MSP & IT Operators

AI your clients can't tell apart from your best engineer.

You run systems for a roomful of clients, and the catch with most AI tools is simple: you can't let them anywhere near anything that matters. Cuttlefish is built the other way around. It does real work across each client's systems, every client stays sealed off from every other, and every change leaves proof you can hand straight to that client.

The real problem

Generic AI tools were never built for a multi-client desk.

Running one tenant carefully is hard enough. Running dozens, each with its own systems, its own credentials, and its own auditor, is where most AI access quietly falls apart.

One client's blast radius reaches the next.

When an assistant holds access to several estates at once, a mistake doesn't stay put. A wrong command, a confused context, a tool pointed at the wrong account — and suddenly the problem belongs to a client who had nothing to do with it. You need each client walled off so work in one can never touch another.

Shared, standing credentials.

The fast way to wire AI into many systems is to hand it broad, always-on keys — and that is exactly the way that ends careers and contracts. A single over-scoped credential is a single point of failure across every client you serve. The right answer is access that's specific, granted on purpose, and revocable in one place.

Tool access nobody can audit.

If the AI ran a command and you can't say which client it touched, what it changed, or who approved it, you don't have an account you can defend. Operators live and die on accountability, and "the AI did it" is not an answer a client will accept. You need a plain, tamper-proof record of every consequential action.

How it works for an MSP

The same flow as the assistant on the home screen — run once per client.

Onboard a client, decide what's allowed, do the work in front of you, and hand over the proof. Each client is its own sealed lane the whole way through.

Onboard

Bring a client's systems in.

Connect the tools that client runs, with guided setup, and keep them separate from everyone else's.

GitHubKubernetesArgo CDAzure & in-house tools
Set the limits

Decide what's allowed.

Nothing consequential happens on its own. Read-only checks flow; anything that changes a system asks first.

Closed by defaultRead-only flowsGrant on purposeRevoke anytime
Do the work

Run the job in front of you.

Describe what you need in plain language. Cuttlefish uses that client's tools and shows you each step.

Check a serviceWalk a rolloutPropose a fixTest before change
Hand over proof

Close the loop with a record.

Every change leaves a tamper-proof account of what happened — ready for that client's review.

What was usedWhat changedWho approvedWhere it went
The work runs the same way for one client or fifty — and the boundary between them holds at every stage, so a routine that fits one estate never spills into another.
Per-client governed boundaries

Each client is its own sealed estate, with its own proof and its own approvers.

The controls that make AI safe to hand out are the same ones that let you say yes on a client's behalf — and keep the line between clients sharp.

Boundaries set per client.

You decide, client by client, which tools Cuttlefish may reach, what it may change, and where its data is allowed to go. A connection scoped to one client's network stays on that network. New permissions start off; you grant exactly what you intend, and you can take any of them back at once — for one client, without touching the rest.

Evidence packs an auditor accepts.

For any meaningful step, Cuttlefish keeps a plain, tamper-proof record of what it used, what it changed, who approved it, and where the result went — scoped to the client it belongs to. Keys, raw addresses, and private details stay hidden, so you can hand a client their evidence pack without exposing anything you shouldn't.

Approval paths that actually move.

When a step changes something real, Cuttlefish pauses and shows a clear card: what it's about to do, what it affects, and whether it can be undone. You allow, deny, adjust, or run it as a test first. For the biggest actions it asks once more — and when you're between client sites, you can approve or deny from your phone with the instruction sealed end to end.

Reusable operator workflows

Build a routine once, run it across every client it fits.

The work you repeat — a patch sweep, a config comparison, a stuck-rollout check — becomes something your whole team opens like a tool, instead of commands pasted from a wiki.

Turn a runbook into an app.

When a check or a sequence proves itself, promote it into an installed tool your team opens like any other — no copy-pasting commands across client estates. Each one carries a tamper-proof record and can be rolled back to an earlier version if you ever need it. Your runbooks stop living in someone's head and become software you own.

Run a change as a test first.

For anything that touches a live client system, run it as a test to see exactly what would happen before it happens. It's the safe way to hand a new routine to a junior engineer, and the honest way to show a client what a change will do. The outcome is shown without the change being made.

Lasting instructions that watch for you.

Tell Cuttlefish to check a client's backups every morning, or to watch for a condition and report back — and it does, on schedule, across the clients you point it at. It surfaces the result and asks before it changes anything, so standing coverage never turns into silent action.

Proof you can stand behind

Control isn't a feature here — it's the reason the rest is safe to use.

You never switch it on, watch it, or operate it. It honors the limits you set for each client automatically, and stops rather than guesses when it can't be sure.

Each client's data stays where they put it.

Local connections and models that run on your own hardware keep the whole exchange on the machine — nothing leaves for an outside provider unless you choose it. For sensitive client work you can pick a private model per task and switch mid-conversation, so the data that matters most never travels at all.

One stop that means stop.

If something feels off, a single action halts everything Cuttlefish is allowed to do at once — every running task, every open approval, every standing permission — and returns it to watch-only. Network and device actions come ticketed, with named approvers and a path to roll back, so you're never guessing whether a change was sanctioned.

One controlled path for outside tools.

Local tools pair quietly to the machine they run on. Remote and shared systems connect through a single guarded path you oversee — sensitive details kept hidden, outbound access kept on a short leash, every connection's health visible and switchable off. You see what's connected for each client and stay the one who decides.

Start with one client

Map one client estate, and see the whole flow hold.

Bring one client's systems in, set the boundaries, run a real change with approval and a test-first preview, and hand over the proof — then decide how far to roll it out.