ATOMATOM
ENTERPRISE
LIVE
TENANT
User Guide

ATOM Console Guide

Everything you need to govern your AI applications.

Getting Started

ATOM is a pre-execution AI governance platform. Every AI request your applications make is evaluated by ATOM before the model executes -- not after. This section walks through your first governed call.

Step 1 -- Connect a provider

Go to Settings → Provider Keys and add your API key for at least one provider (Groq, Anthropic, OpenAI, etc.). Trial and Starter plan users must supply their own keys (BYOK). Pro and Enterprise tenants may use platform keys.

Step 2 -- Make your first governed call

Point your application at the ATOM gateway instead of calling your AI provider directly. Replace the provider endpoint with the ATOM governed call endpoint:

POST https://api.atomlabs.app/v1/governed-call
x-api-key: lcac_your_tenant_key
Content-Type: application/json

{
  "tenant_id": "your-tenant-id",
  "input": "Your prompt here",
  "provider": "groq",
  "model": "llama-3.1-8b-instant"
}

Step 3 -- Check the Live Feed

Navigate to Live Feed to see your governed call appear in real time with its RIS score, CII score, and governance decision.

Shadow mode is on by default. In shadow mode, ATOM observes and records every call but does not block anything. This lets you see what would have been blocked before enabling enforcement.

Dashboard

The Dashboard gives you a real-time snapshot of your governance posture. All metrics update as calls arrive -- no manual refresh required.

Key metrics

MetricWhat it means
Total CallsAll governed calls in the selected time window
BlockedCalls that were denied by policy or RIS threshold
Avg RISMean Reasoning Integrity Score across all calls (0=clean, 4=critical)
Avg CIIMean Cognitive Integrity Index (0-1, higher is better)
Block RatePercentage of calls blocked. Above 30% triggers anomaly alert
StanceCurrent governance posture: STANDARD, STRICT, PERMISSIVE, DEFENSIVE, or LOCKDOWN

Governance Forecast

The Governance Forecast panel on the dashboard shows AI-generated risk projections based on current call patterns. Navigate to Governance for the full briefing.

Enforcement

Enforcement controls how ATOM responds when a call violates policy or exceeds risk thresholds.

Enforcement modes

ModeBehavior
ShadowObserve only. Would-block events are recorded but calls are allowed through
EnforcedBlock calls that violate policy. Allow calls within policy
Hard FailBlock on any ambiguous or marginal governance decision (Pro+)
EmergencyBlock all calls except explicitly whitelisted patterns (Enterprise)

Changing enforcement mode

Go to Enforcement and select the mode that matches your risk appetite. Start with Shadow to build a baseline, then enable Enforced when you are ready to block.

Switching from Shadow to Enforced will immediately start blocking calls that violate your policy. Review your Live Feed in shadow mode before switching to avoid blocking legitimate traffic.

Policy

Policy defines the rules ATOM applies to every governed call. Policies control PII detection, injection detection, content categories, provider allowlists, and RIS thresholds.

Default policy

Every tenant starts with a default policy that enables PII detection and injection detection in shadow mode. Customize it from the Policy page.

RIS threshold

The RIS (Reasoning Integrity Score) threshold sets the maximum acceptable risk level. Calls with RIS scores above the threshold are blocked (in Enforced mode) or flagged (in Shadow mode).

RIS LevelRiskTypical trigger
RIS-0CleanNormal query, no anomalies
RIS-1LowMinor sensitivity, borderline language
RIS-2ModeratePII detected, elevated complexity
RIS-3HighInjection pattern, jailbreak attempt
RIS-4CriticalConfirmed attack, policy override attempt

PII patterns (Pro+)

Pro and Enterprise tenants can add custom PII patterns beyond the built-in detectors. Go to Policy and add regex patterns under Custom PII Patterns.

Agents

Agents represent AI workflows or autonomous processes in your system. Each agent is governed independently with its own policy and execution boundaries.

Creating an agent

Go to Agents and click "New Agent". Assign a name, description, and the maximum RIS level allowed for that agent's calls.

Agent limits by plan

PlanAgent limit
Trial3 agents
Starter10 agents
Pro50 agents
EnterpriseUnlimited

Per-agent policy

Each agent can have its own override policy on top of the tenant default policy. Use per-agent policies to allow certain agents elevated permissions while keeping the default policy restrictive.

In ABE mode (Authority-Before-Execution), every agent call requires a valid authority grant to have been issued before execution. Calls without a matching grant are rejected with HTTP 402. This is the highest level of execution control.

Provider Keys

ATOM supports 14 AI providers. You can bring your own API key (BYOK) for any provider, or use platform-managed keys on Pro and Enterprise plans.

Adding a key

Go to Settings → Provider Keys, select a provider, and paste your API key. Keys are encrypted at rest and never logged.

Platform keys (Pro/Enterprise)

Pro and Enterprise tenants can use ATOM platform keys for supported providers without managing their own credentials. Platform key usage is billed per-call and shown in your usage dashboard.

Key rotation

Keys can be updated at any time from Settings. Updating a key takes effect immediately for all subsequent governed calls.

Trial and Starter plan tenants must supply their own provider keys. Platform keys are a Pro+ feature. Calls that require a key but have none configured will return a 402 with the error code provider_key_required.

Governance Scores

Every governed call produces two scores that are recorded in the audit ledger and displayed across the console.

RIS -- Reasoning Integrity Score

RIS measures the risk level of a prompt before execution. It is a 5-level scale (RIS-0 to RIS-4) produced by the Reasoning Governor before every call. A higher RIS means more potential risk.

CII -- Cognitive Integrity Index

CII measures the quality and consistency of the model's response after execution. It is a float between 0 and 1 (higher is better). CII below 0.4 may indicate hallucination or semantic incoherence in the response.

Governance Stance

The overall governance stance reflects the combined risk profile of recent calls. ATOM adjusts the stance automatically based on trust score, drift detection, and incident patterns.

StanceMeaning
STANDARDNormal operating conditions
PERMISSIVEVery low risk environment, relaxed thresholds
STRICTElevated risk detected, tighter enforcement
DEFENSIVEActive threat signals, block on ambiguity
LOCKDOWNCritical incident state, minimal execution allowed

Compliance

ATOM generates evidence packages for regulatory compliance. The compliance module covers EU AI Act (Article 9), SOC 2 Type II preparation, and GDPR AI processing documentation.

EU AI Act -- Article 9

ATOM automatically generates Article 9 compliance evidence from your governance audit trail. Download a PDF report from the Compliance page. The August 2, 2026 deadline applies to high-risk AI systems under the EU AI Act.

Audit export (Pro+)

Pro and Enterprise tenants can export the full audit ledger as a CSV from the Compliance page. Each row includes: timestamp, tenant, decision, RIS level, CII, provider, model, and SHA-256 hash of the governance record.

Compliance reports (Pro+)

AI-generated compliance summary reports are available under Compliance → Reports. These include governance posture summaries, incident narratives, and policy adherence analysis across any time range.

Settings Reference

All tenant-level configuration lives in Settings.

SettingDescription
Provider KeysAdd and manage API keys for AI providers
Enforcement ModeSet the active enforcement mode for this tenant
RIS ThresholdMaximum RIS level before blocking (Enforced mode)
PII DetectionEnable/disable PII scanning on all governed calls
Injection DetectionEnable/disable prompt injection scanning
Custom PII PatternsAdd custom regex patterns for PII detection (Pro+)
WebhooksConfigure HMAC-signed governance event webhooks (Starter+)
Team MembersInvite users and assign roles
API KeysGenerate and revoke tenant API keys
BillingView plan, usage, and manage subscription

Roles

RolePermissions
adminFull access to all settings and governance controls
security_ownerGovernance, enforcement, policy, and compliance access
developerRead access to traces, live feed, and agents
viewerRead-only access to dashboard and live feed
Need help? View the full technical documentation at Docs or contact support at [email protected].