Our Philosophy: The P‑TCA‑P Framework

At the heart of korvai.app is a simple idea: every decision an executive needs to make can be broken down into five universal elements. We call this the P‑TCA‑P framework. It is the grammar of our platform—the structure that transforms raw security data into board‑room clarity.

The Five Elements

P₁ – Tool Perspective

What the system observes. Every product has a bounded view – email, endpoints, cameras, networks.

Harmony sees email threats. CrowdStrike sees endpoint behaviour. Rhombus sees physical access.

P₂ – Viewer Perspective

Who reads the output. A CEO, CISO, COO, or franchise owner each need different language and priorities.

The same data becomes a one‑page board summary or a location‑level accountability report.

T – Trigger

What fires the analysis. An event, a threshold, a schedule.

A phishing email detected. A compliance score dropping below 70%. Monday morning at 6 AM.

C – Condition / Control

The rule or NIST standard that governs whether the trigger demands action.

NIST DE.CM‑01 (continuous monitoring) or a client‑defined policy threshold.

A – Action

The precise output. A verdict, a score delta, a report section, an escalation.

"TRUE_POSITIVE – escalate to CISO." "Endpoint score –15 points." "Executive summary generated."

Why P‑TCA‑P Matters

Most security platforms simply collect and display data. They leave the sense‑making to you. P‑TCA‑P is different. It is baked into every layer of korvai.app:

InaiyAi

routes every incoming event using the framework.

YaamAi

classifies threats with it.

KorvAi

scores your posture with it.

ParvAi

correlates cross‑product events using the framework.

TeymAi

monitors compliance health with it.

NadAi

writes every sentence of your report with it.

Every decision

is stored in an immutable audit trail — so you can always trace why a score changed or an alert fired.

Ethical AI by Design

P‑TCA‑P isn't just about security—it's about building AI you can trust. The five elements encode the core principles of responsible AI:

P‑TCA‑P Element	Ethical AI Principle	How KorvAi Implements It
P₁ – Tool Perspective	Transparency	We document every data source and its limitations (e.g., "CrowdStrike sees endpoint behaviour, not network traffic").
P₂ – Viewer Perspective	Accountability	Every report is tailored to its audience—a CEO sees different information than a CISO, because their ethical responsibilities differ.
T – Trigger	Explainability	Every decision starts from a traceable trigger—you can always answer "why did this happen now?"
C – Condition / Control	Fairness	Conditions encode ethical thresholds (e.g., disparate impact checks, regulatory compliance rules).
A – Action	Auditability	The decision_log stores every action with its full P‑TCA‑P context—a complete chain of custody for AI decisions.

Built on emerging global standards

NIST AI RMF 1.0GDPR – Right to ExplanationEU AI Act – Transparency

Built on Global Standards

Every condition in P‑TCA‑P is grounded in NIST CSF 2.0, the global benchmark for cybersecurity. When we say your Identity score is low, we can tell you exactly which NIST control is failing.

Govern

Identify

Protect

Detect

Respond

Recover

The Result

P‑TCA‑P turns complexity into clarity. It is the reason you get one email, not a dashboard. It is why your weekly report is actionable, not overwhelming. And it is the foundation of every intelligence korvai.app delivers.

The Decision Flow

P₁

Tool Perspective

camera · endpoint · email

⇄

Trigger

phishing · 6am · drop >10%

⇄

Condition

NIST rule · <70% training

⇄

Action

TP · −15 pts · section

⇄

P₂

Viewer Perspective

CEO · CISO · COO

↻ daily cycle

korvai.app AI Agents

⌀

InaiyAi

Ingest · validate · route

P₁ · TGV, PR

Normalises events from all products, validates signatures, routes to correct agent.

◈

KorvAi

Orchestrate · score

P₂ · C · AGV, ID, RS

6‑dimension posture score · weighted composite · board‑ready number.

⬡

YaamAi

Classify · suppress

T · C · ADE, RS

TRUE_POSITIVE vs FALSE_POSITIVE · hard rules + LLM · confidence threshold.

◉

ParvAi

Correlate · converge

T · C · AID, DE, PR

Cross‑product correlations (physical+cyber) · CORR‑1 to CORR‑5.

∿

NadAi

Narrate · RAG

P₂ · C · ARS, RC, GV

Executive report generation · retrieves NIST · section‑by‑section.

◐

TeymAi

Health · compliance

T · C · APR, ID

Monitors what's missing: training, MFA, patches, coverage – per location.

A Self‑Improving System

Like Andrew Ng's Context Hub, P‑TCA‑P is designed to get smarter with every decision. Every decision_log entry becomes training data for future iterations:

KorvAi Element	Context Hub Parallel	How It Improves
Annotations	`chub annotate`	Agents flag edge cases (e.g., "Harmony webhook timestamp occasionally missing") – stored in decision_log.
Feedback Loop	`chub feedback`	Client‑facing thumbs‑up/down on report recommendations refines future outputs.
Versioned Knowledge	`Curated docs in markdown`	NIST controls, product APIs, and Azuris services are maintained as versioned knowledge in our RAG database.

Every week, NadAi's reports get more accurate because the framework learns from what worked—and what didn't.

Continuous Improvement in Action

P‑TCA‑P Decision

event fires

⇄

decision_log

every action stored

⇄

Agent annotations

edge cases flagged

⇄

Improved docs & rules

weekly update

⇄

Next P‑TCA‑P Decision

smarter output

⬇️ Client feedback also refines reports ⬇️

How it works: Every decision is logged → agents annotate edge cases → docs and rules update weekly → next week's reports are smarter.

Every decision is stored in the decision_log – full P‑TCA‑P audit trail.
Grounded in NIST CSF 2.0 (including Recover function)and aligned with NIST AI RMF 1.0. Powered by korvai.app · A self‑improving intelligence platform.