People work in Studio. Guardian checks every request before it runs, and Atlas grounds every answer in your own defined business — the same path holds whether the caller is a person or an agent.
One identity · one audit trail · across Studio, Guardian & Atlas
An AI agent shouldn't arrive with a master key. In Jubi it is brought on like any new analyst: the same six stations, the same checks, and the same record waiting at the end.
No diagram degree required. Four steps — that's the whole idea.
Anyone on your team, in plain English. No query language.
Confirms it's really you, and only reaches the data your role allows.
The answer is built from your agreed numbers — not a guess.
A sourced answer, with a record of who asked — ready to show.
That's it. Guardian keeps it safe. Atlas keeps it true. The diagram above is for your architects — this is for everyone else.
Every layer a request travels through — and the control plane that checks it on the way down and grounds it on the way back up. The diagrams above are the story; this is the blueprint.
The platform is deliberately split into three. Each part has a single responsibility, and none of them works alone.
Where people ask, explore, and visualise. It is the only part most users ever see, and everything they ask flows down through the control plane.
Studio overviewWhere each request is checked. Guardian resolves identity, applies policy, and mediates tools, then holds the answer to the same rules on the way out. It records what happened for audit.
Guardian overviewWhere meaning lives. Atlas defines metrics, glossary, and entity relations, and carries permission rules. It is the layer the AI reads from instead of guessing.
Atlas overviewThe same platform, three ways to put it in front of people — your analysts, your own customers, or your Microsoft Fabric tenant. Same control plane underneath every one.
Run Jubi as a web app for your team — the full Studio workspace, hosted as a managed service or in your own environment.
Embed Jubi in the products you offer your own customers, through Studio's builder — your brand on the surface, the same grounded answers underneath.
Bring Jubi into Microsoft Fabric for teams standardised there. Data residency and connectivity are scoped per engagement.
A few honest notes for the people who sign off: technical owners, security, and procurement. Where something is planned rather than shipped, we say so.
Authentication runs through your SSO over OIDC. We map identity-provider groups to platform roles; we do not become your directory. Permissions are carried through the request, so the AI cannot see what the user cannot.
Requests that route through Jubi are recorded (prompt, tool calls, queries, and results), so a request can be reviewed and replayed later. Coverage depends on the path; the per-request model sets out exactly what is and isn't in scope.
Guardian's decisions apply on the way in and the way out, and there is no fast lane that skips the gate. Policy is applied server-side, not left to the model. We don't claim absolute prevention. We describe what is caught and what is mitigated elsewhere.
The platform runs as a managed service or in your own environment, and integrates with Microsoft Fabric for teams standardised there. Data residency and connectivity are scoped per engagement.
Book a demo and we'll walk your architects and security reviewers through the control plane — on your stack, with your identity provider and your warehouse.