Compliance that moves with your estate.
Screenshots age. Estates don't stop changing because an audit ended. Kinetic Fabric is Yōjin's live-evidence layer: it reads the systems you already run, normalises what it finds into governed facts, and assesses them with deterministic rules — continuously, not annually.
Collect. Normalise. Assess.
01 · collect
Connectors read your estate
Microsoft 365, Azure, AWS, Google Cloud, Google Workspace, Okta and Microsoft Defender — configuration, identity and posture facts across hundreds of provider services, collected on a schedule with raw payloads preserved and hashed.
02 · normalise
Facts become governed objects
Provider-specific data is normalised into one inventory model under versioned, machine-checked contracts. Identities resolve across providers — the same person in Entra and Okta is one subject, not two rows.
03 · assess
Deterministic rules decide
Compliance checks are expressions, evaluated the same way every time. Results feed control evidence and reviews — findings advise your team; they never silently rewrite your compliance record.
The sensing layer meets Yōjin's governed AI.
Kinetic Fabric establishes the facts. Kōan brings agentic work to those facts: drafting cited assessments and mappings, then stopping for a person to decide.
- Kinetic Fabric01Observe and checkLive evidence · deterministic rules
- Governed graph02Connect the factsControls · obligations · provenance
- Draft and proposeCited agentic work · no direct writes
03
- Human review04Decide what changesAccept · reject · return
Depth is the difference.
Surface-level connectors check ten settings and call it visibility. Kinetic Fabric's coverage is measured in services and rules per provider — collected, normalised and assessed the same way everywhere.
- AWS63 services · 589 rulesEC2 to EKS, S3 to SageMaker, IAM to Bedrock — 202 normalised entity types across the estate, including GuardDuty, Security Hub, CloudTrail and Config.
- Microsoft 36595 entity types · 328 rulesEntra ID, Intune, Exchange, SharePoint, Teams, Purview, Power Platform, Azure DevOps — and three Defender surfaces: XDR, Identity, and Office.
- Azure60 entity types · 209 rulesVMs and AKS, Key Vault, the SQL and Cosmos estates, Databricks, Defender for Cloud, and Azure AI services.
- Google Cloud25 services · 124 rulesGKE, BigQuery, Cloud SQL, KMS, Secret Manager, DLP, Vertex AI — through to API keys and audit logging.
- Google Workspace33 workloads · 115 rulesGmail, Drive, Meet, Chat, Classroom and Gemini settings — plus the mobile and ChromeOS device directories.
- Defender for Endpointdevice postureMachine risk and exposure scores, per-device vulnerabilities, and software inventory for every managed endpoint.
- Oktaidentity governanceUsers, groups, applications and policies — assessed for identity hygiene and feeding cross-provider identity resolution, so one person is one subject.
In total: 1,384 deterministic rules, written against the benchmarks assessors already trust — CIS, Microsoft Zero Trust Assessment, CISA — with Yōjin's own reachability and toxic-combination packs on top.
Counted from versioned rule and entity manifests, July 2026.
Your fleet is in scope too.
Most GRC tooling stops at the cloud control plane. Kinetic Fabric treats devices as first-class: compliance policies are verified per platform — Windows, macOS, iOS and Android, corporate and personal — and endpoint posture is assessed capability by capability, from disk encryption to attack-surface reduction.
Defender for Endpoint adds per-machine risk scores and vulnerabilities, and a vendor-neutral baseline rides on top of every source: fleet compliance rate, encryption coverage, and devices that have gone quiet.
what gets checked
- Compliance-policy coverage per platform — Windows, macOS, iOS, Android
- Endpoint posture: BitLocker & FileVault, firewall, OS updates, attack-surface reduction, antivirus
- Conditional Access verified to actually block non-compliant devices
- Per-machine vulnerabilities and risk scores via Defender for Endpoint
- Cross-vendor baseline: compliance rate, encryption coverage, stale devices
- One device, one identity — resolved across every source that sees it
From settings to consequences.
A misconfiguration list tells you what's untidy; it doesn't tell you what an attacker can do. Kinetic Fabric composes its recorded facts into exposure analysis across AWS, Azure and Google Cloud: reachability verdicts prove which paths to your data actually exist, toxic-combination findings surface where identity, data and vulnerability risks compound on the same asset, and zero-trust scoring rolls proven exposure up into pillars a board can read.
Proven, not guessed
Four layers, never blurred: static topology, inferred exposure, proven reachability, toxic combination. A path is "reachable" only when the analysis proves it over recorded facts — and every verdict can be replayed.
Exploitability-aware
Vulnerability findings carry their real-world context — CISA KEV and EPSS signals join each CVE — so "critical" means exploited or likely to be, not just a scanner's severity label.
Advisory by design
Exposure findings advise your team. Like every Kinetic Fabric result, they never silently create or change GRC records — what enters your compliance record is decided by people.
An asset register that fills itself.
Everything the connectors see lands in one canonical asset view — and the register reaches past infrastructure. Suppliers, contracts, licences and business services are governed objects with lifecycles.
The register is where audit questions stop being archaeology: which systems process personal data, which supplier sits behind this service, which licences lapse next quarter. Because identities and devices resolve across providers, the same person in Entra and Okta — and the laptop they carry — is one subject with one risk story, not three rows in three exports.
Unknown is an answer.
Most tools have two colours: green and red. Kinetic Fabric has four states — pass, fail, error, and unknown — because "we couldn't check" and "it failed" are different facts, and treating them the same corrupts your posture.
And unknown always says why — one of five precise reasons: missing field, stale source, provider not connected, permission gap, empty dataset. When your dashboard is green, that's a claim you can stand behind.
every fact keeps its lineage
- source which connector, which account, which run
- integrity raw payload preserved with its hash
- freshness collection time and snapshot identity
- provenance field-level trace from fact to origin
- replay results can be rebuilt from the recorded facts
When an auditor asks "how do you know?", the answer is attached to the evidence itself.
Evidence your auditor can take away.
Assessment results flow into control evidence, reviews and audit items — and can be exported as structured evidence packs: a strict, versioned manifest plus a queryable report of what was checked, against what rule, with what result, over which facts. Not a PDF of screenshots; a record with lineage that can be replayed.
Point it at a real tenant.
The best Kinetic Fabric demo runs against an estate like yours — bring your stack list.