Build Your
AI Operating System
AI tools spread faster than governance. We help you build the platform underneath: one thing to govern, one place to plug in, one set of rules the whole company shares.
5 layers
ONE PLATFORM, NOT FORTY TOOLS
42001-mapped
EU AI ACT & ISO/IEC 42001 EVIDENCE
Logged
AI CALLS ATTRIBUTED AND COSTED
You don't have an AI strategy. You have forty subscriptions.
Sales has ChatGPT. Marketing has Claude. Ops has a Zapier with a Gemini node in it. Engineering's on Cursor. Finance is quietly pasting into something nobody's audited.
Karpathy's LLM OS framing is useful. The mistake we keep seeing is buying AI one tool per problem, signed off by whoever asked first, with nothing underneath holding it together.
For our purposes, an AI operating system is the layer under all of it: identity, memory, models, tools, guardrails.
TODAY'S AI ESTATE
- Forty subscriptions, no single owner
- Company data pasted into chat windows
- Each team's prompts trapped in their tool
- No clear audit trail when a regulator asks
- Costs visible only on the credit card bill
AI ON A PLATFORM
- One platform, one owner, one bill
- Knowledge in one place AI can read
- Prompts and workflows reusable across teams
- Every call logged, attributable, replayable
- Cost and quality watched per team, per task
Five layers under the AI tools.
"Operating system" here means the shared layer underneath the apps. Once you can see the layers, the buying decisions stop being a guess.
Identity & access
Who's allowed to use which model on which data. SSO, role-based access, per-team budgets. A clean place for audit to start.
Memory
A company brain. Documents, tickets, Raq.com, transcripts, product data. Stored once, indexed once, retrieved by every AI workflow that needs it.
Models
A router in front of OpenAI, Anthropic, Google and an open model or two. Pick the cheapest one that's good enough per task. Swap providers without rewriting the app.
Tools
The things AI is allowed to actually do. Send the email, raise the invoice, refund the customer, write to the database. Each one defined, scoped and tested before the AI can reach it.
Guardrails
Evals, safety filters, human review on high-stakes calls, and an audit log you can hand to a regulator.
Where we come in.
Advisory plus engineering, not a slide deck. You need the first layer built properly.
Audit and first working layer in days, not months. From there we move one workflow at a time off the rogue subscriptions and onto your platform. You keep the code, the data and the IP.
BOOK AN ADVISORY CALLAI estate audit
Every AI tool the company is actually using, who pays for it, what data it touches, what it's allowed to do. You get it written down in days, fixed price.
Write the policy
What data can leave the company, which models are approved, which tasks need a human in the loop, who owns the bill. Short enough for the board to read, specific enough for engineering to enforce. Mapped to ISO/IEC 42001 and the EU AI Act so evidence is built as you go.
Build the platform
Identity, memory, model router, tool layer, audit log. Built into your existing stack, not a separate empire. First version live in days. Your engineers can read every line.
Move the workflows
One function at a time. Often sales, then support, then ops. Each workflow comes off its rogue subscription and onto the platform. The target is a single line item instead of credit-card chaos.
Hand it over
Runbook, training, on-call rota, evals that run on every release. We stay on a retainer if you want us, or we leave you the keys. Either way, your team owns the thing it depends on.
Regulators are already publishing the checklist.
If you wait until your insurer or your biggest customer asks for evidence, you'll be doing this work under a deadline.
The timetable moved, but the work remains.
EU AI Act obligations are being phased in. The AI Act Service Desk lists general-purpose AI model obligations from 2 August 2025 and Article 50 transparency rules from 2 August 2026. The Commission's 7 May 2026 AI omnibus agreement puts Annex III high-risk systems on 2 December 2027 and product-embedded high-risk systems on 2 August 2028.
A management system you can certify.
ISO/IEC 42001:2023 is the world's first AI management system standard. Certification bodies including BSI, DNV, TÜV SÜD and SGS publish certification services for it. A platform gives the evidence somewhere to live: roles, risk register, model approvals, evals and audit logs.
Accountability sits with the board.
The ICO's AI audit framework is aimed at senior management and compliance roles. It asks for completed DPIAs to be shared with senior management and signed off. SI 2026/425 came into force on 12 May 2026 and requires the Information Commissioner to prepare a code of practice on AI and automated decision-making.
Sources checked: European Commission AI Act timeline and 7 May 2026 AI omnibus release; ISO/IEC 42001:2023; BSI, DNV, TÜV SÜD and SGS certification pages; ICO AI audit framework; SI 2026/425.
The ones we get asked first.
Isn't this just buying ChatGPT Enterprise?
No. ChatGPT Enterprise gives you a governed chat workspace. This work covers the layer between your data and any model you choose to use. Buying one vendor's chat product solves one layer and leaves the other four on that vendor's roadmap.
We're too small for this, surely.
If you've already got AI in more than one team, you're not. You probably don't need a platform for ten users. You probably do for fifty, especially if any of them are touching customer data or finances. The earlier you do it, the less you'll have to unpick later.
Do we have to rip out everything our teams already use?
No. The platform sits underneath them. In the audit, we separate the tools that can route through your identity, memory and logging layers from the ones that need replacing.
Which models do you put behind the router?
Whichever ones earn their keep on your tasks. Usually a frontier model from Anthropic or OpenAI for reasoning, a fast cheap one from Google or OpenAI for high-volume work, and an open model on your own infrastructure for anything that can't leave the building. We retest the mix because pricing and quality keep moving.
How does this help with ISO 42001 or the AI Act?
The usual evidence set, including an audit log, a risk register, defined roles, evals and human oversight on high-stakes uses, becomes a property of the platform rather than a separate compliance project.
Who owns the code?
You do. The whole point is to stop renting the layer your business runs on. We build it in your cloud, in your repos, with your engineers in the room. We can host and operate it if you'd rather we did, but there's no lock-in.
What does it cost?
Audit and policy work is fixed price. Building the first version of the platform is priced per phase and quoted before we start. The usual savings are cancelled subscriptions, fewer rebuilds, and less compliance work done by hand.
Put a system under your AI.
Thirty minutes on a call. Bring your current list of AI tools, or the fact that you don't have one. You'll get a clear answer on which layers to build first, what to leave alone, and where costs are leaking.