How Kamiwaza works: A technical reference for IT teams
How the stack fits together
Kamiwaza is a secure orchestration layer that sits above your existing infrastructure. Nothing is replaced, nothing is extracted. AI agents query data in place, accessing mainframes, policy admin platforms, document stores, email systems, and carrier portals without moving data or crossing your security perimeter.
The three layers interact as follows: AI agents in the top layer formulate prompts via the orchestration layer. The orchestration layer routes those queries to the appropriate data source, applies the user’s relationship-based access control (ReBAC) permissions to filter what can be returned, and assembles the result. Data never leaves its origin system.
In-place data inferencing: Your data stays where it is
Kamiwaza connects to systems of record via lightweight connectors — no agents installed on the data source, no extraction pipeline, no copy of your data stored elsewhere. Each connector authenticates using your existing credentials and access controls.
What connects
Mainframes and legacy systems
— COBOL, IMS, DB2, VSAM. Kamiwaza’s connectors read structured and semi-structured mainframe data without requiring a middleware layer
Policy administration platforms
— Duck Creek, Guidewire, Majesco, and custom systems via REST, JDBC, or direct database connection
Document repositories
— SharePoint, network file shares, carrier portals, email attachments. Documents are processed in place using visual language models, no ingestion into a vector database
Real-time feeds
— ISO rating data, carrier APIs, third-party enrichment sources. Kamiwaza queries these on demand rather than pre-loading
What doesn’t happen
No data lake
— There’s no central repository where your data is copied or consolidated
No transformation prerequisite
— Kamiwaza works within existing data formats. There’s no ETL pipeline to build before you can start
No migration window
— Connectivity is additive. Existing systems continue to operate normally
Living ontology: Business context, dynamically maintained
Traditional AI deployment requires someone to manually define the relationships between entities in your data, such as what constitutes a “location,” how an underwriter’s territory is defined, and what risk profile guidelines apply to a given submission class. Kamiwaza’s living ontology discovers and encodes these relationships from your existing data.
What the ontology does
Entity resolution — Identifies that Building A in the policy admin system and Location 1 in the claims system refer to the same insured asset without requiring a data quality project first
Underwriting criteria encoding — Cross-references submission characteristics against underwriting guidelines to surface fit scores. When criteria changes, the ontology updates
Relationship mapping — Understands broker-to-underwriter assignments, account history, policy hierarchies, and carrier relationships, making these available to AI agents as context
Continuous update — The ontology updates as data changes. New carriers, new product lines, and new territorial structures are reflected without manual maintenance
What the ontology does
Kamiwaza skips over the months-long knowledge engineering effort typically required to configure a domain-specific AI system. In traditional deployments, a team of data engineers maps your business vocabulary into a schema the AI can use. Kamiwaza, in contrast, discovers that vocabulary from your existing data.
Relationship-based access control (ReBAC)
Every agent inherits a specific user’s permissions. Nothing more.
Kamiwaza’s security model is built on relationships, not roles. Traditional RBAC assigns permissions based on job function: all underwriters in this role can see all policies in this line. ReBAC assigns permissions based on specific relationships: this underwriter can see policies they originated, policies in their territory, and policies explicitly shared with them.
How ReBAC works in practice
Agent context — Every AI agent operates within a named user context. When an underwriter’s agent retrieves submission data, it can only access submissions the underwriter themselves could access
Dynamic resolution — Permissions are resolved at query time, not configuration time. When an underwriter’s territory changes, their agent’s access changes with it, no permission update required
No over-provisioning — Agents can’t accumulate permissions across sessions or inherit administrative access. Each agent is scoped to the exact permissions of its user context
Full audit trail — Every agent action is logged with the user context, the data accessed, the permission rule applied, and the timestamp. Compliance review is deterministic
Why this matters for regulated environments
HIPAA, state insurance regulations, and internal compliance requirements all require demonstrable proof that AI systems can’t access data beyond what a human in that role would access. ReBAC provides that proof by design, not by audit log review after the fact. Compliance teams can answer the question “What can the AI see?” with the same answer as “What can the user see?”
Comparison: RBAC versus ReBAC
| Function | RBAC | Kamiwaza ReBAC |
|---|---|---|
| Permission unit | Role (job function) | Relationship (specific data) |
| Access change trigger | Manual role update | Automatic on relationship change |
| Agent scoping | Inherits all role permissions | Inherits specific user permissions only |
| Audit trail | Role-level logging | User, permission rule, and data accessed |
| Over-provisioning risk | High (shared role permissions) | None (per-user, per-agent scoping) |
Deployment specification
| Deployment model | On-premise, cloud (AWS/Azure/GCP), or hybrid — customer choice |
|---|---|
| Data movement | None. AI agents query data in place |
| Infrastructure prerequisite | None. No cloud mandate, no migration required |
| Data cleansing required | None. Visual language models process existing formats as-is |
| Security model | ReBAC. Every agent inherits the specific permissions of its user context |
| Mainframe support | COBOL, IMS, DB2, VSAM via native connectors |
| Document processing | Visual language models — any carrier format, any layout, no template required |
| Audit logging | Full trail: user context, data accessed, permission rule applied, and timestamp |
| Compliance | HIPAA, SOC 2, and state-regulated environments supported |
Kamiwaza versus traditional AI platforms
If you’re evaluating multiple AI vendors, this is the structural difference that matters. Most enterprise AI platforms require data centralization before any deployment. Kamiwaza doesn’t.
| Function | Traditional AI | Kamiwaza |
|---|---|---|
| Data approach | Requires centralized data lake | In-place with no data movement |
| Upfront infrastructure cost | Multi-million-dollar investment before first workflow | No migration costs, significantly lower overall cost |
| Legacy system support | Requires data extraction and transformation | Native connectors, no ETL prerequisite |
| Access control model | RBAC — role-level permissions | ReBAC — per user, per agent scoping |
| Business context | Manual rules and schema configuration | Auto-discovered living ontology |
| Compliance audit trail | Role-level logging | User + rule + data, per agent action |
| Operational risk | High — migration, downtime, data exposure | Low — in-place, incremental, no disruption |
Ready to go deeper?
The solution brief covers the full business and technical case in a single document — architecture, Healthbus implementation detail, deployment approach, and a worked example of how the three challenge areas map to specific Kamiwaza capabilities.
Ready to see how this fits your environment?
Schedule a technical consultation. We’ll walk through your specific stack, identify the highest-value starting workflow, and give you a realistic deployment timeline.
Deploy enterprise AI without moving your data
See the zero-migration architecture insurers use to quote in real-time — boosting efficiency and profitability by eliminating the multi-year data consolidation project.
You’ve heard the advice:
“Consolidate everything into a data lake”
That’s a multi-year, high-risk project — and by the time you’re done, your business has moved on.
The insurance industry is navigating a “scale gap.” While premiums are growing, operational efficiency is stalling. IT managers, now expected to be direct contributors to the bottom line, are wrestling with these inefficiencies. Your underwriters spend 40% of their time on manual data entry, rather than risk analysis. Your claims adjusters dig through legacy files like archaeologists. Your brokers are losing deals to competitors who quote faster.
The conventional solution? Migrate everything to a central data repository, then deploy AI.
But there are problems with this approach:
- Timeline — This process takes years before AI deployment even begins.
- Risk — Moving petabytes of sensitive, regulated data creates security and compliance nightmares.
- Completeness — Even after massive consolidation efforts, critical data remains scattered between legacy systems, partner data, and real-time operational feeds.
- Cost — You’re making a multi-million dollar infrastructure overhaul with unclear ROI.
- Data quality — This approach requires extensive cleansing and transformation before AI can use it.
The result is that your data stays trapped in legacy silos. Your workflows remain manual, slow, and unscalable. Your AI initiative dies in the planning phase. Meanwhile, your CFO asks, “When will IT start contributing to margin improvement?”
Innovate without migration
You don’t need to move your data to deploy enterprise AI. You need to orchestrate it.
Kamiwaza is the secure AI orchestration platform that activates your data where it lives. We deploy digital co-workers that read, reason, and execute tasks across your legacy systems in real-time. This builds a system of action on top of your existing infrastructure.
This fundamentally changes the economics and risk profile of enterprise AI.
Core capabilities
In-place connectivity
We connect to your systems of record — mainframes, policy administration systems, email servers, on-premise storage — exactly where they reside. We index the data in place, respecting your existing security perimeter, with no:
- Data movement required
- Cloud migration mandate
- Risk to operational stability
- Data cleansing prerequisite
The benefit:
You get modern AI capabilities without a multi-year data migration or cloud consolidation project. This means faster time to value and dramatically lower infrastructure costs.
Business impact:
When IT avoids costly migration projects while still delivering AI capabilities, you shift from cost center to business enabler.
Living ontology
Scanning text isn’t enough — AI needs business context. Kamiwaza builds a dynamic context graph that maps the relationships between your files and your business logic.
A generic LLM sees “Building A” and “Location 1” as separate text strings. Kamiwaza, in contrast, understands that “Building A” in the loss run is the same asset as “Location 1” in the policy schedule. This ensures agents act on accurate business logic, not just keywords.
- Auto-discovers relationships from your existing systems
- Updates automatically as your business changes
- Enforces business rules at the AI layer, not just the database layer
- Works with messy data — no reformatting or cleansing required upfront
The benefit:
Your AI understands institutional knowledge, the unwritten rules and relationships that employees learn over time. This means higher accuracy and less manual correction.
Business impact:
Accurate AI reduces operational costs by eliminating error correction and rework.
Relationship-based access control (ReBAC)
Security isn’t an afterthought. Agents inherit the exact permissions of the user through Kamiwaza’s patented ReBAC.
If an underwriter isn’t allowed to see a specific Claims folder or PII field, their AI agent can’t see it either.
- Zero data spillage by design
- Simplifies compliance audits
- Enables autonomous operation without manual review
The benefit:
You can deploy AI with confidence, knowing it will never exceed user permissions or violate regulatory boundaries.
Business impact:
Autonomous AI agents reduce manual review costs while maintaining compliance, directly improving operational margins.
Real results: Healthbus transformation
Healthbus, a comprehensive benefits platform, faced a scalability crisis: their manual quote generation process was a competitive disadvantage in a market where speed determines who wins the deal.
By deploying Kamiwaza, they transformed their intake workflow from a bottleneck into a competitive advantage — without moving a single file.
| Metric | Before Kamiwaza | With Kamiwaza |
|---|---|---|
| Quote speed | 4 days | Real time |
| Client friction | 5 touchpoints | 1 touchpoint |
| Manual data entry | Manual process | Zero manual entry |
“Kamiwaza transformed our entire sales workflow... enabling real-time quote generation and instant document validation that eliminated bottlenecks.” — Healthbus team
Technical implementation
- Data sources connected — Various internal and external data channels and repositories
- No data movement — All documents remained in original locations
- No data cleansing — Worked with data as-is, messy formats and all
Transform your highest-friction operations
Because Kamiwaza is an agnostic orchestration engine capable of automating any workflow involving unstructured data, it brings immediate, measurable impact for insurers in these three areas.
The technical challenge
Generating a complex commercial quote takes days. Data must be manually extracted from disparate PDFs and Excel schedules, then re-keyed into your rating engine.
The Kamiwaza solution
Digital co-workers streamline the underwriting process by automatically extracting, structuring, and mapping risk data from complex documents directly into your pricing model. This eliminates the need for manual intervention. Additionally, they ensure accuracy by cross-checking the extracted data against both policy history and established underwriting guidelines.
By providing real-time information, this technology significantly reduces the infrastructure and overhead costs associated with each policy.
Business impact
- Faster quotes leads to higher win rates
- The same team processes more volume, meaning better margins
- IT delivers competitive advantage without expensive infrastructure
The technical challenge
Your intake channels receive hundreds of submissions daily through email, portal uploads, and broker platforms. Processing them “first in, first out” means high-value risks sit buried while your team spends hours on an out-of-appetite business.
The Kamiwaza solution
Digital co-workers read the content of every incoming email and attachment immediately upon receipt, scoring each submission against your specific appetite guidelines. Based on the rules you set, the agent prioritizes high-value submissions, helping the business focus on the most desirable opportunities. This process comes with a full audit trail for regulatory compliance.
Business impact
- Reduced wasted underwriter time means lower cost per policy
- Better risk selection improves loss ratios
- Projects gain approval when IT initiatives demonstrably improve profit margins.
The technical challenge
Claims adjusters are forced to act as “archaeologists,” digging through underwriting files, policy documents, medical records, and other reports spread across multiple systems to make coverage decisions.
The Kamiwaza solution
By creating a live context graph, we link the original underwriting intent to new claims evidence, enabling instant coverage validation and liability summarization. Our ontology mapping allows the system to understand document relationships, automatically generating claims summaries with supporting documentation and flagging exclusions or missing documents.
This entire process is fully auditable, resulting in a significantly streamlined and less time-intensive claims workflow for your teams.
Business impact
- Faster claims resolution lowers loss adjustment expense
- Reduced fraud losses leads to a better combined ratio
- IT enables margin improvement, not just technology delivery
Why insurers choose Kamiwaza over traditional platforms
| Traditional AI platform | Kamiwaza | |
|---|---|---|
| Data requirement | Centralize into data lake | Zero data movement |
| Implementation timeline | Years | Weeks to months |
| Upfront insurance cost | Multi-million-dollar investment | Significantly lower (no migration costs) |
| Data cleansing requirement | Extensive transformation needed | Works with existing data as-is |
| Business context | Manual configuration requirement | Auto-discovered living ontology |
| Security model | Role-based access control (RBAC) | Relationship-based access control (ReBAC) |
| Infrastructure | Cloud mandate, vendor lock-in | Hardware agnostic, deploy anywhere |
| Operational risk | High (data migration, system replacement) | Low (in place, incremental) |
| Legacy system support | Requires modernization first | Works with mainframes, any system |
What this means for your IT budget
When you avoid multi-million dollar data migration projects, you can deliver AI capabilities faster and cheaper. This positions IT as a business enabler rather than a cost center — which is exactly what your CFO wants to see.
Enterprise-grade security by design
Zero trust architecture
Kamiwaza implements zero trust principles at every layer:
Agent authentication
— Every AI agent operates under a specific user context, never as “system admin.”
Least privilege access
— Agents request only the minimum data needed for each task.
Continuous validation
— Permissions re-verified on every data access, not just at session start.
Relationship-based access control (ReBAC)
Traditional role-based access control (RBAC) assigns permissions based on job title. ReBAC assigns permissions based on data relationships.
For example:
- RBAC — “All underwriters can see all policies.”
- ReBAC — “Underwriters can see policies they originated, or policies in their territory, or policies explicitly shared with them.”
This granular, context-aware security model prevents data spillage even as organizational structures change.
Audit and compliance
Complete audit trail
- Who (which user/agent) performed what action
- When (timestamp with millisecond precision)
- Why (business rule or logic that triggered the action)
- What data was accessed (with full lineage)
Regulatory compliance
- HIPAA — PHI handling, audit logging, and access controls
- SOC 2 Type II — Security, availability, and confidentiality controls
- GDPR — Data residency, right to erasure, and consent management
- State insurance regulations — Varies by jurisdiction, with configurable compliance rules
Ready to deploy AI without migration?
When you can deliver AI capabilities without multi-million dollar infrastructure investments, you shift from cost center to business enabler. We’ll help you articulate the margin impact and cost avoidance that makes this an easy approval.
Schedule a technical consultation to see if Kamiwaza fits your architecture.
We move with you.
We don’t ask you to reshape your world to fit AI — we bring AI to your world. That means flowing into your existing systems, silos, and security processes. No forced centralization, no compromise. Just intelligence that integrates, not interrupts.
We build for altitude, not just output.
We build for growth, for innovation — and not just functional output. We’re not just connecting data sources or streamlining steps: we’re building a path for better decisions, faster thinking, and less overhead.
We believe in results over hype.
We track, quantify, and optimize outcomes, backing you up with close collaboration and hands-on support. So you can clearly see the ROI. Because AI isn’t just about innovation buzzwords — it’s about real, measurable business impact.