF and JSON export. Full integrity verification built-in.

💰 Enforced Cost & Loop Kills

Hard termination on budget exceed or infinite loops. Token monitoring, per-workflow budget enforcement, and automatic kill-switches that actually work.

🎯 Perfect User Experience

Terminal width awareness, file discovery commands, enhanced guidance. The CLI just works — no cryptic errors, no hunting through logs.

Architecture

AKIOS splits control and data planes so policies stay signed and enforced before any effect takes place.

Clients/CI/Apps flow into AKIOS control plane and data plane, then to destinations under policy

How It Works

Policies Validated: Your workflow config is checked and cryptographically signed before execution.
Security Layers Applied: Linux kernel sandbox (on native) or container isolation (Docker) → PII redaction → budget controls → audit logging.
Agent Execution: Only explicitly allowed operations pass through. Everything else is blocked and logged.

What's Included

Core Security Features

Process isolation with cgroups v2 + seccomp-bpf (Linux native)
Strong container-based isolation (Docker on all platforms)
Real-time PII detection and redaction
Merkle tamper-evident audit logging
Hard cost and loop kill-switches
Default-deny network and filesystem access

Four Core Agents

LLM Agent: Token and cost tracking with budget kills
HTTP Agent: Rate-limited requests with PII-redacted payloads
Filesystem Agent: Allowlisted reads, optional writes with path constraints
Tool Executor: Whitelisted commands in sandboxed subprocess

Enhanced CLI

akios init        # Initialize new project
akios setup       # Configure API keys & settings
akios run         # Execute workflow
akios files       # Discover project files
akios audit       # Export audit reports
akios logs        # View execution logs
akios status      # Check system status
akios templates   # List available templates
akios doctor      # Run diagnostics
akios clean       # Clean old runs
akios compliance  # Generate compliance reports
akios output      # Manage workflow outputs

Choose Your Installation Method

Pick the option that best fits your workflow:

🐍 Pip Package (Recommended for Linux)

Best for: Python developers, CI/CD pipelines, maximum kernel-hard security

pip install akios
akios init my-project
cd my-project
akios run templates/hello-workflow.yml

🐳 Docker (Cross-Platform Teams)

Best for: macOS/Windows development, consistent environments, teams

curl -O https://raw.githubusercontent.com/akios-ai/akios/main/akios
chmod +x akios
./akios init my-project

Platform Security Levels

AKIOS provides strong security on all platforms. Choose based on your environment:

Platform	Security Level	When to Use
Native Linux	Maximum: Kernel-hard (seccomp-bpf + cgroups)	Production servers, regulated environments
Docker (any OS)	Strong: Container isolation + policy enforcement	Development, macOS/Windows, CI/CD

Try It Now (30 Seconds)

Get your first sandboxed AI agent running:

pip install akios
akios init my-project
cd my-project
akios run templates/hello-workflow.yml

What You'll See

AKIOS confirms each security layer as it starts:

[akios] sandbox: seccomp-bpf, cgroups v2 (Linux)
[akios] pii: redaction enabled
[akios] audit: Merkle trail initialized
[akios] workflow: completed successfully in 1.2s

What's Coming Next

Future versions of AKIOS will add:

Advanced workflow patterns (parallel execution, conditionals, loops)
More agents (Database, Email, Slack integrations)
REST API for remote control
Observability integrations (Prometheus, Jaeger)

Ready to Start?

AKIOS v1.0 is production-ready. Install it now and secure your AI agents in minutes:

Quick Start: Get running in 2 minutes
Source Code: github.com/akios-ai/akios
Get Help: Join GitHub Discussions for community support

Questions? Found a bug? Open an issue or reach out in Discussions.