Korweave Platform Architecture
Korweave is Kscope's data contextualization engine. It ingests operational data from your systems, builds a unified context graph, and surfaces actionable insights through analyzers.
How It Works
1. Blueprints ingest your data -- Read-only connectors pull structured data from your systems (cloud, DevOps, identity, security tools) and normalize it into graph nodes and edges.
2. Context Graph stores and links it -- A high-performance graph datastore that retains topologies, events, and metrics. It maintains relationships across all operational layers and scales elastically.
3. Model Framework enriches with intelligence -- Applies analytics and AI to normalize, correlate, and detect patterns across the graph. Identifies anomalies, predicts issues, and scores risk.
4. Analyzers surface actionable insights -- Modular logic engines that mine Context Graph data to detect misconfigurations, vulnerabilities, and risks. Results are delivered through Insights and visual Sightlines.
Core Components
| Component | Purpose | Learn more |
|---|---|---|
| Blueprints | Connect external systems and ingest data into the context graph | Blueprint catalog |
| Context Graph | Graph datastore for topologies, events, metrics, and their relationships | Inventory |
| Model Framework | AI-powered correlation, enrichment, and pattern detection | Analyzers |
| Analyzers | Surface insights from correlated data with no-code visualizations | Analyzer catalog |
| Applications | Operational units that bundle Blueprints + Analyzers for a use case | Agent Hub |
Data Flow In Detail
- Crawl -- Blueprints connect to external systems using read-only credentials and discover the data schema automatically.
- Normalize -- Raw data is converted into typed graph nodes (assets, users, policies) and edges (relationships, dependencies).
- Store -- The graph is persisted in Context Graph, maintaining full topology and temporal history.
- Analyze -- A bot pipeline processes the graph sequentially: joining related entities, enriching with computed properties, running semantic analysis, tracking state changes, generating insights, filtering noise, and correlating across domains.
- Surface -- Results appear as prioritized alerts in Insights, visual dashboards in Analyzers, and explorable graphs in Explorer.
Security Domains
Korweave supports four primary security domains, each powered by the same underlying architecture:
| Domain | What it covers | Key analyzers |
|---|---|---|
| Cloud Security (CSPM) | Infrastructure misconfigurations, IAM risks, network exposure, compliance | AWS IAM, Azure IAM, GCP IAM, Kubernetes |
| Data Security (DSPM) | Database access, data flows, sensitive data exposure | Database, AWS RDS |
| Application Security (ASPM) | Code vulnerabilities, dependencies, SBOMs, CI/CD pipelines, API security | Application, SCA, Secrets & PII |
| AI Security (AISPM) | AI model security, agent permissions, prompt injection, training data integrity | AI IAM, AI SAST, AI DAST |
Key Capabilities
- Real-time correlation -- Continuously crawls and connects data across systems, building an evolving graph
- Business-aware prioritization -- Scores risks by business impact, not just severity
- Natural language queries -- Ask questions in plain English via KAI
- Graph exploration -- Trace relationships and blast radius visually via Explorer
- Extensible integrations -- Add new data sources via the Blueprint catalog without code changes
Next Steps
- Getting Started -- First login, team setup, and your first Blueprint
- Blueprint Catalog -- See all available integrations
- Analyzer Catalog -- Explore security and compliance analyzers
- Explorer -- Navigate the context graph visually
- KAI -- Ask natural language questions about your environment