Secure AI agents that stamp a visible watermark across your pdfs — inspect first, then confirm.
Signed, auditable, read-only by default — governed by your tenant policy on every call. Watch one work, live.
Live demo · rotating across agents
What watermarks are on the files in Legal/Contracts?
Pinning Legal/Contracts and inspecting each PDF and Word file on the platform — reporting only the STRUCTURAL facts of any watermark (where it lives, what kind, confidence), never the document text. Nothing is changed.
| File | Where | Kind | Confidence |
|---|---|---|---|
| msa-acme.pdf | pdf_content_overlay | visible_text | high |
| pricing.pdf | |||
| policy.docx | docx_header_vml | visible_text | high |
What metadata do the files in Legal/Contracts carry?
Pinning Legal/Contracts and scanning each PDF and Office file on the platform — reporting only WHICH metadata fields are present, how many, their type, and any sensitivity label. Never the values, and nothing is changed.
Import the form Forms/FATCA-CRS.pdf into Kiteworks and show me the fields
Resolving Forms/FATCA-CRS.pdf and extracting its fields in the platform's isolated lane. You get field structure only — types and counts — plus a preview link for the real labels; the form's text never reaches me, and nothing is created.
| Field key | Type | Required |
|---|---|---|
| p00.f000 | text | yes |
| p00.f003 | select | no |
| p01.f011 | checkbox | no |
Redact the files we just previewed in Finance/Invoices
Re-checking the folder against the confirmed plan first — if anything changed since the preview, the apply refuses and nothing is touched. Then each planned file gets a redacted copy, and the original moves to "To delete".
| Original | Redacted copy | Original moved to |
|---|---|---|
| supplier-invoices-q1.csv | supplier-invoices-q1-redacted.csv | To delete |
| payment-runs.txt | payment-runs-redacted.txt | To delete |
| contact-sheet.docx | contact-sheet-redacted.docx | To delete |
Latest across the marketplace
Available now
Signed Kiteworks agents you can install in Claude Code or Claude Desktop today.
Watermarker
Inspect what watermarks a PDF or Word file carries — where they live, what kind, and a confidence level — then stamp a visible text watermark across a PDF's pages with one confirmation. Inspect-and-detect for PDF and Word; apply is PDF-only for now. The file content never leaves the platform, the watermark carries no personal data by default, and it is informational — not an integrity seal.
Metadata Scrubber
See the hidden metadata your documents carry — author, edit history, company, template, custom properties and sensitivity labels — across a Kiteworks folder, then clean it. Scan reports presence, counts and type only, never the values; clean strips Tier-1 properties into a non-destructive copy while protecting sensitivity labels. The content never leaves the platform.
Form Importer
Turn an existing PDF or Word form into a real, fillable Kiteworks Form — preview the extracted fields first, then create it with one confirmation. The form's text is extracted on-platform and never reaches the AI; only field structure, counts, and a preview link cross the boundary. PDF extraction needs the platform PDF dependency (the [entities-image] extra); without it, PDF sources fail closed with pdf_extraction_unavailable while Word (DOCX) imports still work.
Entity Detector
Find credit cards, IBANs, emails, phone numbers, IPs, Dutch BSN, US SSNs and ITINs, UK NHS numbers, DEA numbers and crypto wallets in a Kiteworks folder — preview the counts, then redact with one confirmation. Detection runs locally on the platform; file content never leaves it. Requires the platform entity engine (CPython 3.13); without it, detection reports unavailable and fails closed — never falsely clean.
Sensitivity Label Manager
Inventory and apply Microsoft sensitivity labels (Word, PowerPoint, Excel) in a Kiteworks folder — preview what is labeled, then set or upgrade from your organization's taxonomy with one confirmation. Marking-only and set/upgrade only: it never downgrades, removes, or applies encryption, and the file content never leaves the platform.
Redactor
Redact specific words or strings you name — a person's name, a project codename, a contract number — across a Kiteworks folder. Preview the per-file match counts, then redact with one confirmation. The terms you type never appear in any report, audit record, or receipt; matching runs locally and file content never leaves the platform.
Coming next
Want one of these sooner? Tell us.
DLP Sentinel
Find PII, PHI, and PCI patterns hiding in your Kiteworks tenant before someone else does.
Permission Auditor
Surface files shared too broadly — public links, external collaborators, stale shares.
Activity Anomaly Detector
Flag unusual user behavior in Kiteworks — mass downloads, off-hours access, geographic leaps.
Legal Hold Manager
Apply, track, and release legal holds across Kiteworks with a defensible audit trail.
GDPR Subject Request Handler
Locate every Kiteworks artifact related to a named data subject in one query.
External Sharing Reviewer
Continuous review of external collaborators: who has access, to what, and is it still needed.
Why our agents are different
Read-only by default
Every agent declares its allowed Kiteworks tools up front and refuses to call anything outside the list. Mutating actions require explicit human approval and live in separate signed bundles.
Hash-chained audit
When you add the Kiteworks Compliance Runtime, every tool call is recorded into a hash-chained ledger that detects tampering. Exportable as CMMC / SOC2 evidence.
Per-tenant policy
Admins author retention rules, evidence roots, and access controls once. The runtime applies them to every run — from any host (Claude Code, Claude Desktop, ChatGPT, Copilot).
Install in your AI host
One marketplace, every assistant. Add Kiteworks agents to the tools your team already uses.
Not supported by this marketplace UI yet — we'll publish a connector guide when it's ready.
Not supported by this marketplace UI yet — we'll publish a connector guide when it's ready.