AI agent for enterprise IT

Handle IT work in minutes, not hours.

Rundle connects to your identity, endpoint, and service management tools—diagnoses issues from real signals, acts through composable micro-workflows, and governs every step.

Operator-first. No code. No drag-and-drop workflows.
Composes from a library of ready-made micro-workflows
Handles investigation when the path is not known in advance
INC-042
In progress
Check Entra sign-in logs — CA policy blockREAD
Pivot to endpoint — FileVault off, sync staleREAD
Add user to encryption enforcement groupRISK-WRITE
Awaiting operator approval...
Hypothesis
CA policy blocking due to device noncompliance
Root cause
FileVault disabled
Last sync: 3 days ago

Enterprise IT waste compounds.

Issue undetected

Noncompliant devices, stale access, policy drift — no one looking. Problems compound silently until an employee notices.

Ticket created manually

$20+/ticket on average, escalating sharply at L2/L3. Operators juggle 6+ dashboards per task, copying context between tabs.

Employee blocked

Hours of productivity loss are common. Instant support remains the exception — most employees wait, then work around it.

Most of this work is repetitive, cross-system, and follows discoverable patterns — but today it's done manually, one dashboard at a time.

Workflow tools follow a fixed path. Rundle discovers one.

Workflow Tool

Fixed path

Execution is authored before the work begins.

START
Trigger
User request
ROUTE
Match
Known workflow
RUN
Execute
Predefined steps
BREAKS
Unexpected
Issue crosses domains
Escalate
Human takes over
Rundle

Discovered path

The next step emerges from what the agent observes.

HypothesisCA policy is blocking Salesforce access
IdentityEntra sign-in logs: blocked by noncompliant device
EndpointPivot to AVA-LTP — FileVault off, sync stale
ApprovalAdd user to BitLocker enforcement scope
UserPrompt: connect to corp network and sync
ResolveVerify compliance, retry access, close thread

Known path vs discovered path

Wide intake. Deep execution.

Front door

Slack/Teams routes every employee request

Self-serve

Search + macro-workflows + deep links. Common requests resolve in seconds.

Reactive agent

Supervised investigation + remediation across identity / endpoint / ITSM. Complex issues resolve in minutes.

Proactive detection

Identity · endpoint · security signals. Trigger remediation before tickets exist.

Shared layer

micro-workflows · approvals · audit trail · trajectory DB · connectors

Works through existing intake channels — not a new tool employees have to find.

See it in action

An employee messages in Slack: ‘I can’t access Salesforce from my laptop.’ Here’s what happens next.

1
INTAKEREAD

Slack request received from Ava Chen about Salesforce access loss.

Thread created · Classified as incident · Priority P2

2
HYPOTHESIS

Salesforce block may be tied to Conditional Access and device compliance.

3
IDENTITYREAD

Entra sign-in logs: last attempt failed 30 min ago. Block reason: CA policy ‘Require compliant device.’

4
ENDPOINTREAD

Pivot to Ava’s MacBook — compliance state: noncompliant. FileVault disabled, last sync 3 days ago.

No one told it to check the endpoint — the evidence pointed there.

5
APPROVALRISK-WRITE

Proposed fix: Add Ava to BitLocker enforcement group.

ApproveDeny
6
RESOLVESAFE-WRITE

Change executed. Device syncing. Compliance verified. Thread closed.

Ava receives resolution in Slack: ‘Fixed — your laptop is syncing now. Salesforce should work within ~10 minutes.’

Every step discovered, not scripted.

Works with your existing stack

Connect a few tools and start handling work on day one. Each integration unlocks a set of micro-workflows the agent can compose.

Chat

SlackAvailable
Microsoft TeamsAvailable

ITSM

Jira Service ManagementAvailable
ServiceNowPlanned

Identity

OktaAvailable
Entra IDAvailable

Endpoint

IntuneAvailable
JamfPlanned

Monitoring

DatadogPlanned
PagerDutyAvailable

Safe by design

Every micro-workflow is classified by risk. Writes are gated by your approval policies. Everything is logged.

TierExample actionsApproval
READPull sign-in logs, device status, group membershipNone
SAFE-WRITEPost ticket comment, send status updateNone
RISK-WRITEAdd user to group, reset MFA, change policyRequired
CATASTROPHICDisable account, delete resource, revoke all sessionsMulti-step
Step-level approval — not whole-jobFull audit trail — who, what, whenLeast-privilege scopes — per integration

Frequently asked questions

No. The agent handles work that starts from Slack messages, operator-initiated tasks, automated detection signals, and tickets. Proactive detection catches issues before a ticket is ever created.

No. The agent composes from a pre-built library of micro-workflows. Connect your tools and start handling work — no scripting or workflow authoring required.

Workflow tools require you to predefine every path and break on edge cases. Rundle reasons about each situation and composes micro-workflows dynamically — it handles novel scenarios the same way an experienced operator would, just faster.

Rundle has its own job thread system — but it syncs bidirectionally with your ITSM. Use Jira or ServiceNow if you have it, or just use ours. Tickets and outcomes stay in sync either way.

It pauses, surfaces what it knows, and asks an operator to decide. It never guesses on writes. Uncertainty is a reason to pause, not improvise.

Most teams are up and running in under a day. Connect your integrations via OAuth/API keys, configure approval policies, and start handling work immediately.

Want to see this on your stack?

Composable micro-workflowsNo workflow engineeringProactive detectionGoverned + auditable

We're onboarding a small number of early teams to shape the platform together.