ATOM Console Guide
Everything you need to govern your AI applications.
Getting Started
ATOM is a pre-execution AI governance platform. Every AI request your applications make is evaluated by ATOM before the model executes -- not after. This section walks through your first governed call.
Step 1 -- Connect a provider
Go to Settings → Provider Keys and add your API key for at least one provider (Groq, Anthropic, OpenAI, etc.). Trial and Starter plan users must supply their own keys (BYOK). Pro and Enterprise tenants may use platform keys.
Step 2 -- Make your first governed call
Point your application at the ATOM gateway instead of calling your AI provider directly. Replace the provider endpoint with the ATOM governed call endpoint:
POST https://api.atomlabs.app/v1/governed-call
x-api-key: lcac_your_tenant_key
Content-Type: application/json
{
"tenant_id": "your-tenant-id",
"input": "Your prompt here",
"provider": "groq",
"model": "llama-3.1-8b-instant"
}Step 3 -- Check the Live Feed
Navigate to Live Feed to see your governed call appear in real time with its RIS score, CII score, and governance decision.
Dashboard
The Dashboard gives you a real-time snapshot of your governance posture. All metrics update as calls arrive -- no manual refresh required.
Key metrics
| Metric | What it means |
|---|---|
| Total Calls | All governed calls in the selected time window |
| Blocked | Calls that were denied by policy or RIS threshold |
| Avg RIS | Mean Reasoning Integrity Score across all calls (0=clean, 4=critical) |
| Avg CII | Mean Cognitive Integrity Index (0-1, higher is better) |
| Block Rate | Percentage of calls blocked. Above 30% triggers anomaly alert |
| Stance | Current governance posture: STANDARD, STRICT, PERMISSIVE, DEFENSIVE, or LOCKDOWN |
Governance Forecast
The Governance Forecast panel on the dashboard shows AI-generated risk projections based on current call patterns. Navigate to Governance for the full briefing.
Enforcement
Enforcement controls how ATOM responds when a call violates policy or exceeds risk thresholds.
Enforcement modes
| Mode | Behavior |
|---|---|
| Shadow | Observe only. Would-block events are recorded but calls are allowed through |
| Enforced | Block calls that violate policy. Allow calls within policy |
| Hard Fail | Block on any ambiguous or marginal governance decision (Pro+) |
| Emergency | Block all calls except explicitly whitelisted patterns (Enterprise) |
Changing enforcement mode
Go to Enforcement and select the mode that matches your risk appetite. Start with Shadow to build a baseline, then enable Enforced when you are ready to block.
Policy
Policy defines the rules ATOM applies to every governed call. Policies control PII detection, injection detection, content categories, provider allowlists, and RIS thresholds.
Default policy
Every tenant starts with a default policy that enables PII detection and injection detection in shadow mode. Customize it from the Policy page.
RIS threshold
The RIS (Reasoning Integrity Score) threshold sets the maximum acceptable risk level. Calls with RIS scores above the threshold are blocked (in Enforced mode) or flagged (in Shadow mode).
| RIS Level | Risk | Typical trigger |
|---|---|---|
| RIS-0 | Clean | Normal query, no anomalies |
| RIS-1 | Low | Minor sensitivity, borderline language |
| RIS-2 | Moderate | PII detected, elevated complexity |
| RIS-3 | High | Injection pattern, jailbreak attempt |
| RIS-4 | Critical | Confirmed attack, policy override attempt |
PII patterns (Pro+)
Pro and Enterprise tenants can add custom PII patterns beyond the built-in detectors. Go to Policy and add regex patterns under Custom PII Patterns.
Agents
Agents represent AI workflows or autonomous processes in your system. Each agent is governed independently with its own policy and execution boundaries.
Creating an agent
Go to Agents and click "New Agent". Assign a name, description, and the maximum RIS level allowed for that agent's calls.
Agent limits by plan
| Plan | Agent limit |
|---|---|
| Trial | 3 agents |
| Starter | 10 agents |
| Pro | 50 agents |
| Enterprise | Unlimited |
Per-agent policy
Each agent can have its own override policy on top of the tenant default policy. Use per-agent policies to allow certain agents elevated permissions while keeping the default policy restrictive.
Provider Keys
ATOM supports 14 AI providers. You can bring your own API key (BYOK) for any provider, or use platform-managed keys on Pro and Enterprise plans.
Adding a key
Go to Settings → Provider Keys, select a provider, and paste your API key. Keys are encrypted at rest and never logged.
Platform keys (Pro/Enterprise)
Pro and Enterprise tenants can use ATOM platform keys for supported providers without managing their own credentials. Platform key usage is billed per-call and shown in your usage dashboard.
Key rotation
Keys can be updated at any time from Settings. Updating a key takes effect immediately for all subsequent governed calls.
provider_key_required.Governance Scores
Every governed call produces two scores that are recorded in the audit ledger and displayed across the console.
RIS -- Reasoning Integrity Score
RIS measures the risk level of a prompt before execution. It is a 5-level scale (RIS-0 to RIS-4) produced by the Reasoning Governor before every call. A higher RIS means more potential risk.
CII -- Cognitive Integrity Index
CII measures the quality and consistency of the model's response after execution. It is a float between 0 and 1 (higher is better). CII below 0.4 may indicate hallucination or semantic incoherence in the response.
Governance Stance
The overall governance stance reflects the combined risk profile of recent calls. ATOM adjusts the stance automatically based on trust score, drift detection, and incident patterns.
| Stance | Meaning |
|---|---|
| STANDARD | Normal operating conditions |
| PERMISSIVE | Very low risk environment, relaxed thresholds |
| STRICT | Elevated risk detected, tighter enforcement |
| DEFENSIVE | Active threat signals, block on ambiguity |
| LOCKDOWN | Critical incident state, minimal execution allowed |
Compliance
ATOM generates evidence packages for regulatory compliance. The compliance module covers EU AI Act (Article 9), SOC 2 Type II preparation, and GDPR AI processing documentation.
EU AI Act -- Article 9
ATOM automatically generates Article 9 compliance evidence from your governance audit trail. Download a PDF report from the Compliance page. The August 2, 2026 deadline applies to high-risk AI systems under the EU AI Act.
Audit export (Pro+)
Pro and Enterprise tenants can export the full audit ledger as a CSV from the Compliance page. Each row includes: timestamp, tenant, decision, RIS level, CII, provider, model, and SHA-256 hash of the governance record.
Compliance reports (Pro+)
AI-generated compliance summary reports are available under Compliance → Reports. These include governance posture summaries, incident narratives, and policy adherence analysis across any time range.
Settings Reference
All tenant-level configuration lives in Settings.
| Setting | Description |
|---|---|
| Provider Keys | Add and manage API keys for AI providers |
| Enforcement Mode | Set the active enforcement mode for this tenant |
| RIS Threshold | Maximum RIS level before blocking (Enforced mode) |
| PII Detection | Enable/disable PII scanning on all governed calls |
| Injection Detection | Enable/disable prompt injection scanning |
| Custom PII Patterns | Add custom regex patterns for PII detection (Pro+) |
| Webhooks | Configure HMAC-signed governance event webhooks (Starter+) |
| Team Members | Invite users and assign roles |
| API Keys | Generate and revoke tenant API keys |
| Billing | View plan, usage, and manage subscription |
Roles
| Role | Permissions |
|---|---|
| admin | Full access to all settings and governance controls |
| security_owner | Governance, enforcement, policy, and compliance access |
| developer | Read access to traces, live feed, and agents |
| viewer | Read-only access to dashboard and live feed |