AI assurance for the enterprise — executive oversight across Microsoft Azure, AWS & hybrid cloud — Request a demo
Access Model

Read-only. In your tenant. Zero stored credentials.

Managed Identity (Azure)
AI Pulse authenticates to your Azure subscription via Managed Identity — no service principals, no secrets, no keys stored in the platform. Permissions are scoped to Reader and Cost Management Reader only.
Read-only IAM Role (AWS)
AWS connectivity uses a scoped cross-account IAM role with read-only policies. No access keys are stored. The role is customer-created and customer-controlled — revoke it at any time to immediately disconnect.
Entra ID Authentication
User access is exclusively through Microsoft Entra ID (formerly Azure AD). No local accounts, no shared passwords, no external identity providers. Full MFA and Conditional Access support inherited from your tenant.
Data Residency

Your data never leaves your environment.

AI Pulse is deployed as an Azure Container App inside your own tenant. All signal processing — resource metadata, security telemetry, cost data, compliance evidence — happens within your cloud boundary. No AI asset data or compliance evidence is transmitted to SYLVA servers or any third-party service.

In-tenant deployment
Runs as an Azure Container App in your subscription. Your data stays in your region, under your governance policies, and within your cloud boundary — on every plan, not just Enterprise.
Zero write access
AI Pulse holds no write permissions to any cloud resource. Remediation actions remain in your native Azure, AWS, ITSM, or DevOps tooling. There is nothing for AI Pulse to misconfigure.
CISO Evidence Pack

Full security documentation available on request.

For security reviews, vendor assessments, and procurement due diligence, SYLVA provides a comprehensive evidence pack covering:

Request the evidence pack