Enterprise

Govern AI across your whole organization — without sealing it in a box.

Your people get a full AI workspace across any model, the real browser, files, your apps, and your internal systems. Your organization keeps the permissions, proof, and oversight on the whole time. It is the same Cuttlefish a single person uses, with an admin layer on top — not a stripped-down work edition.

Why teams say yes

The trust floor is part of the workspace, always on.

Permissions, data boundaries, and the record don't depend on anyone remembering to switch them on. They apply to every person, every tool, and every action by default.

Nothing consequential happens without a yes.

Cuttlefish starts closed. It reads and helps freely, but anything that sends, publishes, spends, or changes a system pauses for a clear approval — allow, deny, adjust, or a safe dry-run first. People can approve from their phone when they're away.

Your data stays where you put it.

By default, work stays on the person's own machine. Nothing goes to an outside provider unless someone chooses to send it, and a model running on the machine keeps the whole exchange local. Connection keys live in the device's secure store, not a shared place.

Every action leaves proof.

For anything meaningful, you keep a tamper-proof record of what was used, what changed, who approved it, and where the result went. It reads as plain proof — no log diving — and an auditor can confirm it's genuine and unaltered.

Enterprise Environment Connector Runtime

Connect your systems to AI without exposing raw tools.

Cuttlefish doesn't hand every endpoint to a model as a raw tool. You describe an environment once in a governed manifest, and Cuttlefish compiles it into safe, classified actions that run under your policy — with evidence and proof attached.

Import manifest

Describe the environment once.

A single manifest declares the systems, contracts, and limits Cuttlefish is allowed to work with.

Systems & servicesBrowser targetsAllowed originsHealth checks
Compile

Turn approved operations into capabilities.

Only the operations you approved become usable. Everything not declared stays out of reach by default.

Approved actionsContext resolversCredential references
Classify

Sort every action by what it can do.

Each capability is marked read-only, prepare-only, approval-required, or blocked — so the routine stays fast and the serious stays deliberate.

Read-onlyPrepare-onlyApproval-requiredBlocked
Operate under policy

Run inside the lines you set.

Work runs under your organization's terms. Consequential moves pause for a sign-off; sensitive values stay hidden; outbound access stays inside your boundaries.

Tenant policyApproval cardSecrets redactedEmergency stop
Evidence & receipts

Keep proof of what happened.

Every real action attaches evidence and a tamper-proof record — what it used, what it changed, who approved it — that reviewers and auditors can verify.

Evidence routesTamper-proof recordsRun history
Discovery isn't execution, and compiling isn't execution — Cuttlefish only acts when an action is classified safe or you've approved it. See how a manifest is built on the environment runtime page.
What a manifest declares

You decide exactly what Cuttlefish can reach.

A connection starts able to do nothing. You allow specific actions on purpose, set the limits, and can take any of them back at any time.

Systems & contracts.

Connect your code repositories, infrastructure, cloud accounts, ticketing, and the in-house tools you built yourself. Each system declares the operations it exposes and the contract behind them, so Cuttlefish works in the real system rather than a copy.

Browser targets & origins.

Name the internal consoles and pages Cuttlefish may operate in, and the web addresses it's allowed to reach. Requests can't wander off to places you didn't approve — inspection stays read-only, changes wait for approval.

Evidence, receipts & policy.

Set where proof comes from, which actions need a sign-off, and which are blocked outright. Anything not declared is unavailable by default, so an unknown action is a closed door, not an open one.

Surface Packs

Role-native workspaces on one governed substrate.

The same Cuttlefish can appear as a workspace tuned to how a particular team works — its language, its workflows, its sensible defaults. Surface Packs change what people see and do; they never grant authority by themselves.

IT & operations.

A workspace shaped around tickets, environments, and client operations, with the connected tools and approval steps an operations team relies on. See the dedicated route for MSP & IT operators.

Platform & engineering.

A workspace tuned for infrastructure, deployments, and code work — the real browser, your repositories, and governed actions against the systems you run. See the route for platform engineering.

Compliance, support & review.

Read-mostly workspaces for reviewers, support, and executive oversight — proof, run history, and approvals front and center, with consequential actions still gated behind a clear yes.

Deployment modes

Run it on your machine, in the cloud, or fully inside your boundary.

These aren't separate products. They're settings on the same workspace — turn on what you need, and your work, apps, and controls come with you.

Local.

Cuttlefish runs as a desktop app on Windows, macOS, and Linux, and keeps work on the machine. Models run directly on a person's own computer, so the whole exchange — prompts and data — never leaves it. This is the most private way to work, and local models perform well here.

Cloud.

Connect the biggest external models and shared tools when you want their reach, and let work follow people across devices. Nothing goes out unless it's connected and chosen — you decide what reaches the outside, task by task, under one set of controls.

Self-hosted & sovereign.

For organizations that need everything inside their own boundary, Cuttlefish supports deployment where prompts, retrieval, model inference, tool execution, memory, governance, and audit all stay inside the enterprise perimeter — nothing leaves the lines you draw.

Private & hybrid model routes

Open model choice, under one consistent control.

People can use cloud models, models running privately on their own machine, or your organization's approved providers — and switch between them — while you keep one set of permissions, approvals, and records across all of it.

Approved external providers

You decide which models and providers are available to the organization — ChatGPT, Claude, Gemini, and others — and people pick the right one per task.

Tenant-private inference

Route work to inference that stays inside your own boundary, so sensitive prompts and data don't reach an outside provider's servers.

On-machine local endpoints

First-class support for private models running on a person's own computer through Ollama, LM Studio, and custom endpoints — the whole conversation stays local.

One control surface

Whichever route a model takes, the same permissions, approval steps, and tamper-proof records apply. Freedom for the user; one consistent surface for you.

Admin, sign-on & billing

Run it for your organization without giving anything up.

People sign in with the accounts they already have, you decide who can do what, and you see plans, usage, and invoices in one place. Your people don't learn anything new.

Single sign-on.

People sign in through your existing identity provider, using the login they already trust — no extra password to create or reset.

Automatic account setup.

Access follows your directory: people are added when they join and turned off when they leave, in step with your other systems, so the list of who can use Cuttlefish keeps itself current.

Roles & org admin.

Assign roles that decide who can administer, who can approve, and who can connect new tools. A dedicated admin area holds your people, connected systems, and organization-wide terms — separate from anyone's personal settings.

Billing & usage.

See your plan, subscription, invoices, and model usage in one place. Usage is metered as your team works, so finance sees what's adding up without assembling a spreadsheet.

Audit, receipts & evidence

A straight answer to "what did it do, and who said yes?"

A read-only view shows what's running, what was approved, and the record behind each result. Open any piece of work to see what was used, what changed, and who signed off — with nothing sensitive exposed.

Runs you can watch.

Reviewers and admins see what is running and what was approved, in plain language, without needing anyone technical to interpret it.

Proof you can verify.

Each result carries a tamper-proof record. An auditor can confirm it's genuine and unaltered, and hand it on without exposing keys, raw addresses, or private details.

A stop control in reach.

If something ever looks wrong, an administrator can halt outside tool activity at once and revoke any permission previously granted — and the change takes effect immediately.

Security review

Bring it to your security team — the answers are ready.

The control model is built to be reviewed. Two pages give your security, privacy, and compliance reviewers what they need to evaluate Cuttlefish in detail.

Security review.

How permissions, approvals, data boundaries, redaction, and the stop control work, with the specifics a security reviewer asks for. Read the security review.

Trust, privacy & control.

What stays on the device, what reaches the outside, and how "local means local" holds — the privacy posture in plain terms. See trust & privacy.

Set up your first environment.

A guided walk through connecting an environment, classifying its actions, and putting the controls in place before anyone relies on it. Start enterprise setup.

Get started

Put a governed AI workspace in front of your team.

Start with one system and one team in a pilot, then widen the circle as trust builds — the same controls apply all the way up.