v1.2.0 now open source — Apache 2.0

An agent-native pipeline built for autonomous incident resolution

Seven specialized agents. Detection to resolution. Governed at every step.

From the moment a signal is detected, specialized agents classify it, enrich it with live context, score its risk, select the right remediation — and execute it without waiting for a ticket to be picked up. Sign-off happens exactly where policy demands it, and nowhere else.

Designed and created by AI.

app.axiometica.com / dashboard
Axiometica AIR incident metrics dashboard showing MTTR 49m, 100% remediation success, 98% approval rate
Apache 2.0 open source
Self-hosted
Docker Compose deploy
0 open CVEs
GCP · AWS · Azure · vCenter
ServiceNow · Splunk · PagerDuty

Built agent-native. Not AI bolted onto legacy ticketing.

Most "AI-powered" ITSM tools are decades-old ticketing systems with a chatbot added on top. Axiometica AIR was built the opposite way — agents are the primary worker. Each incident moves through a governed pipeline that classifies, enriches, scores risk, selects the right remediation, and executes it — automatically where policy allows, with your team's sign-off where it doesn't.

Agent-native, not AI bolted on

Most "AI-powered" ITSM tools are decades-old ticketing systems with a chatbot added on top. Axiometica AIR was built the opposite way — agents are the primary worker from the ground up. Incidents are worked the moment they're detected, not when a human picks up the ticket.

Governed autonomy — trust earned, not assumed

Every automated action passes through a policy gate. You decide what runs autonomously and what requires sign-off — by environment, by service, by risk score, by blast radius. Runbooks earn the right to run unattended through a proven track record, the same way you'd extend trust to a new team member: gradually, and on the evidence.

Self-improving platform intelligence

The platform watches its own outcomes. Platform Intelligence continuously analyzes resolved incidents to surface concrete tuning recommendations: which alert types are mostly noise, which runbooks are underperforming, where automation coverage is thin. Recommendations are reviewed before anything changes — visibility and control together, getting measurably sharper over time.

Works with your existing stack

Axiometica AIR sits on top of your existing monitoring stack — Datadog, Splunk, Prometheus, PagerDuty, Zabbix and others connect via webhook. Every alert they generate gets qualified, enriched, and routed through the autonomous pipeline. Your existing investment stays in place; it simply gains a resolution capability it never had.

LLM-agnostic — including your own models

The reasoning layer is built behind a provider-agnostic architecture — the underlying AI model is a configuration choice, not something wired into the product. Use a hosted model or bring your own internally-hosted one. Sensitive operational data stays inside your perimeter, inference costs stay under your control.

Storm detection — one incident, not one hundred

When a single root cause fires alerts across multiple resources at once, Axiometica AIR recognizes the correlation and groups everything under one parent incident. Your team coordinates a single outage, not a flood of duplicate tickets — and related incidents are held until the root issue is addressed.

Full audit trail, built for compliance

Every decision, every action, every approval, every outcome is logged — automatically, not as an afterthought. Fail-closed defaults mean the system never silently auto-approves on ambiguity; when it can't be confident, it asks. That's the posture compliance and audit teams actually want from automation touching production infrastructure.

A live CMDB that reflects reality

Most configuration databases describe what's supposed to be running — maintained manually and chronically out of date. Axiometica AIR maintains a live resource graph that agents both read from and write back to as incidents resolve, and can sync bidirectionally with ServiceNow if that's your system of record for compliance.

Explainable risk scoring, not a black box

Every incident's risk score is built from a transparent, weighted breakdown — severity, business criticality, blast radius, SLA exposure, dependency count, and more. Your team can see exactly why an incident was prioritized the way it was, and tune the weighting to your own business priorities.

Platform in action

Platform Features

The engine evaluates incident context, selects the matching runbook, and shows confidence percentage and blast radius before executing a single action. Every step is logged.

Confidence93%
Actions run2
Steps5 / 5 complete
Axiometica AIR remediation tab — 93% confidence runbook recommendation, 5/5 steps complete
Axiometica AIR · How it works
Autonomous Incident Resolution (AIR)
How agents ingest, detect, correlate, enrich, decide and remediate — with Slack, PagerDuty and ServiceNow in the loop
Watcher Internal monitoring agent · Brain-and-Senses architecture · deployed per-environment
polling every 10 s
Sentinel (eBPF)
Kernel-level syscall telemetry from the Senses container — detects abnormal process behaviour before it surfaces as a metric
syscall intensityconnection spikeprocess anomaly
System Stats
Container CPU, memory, disk and network metrics polled directly — per-threshold with hysteresis to suppress transient spikes
CPU spikememory surgedisk fullnet connections
Advanced Monitor
Outside-in checks from the watcher itself — HTTP/HTTPS endpoints, Ping, TCP port reachability, TLS expiry countdown, DNS resolution
HTTP healthping / ICMPTLS expiryDNSTCP port
Discovery
Periodically inspects running containers and auto-creates or updates CI nodes in Neo4j CMDB — governance properties are never overwritten
CI auto-createNeo4j syncruntime metadataevery 15 polls
Remediation
Executes runbook steps across platforms and verifies resolution — auto-rolls back if post-execution health checks fail
runbook stepshealth verifyauto rollback
anomaly detected → event emitted to ingestion pipeline
External sources
Prometheus
Splunk
Dynatrace
PagerDuty
Zabbix
ServiceNow CMDB
01
Ingest & Normalize
Events from Watcher or external webhooks normalized and classified into the Axiometica event taxonomy
Ingestion Engine
02
Deduplicate
Exact and near-duplicate events collapsed within a configurable sliding time window
Storm Pre-filter
03
Storm Detection & Correlation
Related events detected and grouped into a parent incident — triggers ServiceNow INC creation
Correlation Engine
04
CMDB Enrichment
Graph traversal identifies CIs, service relationships, blast radius, and ownership
CMDB Agent
↓ incident enriched & ready for AI analysis
05
Agentic Analysis
Tier-1 agent selects best-fit runbook, scores risk, and builds the step-by-step plan
Tier-1 Agent
06
Policy Gate
Confidence vs. threshold — auto-executes or sends Slack approval request to the team
Policy Broker
07
Execute Runbook
Multi-platform step execution — SSH, K8s, AWS, Azure, vCenter — PagerDuty acknowledged
Remediation Agent
08
Close & Learn
Resolves incident across ServiceNow + PagerDuty + Slack, feeds outcome to tuning agent
Tuning Agent
Auto-execute
Confidence ≥ threshold — runbook runs immediately. Slack notified with progress updates.
Slack approval required
Below threshold — Axiometica posts the plan to Slack with interactive buttons.
A
axiometica-air #ops-approvals
Remediation plan ready for INC-00482
K8s Scale-Out · 3 steps · confidence: 78%
Approve Reject
Integration events & notifications
SN
INC created
After correlation · auto-linked
Slack: started
#ops-incidents · plan summary
Slack: approve?
Manual path · interactive buttons
PD
PD acknowledged
During execution · suppresses pages
SN
INC resolved
Work notes + resolution code
Slack: resolved
MTTR summary + steps
PD
PD resolved
Alert closed, on-call cleared
Stage details
Live trace
Idle
Current incident
— waiting for simulation —
Click "Run incident" to simulate the full lifecycle including Slack and ServiceNow events.

Works with your existing stack

Connect ServiceNow for CMDB sync and incident push-back. Receive alerts from Splunk, PagerDuty, Dynatrace, Prometheus, or Zabbix. New connectors configurable via the UI — no code required.

View connector docs →
ServiceNow
ITSM + CMDB
Splunk
Alert input
PagerDuty
Alert input
Dynatrace
Alert input
Prometheus
Alert input
Zabbix
Alert input
+
More coming
app.axiometica.com / connectors
Axiometica AIR Connector Hub showing ServiceNow, Splunk, Dynatrace, Prometheus, PagerDuty, and Zabbix connectors

Enterprise credentials

Runs in your environment

Fully containerized — deploy to your own cloud account, your data center, or fully on-premises. Operational data never leaves your perimeter.

Enterprise-grade governance

RBAC, configurable approval gates, fail-closed defaults, and a full audit trail on every decision, action, and outcome — built for compliance-conscious environments.

Production-scale, no rip-and-replace

Horizontally scalable and containerized. Sits on top of your existing monitoring stack via webhooks — your current investment stays, it gains a resolution capability it never had.

Secure by architecture

AES-256 at rest, TLS 1.2/1.3 in transit, HMAC-validated webhooks, secrets masked at every layer. RBAC, SSO/SAML/OAuth2, MFA. Outbound-only network posture — no inbound ports, no vendor callbacks, per-connector credential isolation.

Free forever. Enterprise when you're ready.

The full platform is open source under Apache 2.0 — self-hosted, no feature gates, no usage limits. The Enterprise license adds commercial-use rights and support terms for organisations that need them.

Community
Open source

Apache 2.0 · Self-hosted · Free for non-commercial use and organisations with fewer than 25 employees

  • Full platform — no feature gates
  • Visual runbook editor
  • Agentic decision engine
  • CMDB graph + event taxonomy
  • Event storm correlation
  • All execution adapters (SSH, K8s, AWS, Azure, vCenter)
  • Community GitHub support
View on GitHub →
Enterprise
Commercial
Contact for pricing

90-day free evaluation · Commercial-use license · Ontario/Canada governing law · Liability cap included

  • Everything in Community
  • Commercial-use license
  • Up to 90-day free evaluation period
  • Priority support with defined response expectations
  • Custom deployment assistance
  • Liability-capped agreement (Ontario/Canada governing law)
Contact for enterprise →

From alert to resolution, autonomously.

Self-host in 10 minutes with Docker Compose. Your infrastructure, your data, no vendor lock-in.

40+
out-of-box actions
6
connectors
< 10 min
to first incident
100%
self-hosted