Autonomous IT support under full control

56% of support hours go into recurring tickets like password resets, onboarding and permissions. nordnung.ai handles them automatically and auditably, hosted in Germany.

Request a demo Watch the 100-second video

Hosted in Germany
GDPR-compliant
Tenant isolation
Audit log + kill switch

nordnung.ai in 100 seconds

The planned product flow at speed: from the call to the documented resolution.

Why now

Shadow AI is already running.

Your people already use AI, invisibly.

✓Visible, governable, auditable.

Routine eats senior time.

The backlog grows despite a full team.

✓56% of hours delegable, measured not estimated.

Uncontrolled AI is the real risk.

Access without limits is the actual danger.

✓Defined actions only: least privilege, kill switch, audit log.

Waiting is the most expensive option.

Every month ties up IT capacity.

✓Relief from the first cases, approvals stay with you.

nordnung.ai — what we do about it

> make shadow_ai visible

Visible, governable, auditable. ✓

AUDIT: policy 882 — every action logged

> delegate routine work

56% of hours delegable, measured not estimated. ✓

AUDIT: 1,348 tickets, individually classified

> enforce boundaries

Defined actions only: least privilege, kill switch, audit log. ✓

AUDIT: no free shell access — wrapper actions only

> start today

Relief from the first cases, approvals stay with you. ✓

APPROVAL: stays with you — a human clicks to release

First benchmarks

In internal tests, nordnung.ai completes routine cases about 2× faster than manual handling.

Measured, not estimated

Measured on 1,348 real tickets

56%

of support hours sit in automatable tickets

21%

of tickets resolve fully without any technician time

86%

of tickets: nordnung.ai can at least assist

1,348

real customer tickets analyzed, each classified individually

The standard cases

Password reset & account unlockfull33
Onboarding new employeesapproval38
Mailbox & folder permissionsfull26
Licensing & standard softwarefull / partial49
Offboarding & departuresfull12

Do the math: 56% × your support hours × your hourly rate →

Measured in a real stack:

Microsoft 365Active DirectoryExchange & OutlookMicrosoft TeamsDATEV3CXNextcloudTerminal serversMFP devices

* 1,348 real customer tickets from SecureVibe IT Solutions GmbH — full history since July 2023, only tickets with recorded time, each classified individually, no extrapolation. “Approval” = the human share stays with you.

Scenario lab

Experience controlled autonomy

Real recordings from our demo environment

Onboarding workflow

38 of 1,348 tickets · ≈ 3% — most frequent single case

Account, M365, Outlook, MFP address book in one run — with a visible approval stop.

Real recording from our test environment, no production data, uncut.

nordnung Cosmos

Two interaction agents stay close to the user. Four execution agents carry out defined actions in technical environments.

Phone Agent

Vision Agent

Endpoint Agent

VM Agent

Critical Systems Agent

Cloud Agent

Phone Agent

Interaction agent

No system access

Can do:Handles phone and chat intake, captures context, and structures the request.

Cannot do:No direct system execution or privileged endpoint actions.

Protection:Session-bound scope with explicit handover into execution agents.

Examples:Initial triage, guided clarification, user-facing updates.

Vision Agent

Interaction agent

Image analysis for real devices

Can do:Analyzes uploaded photos to classify physical support incidents.

Cannot do:No direct writes to infrastructure or endpoint command execution.

Protection:Image-only analysis pipeline with scoped output into workflow decisions.

Examples:Printer panel diagnostics, cable and port checks, hardware triage.

Endpoint Agent

Execution-Agent

Client and user session

Can do:Reads local system state, interacts with the user session, and executes approved desktop steps.

Cannot do:No access to other user profiles, no kernel driver changes, and no access to internal servers.

Protection:Kill switch, visible session consent, and per-action approval.

Examples:Teams reset, printer spooler restart, VPN toggle.

VM Agent

Execution-Agent

Isolated browser and legacy execution

Can do:Accesses legacy web UIs, runs isolated browser sessions, and interacts with IoT and printer workflows.

Cannot do:No access to the corporate network, no persistent data storage, and no access to domain controllers.

Protection:Air-gapped VM, ephemeral sessions, and no inbound traffic.

Examples:MFP address book update, legacy ERP data entry.

Critical Systems Agent

Execution-Agent

Controlled infrastructure actions

Can do:Executes defined actions on sensitive systems, such as AD user creation or password reset.

Cannot do:No free shell access, no software installation, and no system registry modification.

Protection:Predefined script whitelist only, no interactive shell.

Examples:AD user creation, password reset, session management.

Cloud Agent

Execution-Agent

Applications and connectors

Can do:Assigns licenses, sets mailbox permissions, and manages SharePoint sites through approved methods.

Cannot do:No access to user emails, no deletion of root sites, and no changes to global security settings.

Protection:Wrapped Graph API calls with OAuth scopes limited to least privilege.

Examples:Mailbox delegation, license assignment, OneDrive setup.

See all six agents

Security model

Governance and security

Controlled autonomy for us means clear approvals, hosting in Germany, and technical boundaries that can be reviewed transparently.

Go to security page Request demo

Defined operating modes

Actions run only within defined operating modes and with the approvals that match each scope.

Technically enforced safeguards

Credentials, wrapper actions, least privilege, audit logs, and a kill switch are technically enforced.

Hosted in Germany

Hosting in Germany, the GDPR-compliant operating model, and transparent provider boundaries are documented and reviewable.

Full security model

Credential security, operating model, audit logging, data flow, and the review process live on the security page.

Frequently asked questions

We use strict execution levels and wrapper actions. Agents cannot execute arbitrary code; you can only call predefined, parameterized functions that have been subjected to a security review.

No. Free shell access is strictly prohibited. All PowerShell scripts are prescribed, parameterized and executed as wrapper actions.

The nordnung Agent works with operating modes for the Endpoint Agent. Depending on the mode, every action requires approval or just initial approval before work can be carried out autonomously within the permitted scope.

Every API call, parameter, approval signature and system state change is logged immutably. This provides a complete audit trail for compliance and troubleshooting.

Today, nordnung.ai is operated by us in Germany within a GDPR-compliant model. If you need a different operating setup or dedicated deployment target, we discuss that architecture directly with you.

We use strict logical separation on the database layer and dedicated worker VMs per tenant to ensure zero cross-contamination of data or execution state.

We use our Cloud Agent (Layer 4), which interacts exclusively via the Microsoft Graph API and uses least-privilege OAuth scopes.

Our platform is built for German and EU compliance. Visible session consent, kill switch, audit logs, hosting in Germany, and a GDPR-compliant operating model are designed to meet typical works council and compliance requirements.

Next Step

Start with a demo, pilot, or security review

Controlled agent logic, clear boundaries, traceable execution — for real IT support environments.

Hosted in Germany

GDPR-compliant operating model

Built from practice

Years of IT management and support experience

Request demo Security review For investors