Brillnet combines workflow, risk policies, an evidence trail and AI oversight in one operating system. It's the central console for organisations that want to automate without losing control.
roi.active
+42%
return on active automations
approvals.pending
03
processes awaiting decision
evidence.pack
24h
to an audit-ready evidence package
console.output
Policy control
workflow procurement / vendor change
AI model gateway
full prompt/response log and write modes
Evidence package
linked to controls and owner decision
Model Gateway AI
DLP + guardrails + 3 logging modes
brand hub
Brillnet Automation
operational core and decision layer
Pulsar GRC
compliance, risks, audits and evidence
Zmianowo / CrewShift
skills, workforce readiness and certification
owasp asi
10 protection layers
audit trail
full change history
human approval
four-eyes for high-risk
ecosystem
3 brands, 1 deployment language
Every action within rules and approvals
Compliance designed into the architecture
Automation gains visible in real time
Agentic security as the default layer
Brillnet solves six key barriers that prevent organisations from safely scaling automation.
The decision as the axis of every automation. Four-eyes approval with role separation. Full change history and an immutable event log.
“Every automation run has an owner, a rationale and a complete decision trail — ready for review at any time.” — COO
decision.changelog // append-only event ledger z hash-chain
Risk classification (low/medium/high) at every step. A policy control checkpoint, human oversight with pause/stop, and a test mode before go-live.
“High-risk automation doesn't mean losing control — Brillnet enforces a stop and approval exactly when the risk demands it.” — CISO
policy.pdp.evaluate() // ALLOW | DENY | REQUIRE_APPROVAL
Decision metrics: cycle time, SLA violations per work cell. An ROI dashboard comparing the before and after state. Continuous monitoring and automatic remediation for low-risk issues.
“Brillnet calculates the ROI of every automation in real time — you don't need a consultants' report to see how much you're saving.” — CFO
roi.cockpit // before/after, token cost + approval time vs. KPI
Critical events as a first-class object. Circuit breaker and fail-safe default blocking. Cryptographic chain and real-time log integrity verification.
“Brillnet doesn't just automate — it detects when something goes wrong and stops before the problem spreads.” — Head of Risk
critical.event // auto-detection, circuit breakers, incident freeze
Model gateway as the sole entry point to AI. Request/response write modes, data-leak protection and guardrails. Bring-your-own encryption keys and a local-model option.
“Every use of AI in processes is visible, controlled and auditable — the AI governance layer that was missing.” — CTO
ai.gateway // DLP + guardrails + BYOK + write modes A/B/C
Shared data schema in the client database. Automation output immediately visible as evidence in Pulsar GRC. Full autonomy with isolation.
“Zero synchronisation, zero lag, one audit trail from automation to compliance evidence.” — CTO
bridge.cross-product // shared schema core.* + pul_* + zmi_*
Four steps from decision chaos to controlled automation with a complete evidence trail.
Identify critical decision points, risk sources and process owners within your organisation.
Configure risk levels (low/medium/high), approval policies and escalation rules for every process step.
Launch the process with policy control, test mode and a circuit breaker. Every action stays within defined policies.
ROI dashboard, continuous monitoring and before/after comparison. Data instead of intuition when deciding to expand automation.
Every process step passes through a policy control checkpoint. Humans remain the owners of high-risk decisions.
Low-risk steps execute automatically with a full log. The policy control checkpoint grants approval without human intervention.
Requires confirmation from the process owner. Separation of requester/approver roles with a time limit for approval.
Explicit human acceptance with informed consent. Oversight with pause, stop, override and rollback capabilities.
Fail-safe default blocking. Side-effect lockout on policy control, logging or gateway failure. Incident freeze with a single click.
Test mode lets you run through a process without side effects before it goes to production. The launch guard blocks a work cell from starting without an assigned risk level and active policies.
feature.inventory // 13 modules
Each module is a dedicated microservice with GUI, registry, export and auditor explanation.
decision.service
Decision entity, changelog, cycle time and SLA breach metrics per workcell.
workcell.service
Workcell with risk tier, tool allowlist and cryptographic signature.
runtime.orchestrator
DAG-based execution, retry, checkpointing and shadow mode.
policy.service
evaluate(action, actor, resource) — fail-closed, 4-eyes, kill-switch.
evidence.service
Append-only ledger, hash-chain, evidence packs ZIP + SHA-256.
compliance.runtime
GDPR, EU AI Act, NIS2/KSC, SOC 2, ISO 27001, EAA/WCAG 2.2, ePrivacy/PKE, EU Data Act, DPA/SCC, DORA.
ai.gateway
Routing, DLP, guardrails, BYOK, write modes A/B/C.
critical.event
Auto-detection, severity, escalation playbooks, remediation.
incident.readiness
Incident freeze, runbooks, SLA timers, customer alerts.
release.governance
Release gates, rollback governance, SAST/DAST gates.
roi.cockpit
ROI before/after, CCM, OpenTelemetry, Prometheus + Grafana.
connectors.service
Email, Slack, M365, Google Docs/Drive, Jira, REST, Webhooks.
bridge.cross-product
Pulsar GRC read/writeback, Zmianowo trigger/writeback.
ai.governance // model gateway
Model Gateway controls every use of AI in processes. Model routing, data protection, guardrails and a full log — all in one point.
Brillnet ecosystem / central hub
Brillnet Automation, Pulsar GRC and Zmianowo / CrewShift operate in one ecosystem. Each brand has its own product, but together they build a coherent flow of decisions, data and evidence.
Operations Automation Platform. Controlled workflow, risk levels, ROI dashboard, AI with guardrails and a full evidence trail.
Regulatory compliance, remediation actions, audits and evidence API for controls.
Open landing pagePlatform for skills readiness, development programmes and evidence-based compliance.
Open landing pageecosystem.contract
Shared tracking identifier, evidence API and a consistent deployment language for all Brillnet brands.
Brillnet Automation
decision engine
core.*
shared schema
Pulsar GRC
compliance + audit
Zmianowo
workforce readiness
↑ compliance controls
↓ evidence writeback
↑ automation results
↓ training trigger
stack.overview // 6 layers
Python 3.11 FastAPI + Next.js 15 React 19, PostgreSQL 17, Docker 19 containers, OpenTelemetry.
microservices
13
docker containers
19
compliance modules
10
owasp asi
10/10
no-bypass rules
7
Brillnet supports compliance with key European regulations from day one. Compliance is a release condition — not a checkbox.
Processing activity register, data subject request handling, retention by data class, 72-hour breach procedure.
AI competence, prohibited practice blocks, high-risk classification, human oversight. Deadline: 02.08.2026.
Art. 21 controls, incident reporting 24h/72h/1m, incident freeze, scenario exercises.
Data portability, standard export, “clean exit” test, explicit SLA agreements. Zero vendor lock-in.
Sub-processor register, DPA/SCC checklist, data transfer status, change notifications.
Consent register, tracking classification, separation of operational and marketing telemetry.
Continuous compliance monitoring, evidence packages, independent verification, monthly coverage and exceptions report.
Accessibility as a release condition. Automated accessibility audits in the CI pipeline. No AA = no deployment.
10 agentic vulnerability classes. 10 protection layers. Each tested by penetration testing as a release condition.
ASI-01
Instruction/data separation, injection detection.
ASI-02
Tool allowlist, shell protection, read-only by default.
ASI-03
Temporary credentials, dynamic vault, automatic revocation.
ASI-04
Version pinning, AI/software bill of materials, provenance verification.
ASI-05
Sandboxed execution, static and dynamic code analysis, default blocking.
ASI-06
Immutable audit log, cryptographic signatures.
ASI-07
Mutual encryption, end-to-end encryption, replay protection.
ASI-08
Circuit breakers, resilience tests, emergency stop.
ASI-09
Risk indicators in the UI, explicit consent for high-risk actions.
ASI-10
Anomaly detection, automatic quarantine, incident package.
adr-0005 // maf boundary — 7 no-bypass rules
From opening the decision dashboard to closing an incident — three moments that show why operator-centred design matters.
The operator opens the decision dashboard. They see 3 pending approvals, 1 critical event from the night shift, and the ROI dashboard with a regression alert. Everything on one screen.
evidence.trail
Night event → evidence pack → decision correlation → ROI panel with regression
They click the critical event — full context (what, when, which data, which agent). Incident freeze with a single click. The system blocks deployments and generates an evidence snapshot.
evidence.trail
Incident freeze → deployment block → evidence snapshot → escalation runbook
Explicit risk indicator (high), policy engine rationale, decision history. Confirmed with informed consent — not a default click-through. Evidence immediately in the event log.
evidence.trail
Policy evaluate → REQUIRE_APPROVAL → informed consent 4-eyes → evidence in core.events
Operator-centred design. Every screen is designed around one question: “can a stressed operator make the right decision in 30 seconds?”
Interactive process map with decision points, success indicators, risks and an event timeline. Time to critical action: < 3 clicks.
Comparison of the baseline state with post-deployment results, with a detailed drill-down for each process. Approval costs and time vs. outcomes. Automatic regression alerts.
Loading with skeleton animations, empty views with hints, errors with a retry option. No view is ever empty without an explanation — that is a release condition.
Response time ≤ 200ms, load ≤ 2.5s, visual stability ≤ 0.1. Weekly metrics report per view. Performance regression blocks deployment.
Mobile-first, no functional differences. Global search from any view. Keyboard shortcuts in approvals, the decision dashboard and alert management. < 3 clicks to a critical action.
Owner, Operator, Reviewer — each role has a dedicated onboarding with a checklist. Metrics: time to first action, completion rate, activation at 7/30 days.
WCAG 2.2 AA as a release condition. Mobile/desktop navigation with no functional differences. Role-based onboarding (Owner, Operator, Reviewer) with a time-to-first-action metric.
End-to-end visibility, faster decisions, less improvisation.
ROI measured automatically. Continuous cost monitoring. Costs under control.
Risk levels, circuit breaker, hardening per OWASP ASI.
Compliance matrix, evidence package, quarterly legal monitoring.
API architecture, shared data schema, bring-your-own encryption keys, AI sandbox.
competitive.edge // uniqueness
Every automation is a decision entity with an owner, a rationale and a full trail. No competitor in Poland offers this level of auditability. Brillnet is not a workflow builder — it is a platform where the decision is a first-class object.
Hash-chain tamper-evident. Evidence packs with SHA-256 and offline verifier (tel-verify).
Human approval for HIGH-risk is a technical requirement (PDP → REQUIRE_APPROVAL), not a checkbox.
DLP, guardrails, BYOK, local OSS models, write modes A/B/C. EU AI Act ready.
The only platform on the market with full hardening across all 10 agentic threat classes.
13
microservices
10
EU regulations
10/10
OWASP ASI
5
Architecture Decision Records
Every module pen-tested as a release condition. Release gate blocks PROD without complete compliance evidence. Compliance is a release condition — not a checkbox.
pricing.preview // plans
14-day free trial. No credit card required.
trial
0 PLN
14 days · full Professional access
All modules
AI Gateway: 500K tokens
Up to 5 users
professional
399 PLN/mo
up to 49 users
20 workflows, 100 decisions
AI Gateway + ROI Cockpit
Evidence packs + compliance
advanced
999 PLN/mo
no limits
Everything from Professional +
Critical Events, Incidents, BYOK
Dedicated SLA + onboarding
Bundle: -15% for each additional Brillnet app. Full pricing →
Brillnet is a product company specialising in Operations Automation for small and medium enterprises.
We build a platform that combines process automation, risk policies and an evidence trail in one ecosystem — so that every decision is auditable, every action controlled and every cost measurable.
At the heart of every product we place three values: control, transparency and measurability.
Brillnet Piotr Adamski
ul. Sienkiewicza 73/6, 90-057 Łódź
NIP: 732-177-90-60