The Interoperability Imperative for AI in Life Sciences
Every organization in life sciences is wrestling with AI right now. Sponsors are debating when to use it, how to make it genuinely efficient, and how to make it compliant and validated. Regulators are racing to set guidelines that match the pace of the technology. Investors are demanding faster timelines under tighter budgets because "you have AI now." And vendors are deploying AI features left and right — while leaving long-term vision out of the narrative.
Many of these features are harmless, if ineffective. But some have the potential to slow down innovation where it is needed most — by sacrificing interoperability in the name of "security and compliance."
Today, I am announcing Kivo's stance on how to implement AI in a way that catalyzes innovation instead of hindering it, while maintaining compliance. This strategy is a product and methodology we call Headless GxP™, launching June 8th.
Headless GxP is not a feature. It is an architectural philosophy that I believe gives R&D teams the necessary balance of innovation, efficiency, and compliance to succeed in the most rapidly changing technological landscape in human history.
First, an anecdote. Our CFO was a relatively light user of AI up until Claude launched their integration with Excel. Two weeks later, he was the heaviest user — on a token basis — in the entire company, and that pattern has sustained. Two weeks to change the entire way he does work.
That is the speed of innovation today. Anthropic, OpenAI, Perplexity — these companies have billions of dollars and tens of thousands of engineers inventing new models and new form factors for this technology. Agents, workflows, connectors. API, MCP, CLI. The pace is not going to slow. It's going to accelerate exponentially.
And this is where I see other vendors in life sciences completely missing the mark.
Legacy software providers are building for AI in one of three ways — and the third is, in my estimation, the most destructive.
The chat sidebar, the helpful sidekick, the cartoon avatar that pops up when you start a new document. These tools make two fatal flaws: they map functionality to the roles of today and ignore that the processes themselves are evolving. And they confuse the format with actual utility in the same way that "Clippy" proved to be a punchline in the 1990s. No one is going to use the "sort-of-helpful" tool. You can't afford to.
Smarter classifications, faster search, generated summaries, auto-populated fields. This is good — we are building many of these tools ourselves. But this is not differentiated, nor is it impactful enough to drive real innovation. These features are already table stakes and don't represent an actual AI strategy or point of view on how companies can accelerate their work during drug development in a compliant fashion.
The customized agent, trained on your data, completely walled off from integrations for security purposes. This is the one that sounds great when compliance is paramount. However, I believe this is the best way to start behind the curve and never recover.
Let me unpack the third, and why I think it is tantamount to giving up your competitive advantage.
Life sciences is a risk-averse space. As it should be. Any team running experiments with AI has already discovered its many limitations: hallucinations, confidential information used for training data, the "black-box" nature of models that makes validation seem impossible.
In response, traditional vendors have said: "Don't worry. We will take a model and lock it away in our vault, train it specifically for you, validate it, and when it's ready to roll out, you can validate it." They are spending quarters building walls around your data in the name of "safety."
This feels good. It aligns to tradition. But the timeline, cost, and technical overhead is untenable.
If you follow this path, you're looking at 6–9 months before a model is ready for use. At best. But AI research organization METR states that AI capabilities double every 196 days. If your time to implementation is twice that, you're 2× behind before you've even gotten started — and you'll have spent such significant resources on the process you'll be locked in for the foreseeable future.
Traditional vendors may or may not be aware of what they are doing, but I suspect they do. Investors are breathing down their necks to find their "moat" — the thing that keeps you subscribing to their services in perpetuity. These in-house agents are a way to make your data their moat.
Not to mention, your "new" custom model still can't integrate with the tools you use every day. Word, AI authoring tools, Claude, Copilot, SAS, R, Smartsheet, Asana. The marketplace of tools built on top of the major AI vendors is evolving orders of magnitude faster than a single vendor can on their own.
"Using a model that can't interact with this ecosystem is like running your company on a Blackberry while your competitors are armed with the latest iPhone. That's a productivity tax I'd be unwilling to pay for my company, nor do I want that for our customers."
At best, companies taking this approach will lose their strategic advantage. At worst, patients could suffer waiting for life-saving treatments that could have made it through development faster.
This is not to say you should automatically start using frontier models like it's the Wild West. Sponsors need to follow vendor qualification, risk assessment, and change management processes. The FDA's CSA guidelines give companies a roadmap to right-size these efforts. But the idea that you need to choose between security and speed is a false dichotomy. Headless GxP transcends that trade-off.
Headless GxP is the opposite of the walled-off, static approach. It's more like a membrane. A protective layer with selective permeability that allows data to interact with an evolving ecosystem of applications and tools, without allowing non-compliant actions.
For those unfamiliar with the term, "headless" refers to an application running without its graphical user interface — you don't click through menus or buttons, you access it programmatically through code or another tool. If you're working in Claude and ask it to update your CRM on your behalf, Claude is operating that CRM headlessly. This way of working is highly intuitive, but it raises obvious security and compliance concerns for regulated industries. And these concerns are what have led to the "walled-off" fallacy — the belief that the only way to leverage AI in a compliant manner is to not connect it to anything else.
Kivo offers a unique solution to this trade-off. We have built an authentication model that allows an AI agent to programmatically access Kivo via the same authentication steps you'd use to log into the UI. All queries respect your user account's roles, permissions, and security settings. This is possible because both the user interface and programmatic access leverage the same API, ensuring a consistent and compliant experience regardless of where the interaction occurs.
Whether you are using Claude inside of Word, a generative AI authoring tool, an MCP, or a three-letter acronym that hasn't been invented yet — our Headless interface gives you the connective tissue to access your data where you need it, when you need it, and leaves the compliance to us.
Today, we are announcing three capabilities that together make Kivo agent-native:
An MCP service that respects user roles and access, allowing any existing AI system to interrogate Kivo's content, metadata, and workflow state.
A structured handoff pattern that lets an agent pass a proposed action — a list of SOPs to review, placeholders to clear from a TMF, a submission plan — back into the Kivo UI for a human to take action.
A suite of skills you can use or build on top of, that give AI tools the necessary context for your specific programs, regulatory requirements, and agent response criteria. Skills can be managed via a change control process and selectively enabled across your organization.
The first release of Headless GxP is deliberately read-only. Agents cannot write to Kivo. They can analyze, cross-reference, report, and propose — but the action itself happens in the UI, with the user's identity, the user's judgment, and the user's audit trail attached.
Headless GxP enables you to leverage the tools and AI infrastructure your company is already using, has already qualified, and control your own change management and data training. Kivo will supply customers with out-of-the-box skills and connectors, which you can use or layer on top of by identifying your own quality manual details, SOPs, ISO standards, GMP, or other relevant details.
AI does the analysis. The human does the work. Kivo records both.
This is not a safety hedge against the unreliability of AI. It is the architecture most consistent with how regulated electronic records and signatures are supposed to work — a specific human, acting under their own authenticated identity, taking a deliberate action that the system attributes to them.
This sequence is also why "human in the loop" means something specific at Kivo. It does not mean a person mindlessly approves what an agent has decided. It means the agent makes the human faster, sharper, and able to reason across data and systems that no individual could hold in their head — and then the human, equipped with that preparation, does the regulated work. The deeper the AI's analysis, the more substantive the human's action. That is the relationship the architecture enforces.
A few foundational decisions support this methodology. From day one, Kivo's underlying data model has used a key-value enrichment store rather than a fixed structured schema — meaning we can absorb thousands of metadata fields per document without forcing customers to map their data into our shape. Customers can export everything they have in two clicks, at any time, with no negotiation. Our migration tooling brings data in losslessly — metadata, audit trails, prior signatures, the lot — using validated processes.
If you're lost in the technical jargon, let me put a fine point on it: Kivo can pull data in from lots of systems and use Kivo to normalize it without losing the legacy source system data and context. This makes Kivo even more powerful in the age of AI: Standardize your data in Kivo, but be able to effectively reach into the data and context from the original source systems at any time. We think it will allow customers to switch to Kivo and get access to the latest AI tools before their current vendor has even started the process of paid implementations to gain access to their already outdated walled-in tools.
Bring data in. Query it from anywhere. Record your actions. Export your data when you need to. This is Headless GxP at work.
We don't know exactly how the next phase will unfold. And anyone who thinks they know exactly what the future looks like will be wrong. That's why we are not building for any one state — any one model, any one type of connector. We are building an open architecture that allows for rapid interoperability, to enable and empower drug development teams to work alongside the most powerful tools in the market, as they emerge.
A decision point is coming: make the switch now to accelerate significantly. Or continue to fall further behind more nimble companies while your vendor figures out how to deploy outdated tools that lock you in even further.
To sponsors, CROs, and everyone working tirelessly to improve lives, our promise is this: We will build doors, while other vendors build walls.
Agent-native workflows, validation framework, and what Headless GxP means for your team.