Cyris

Product Introduction

1. Definition: Cyris is an AI agent observability and compliance infrastructure platform specifically engineered for AI-native healthcare startups. It functions as an automated instrumentation layer that captures, logs, and verifies interactions between Large Language Models (LLMs) and end-users. Technically, it is a middleware SDK that provides a tamper-proof audit trail and automated governance for complex AI workflows.

2. Core Value Proposition: Cyris exists to eliminate the "security review wall" that prevents AI startups from closing deals with hospitals and healthcare systems. By providing proof of AI explainability, data lineage, and anomaly detection through an immutable, hash-chained record, it enables vendors to satisfy stringent HIPAA and EU AI Act requirements with minimal engineering overhead.

Main Features

1. Zero-Code Auto-Instrumentation: Cyris enables developers to monitor 12+ LLM providers—including OpenAI, Anthropic, AWS Bedrock, Google Gemini, Vertex AI, Mistral, and Ollama—by adding just two lines of code to their application. The SDK automatically hooks into official client libraries to capture inputs, outputs, timestamps, and metadata without requiring a rewrite of the agent's logic or internal configuration files.

2. Hash-Chained Audit Trails: Every decision made by an AI agent is logged into a tamper-proof, hash-chained ledger. This technical architecture ensures data integrity, meaning that logs cannot be altered or deleted after the fact. This provides "chain-of-custody" evidence for every AI-driven clinical or administrative decision, satisfying the high evidentiary standards of hospital compliance departments.

3. Automated Security Questionnaire Fulfillment: Using the real-time data captured from agent traffic, Cyris can automatically populate complex security questionnaires (e.g., 200-question hospital assessments) in approximately 90 seconds. It maps operational data directly to compliance requirements, providing real timestamps and evidence counts rather than generic boilerplate responses.

4. Dynamic Workflow Mapping and Agent Discovery: Within 10 seconds of activation, Cyris discovers active agents and begins mapping the connections between them. Over a 7-day period, it constructs a complete, data-driven workflow graph that illustrates how information flows from Triage agents to Billing or Records agents, providing a visual representation of AI handoffs that is essential for impact analysis.

5. Real-Time PHI and Anomaly Detection: The platform includes a specialized scanning engine that flags Protected Health Information (PHI) before it leaves the local environment. Additionally, it provides a real-time anomaly feed with severity classification, alerting teams to model drift, unexpected prompt bloat, or logic failures before they impact patient care or clinical outcomes.

Problems Solved

1. Pain Point: The Delayed Sales Cycle. Healthcare startups often lose momentum during the 3-6 month security review process. Cyris solves this by providing "audit-ready" evidence on demand, reducing the time spent pulling logs and drafting manual responses to compliance officers.

2. Target Audience: This product is designed for CTOs and Lead AI Engineers at healthcare-native startups, Compliance and Risk Officers at AI health tech firms, and Enterprise Sales teams who need to provide technical assurance to hospital procurement departments.

3. Use Cases:

• Hospital Procurement: Providing a live "Trust URL" to a hospital’s security team to prove the safety and reliability of an AI scribe or diagnostic tool.
• Incident Response: Tracing a "wrong dosage" or "wrong patient record" error back to the specific LLM call and identifying all downstream agents affected by that single failure.
• Operational Monitoring: Tracking "token burn" and latency spikes per agent to identify which specific system prompt changes caused a sudden increase in operational costs.

Unique Advantages

1. Differentiation: Unlike generic compliance tools like Vanta or Drata, which focus on the hospital's internal processes and general IT controls, Cyris is purpose-built for the "vendor side" of the AI review. It specifically monitors the behavior and output of non-deterministic models, which traditional compliance software cannot see.

2. Key Innovation: The primary innovation is the "Live Compliance URL." Instead of sending static, outdated PDFs, Cyris users generate a private, real-time data product that allows hospital compliance teams to verify audit readiness, hash-chain integrity, and BAA status at any hour without needing a login or risking a leak of sensitive operational data.

Frequently Asked Questions (FAQ)

1. Does Cyris support HIPAA compliance and BAA agreements? Yes. Cyris offers a dedicated Compliance tier specifically for healthcare organizations that requires a Business Associate Agreement (BAA). The platform includes 7-year HIPAA-compliant data retention, SSO/SAML integration, and specific tools to ensure PHI is flagged and handled according to federal regulations.

2. How many LLM providers can Cyris monitor simultaneously? Cyris currently supports over 12 major LLM providers and protocols, including OpenAI, Anthropic (Claude), Azure OpenAI, AWS Bedrock, Google Gemini, Vertex AI, Mistral, Cohere, Groq, Together AI, and the Ollama official client. It also supports MCP servers for extended agent capabilities.

3. How does Cyris differ from traditional logging or APM tools? Traditional Application Performance Monitoring (APM) tools track system uptime and latency but lack the "explainability" layer required for AI. Cyris captures the semantic context of AI decisions, builds relationship graphs between different agents, and provides cryptographic proof (hash-chaining) of the logs, which is a requirement for high-stakes healthcare audits.

4. Can Cyris detect and prevent model drift? Yes. Cyris tracks per-agent drift metrics and exports them as evidence for any given window. By monitoring input/output distributions and cost-per-call metrics, it alerts engineers when an agent's behavior deviates from its established baseline, allowing for intervention before the drift affects clinical accuracy.