Lumen Analytics

A new category

Built for autonomous analysis.

AI-ready analytics, governed by design.

The BI and governance contracts up for renewal in 2027 will be read against a new question: is the architecture underneath ready for AI on top of the data, for agents doing the plumbing analysts avoid, for answers a DPO can sign off on. Most platforms reached for that answer after the fact. Lumen was written around it.

Fig. 1 One path, one policy.
no bypass
Lumen architecture Two consumer rails (knowledge worker via conversational analytics, and agents over MCP or REST) converge into the Substrate trust layer, then into DataSource and existing data. knowledge worker consumer agents MCP · REST conversational analytics Lumen Substrate trust layer policy · audit · refusal DataSource governed SQL existing data warehouse · lake
Every query is compiled into governed SQL by the Substrate layer — whatever the consumer.

01What we are

An analyst notebook on top of a trust layer.

The surface

Lumen

Ask in natural language, get an answer with the query, the chart, the narrative, and the sources attached. The AI does the plumbing the analyst hates; the human owns the judgement. Every cell is reproducible, every chart links to its query, refusal is honest when the data won't support a claim.

The trust layer

Substrate

Lumen does not trust the agent; it trusts the substrate around the agent. Curated by a data steward and compiled into governed SQL on every query, with audit attached to every answer. The same enforcement chain runs whether the consumer is Lumen, an agent over MCP, a REST client, or a future BI tool. There is no bypass.

02Why this works when “talk to your data” did not

Three architectural commitments most pilots fail.

The pilot that dies at the DPO's desk bypass
User AI tool raw data leak policy bolted on top — bypassable prompt sees what it shouldn't
The pilot that ships no bypass
User Lumen Substrate trust layer data policy in the query layer — in the path refusal is a typed output, not a hallucination
  1. No raw sensitive values leave the controlled backend.

    Pseudonymisation happens before the prompt is built. The external LLM never sees what it should not see.

  2. Policy lives in the query layer, not the UI.

    Row-level access, masking, disclosure thresholds are compiled into the SQL. No client can bypass.

  3. Refusal is a real answer.

    “I cannot answer this from the available sources” is a typed output with a named category, not a hallucinated number. The system would rather decline than guess.

03Open source

Lumen is open source under Apache License 2.0.

Lumen is available as open source software under the Apache License 2.0. You can review the codebase, evaluate the architecture, and follow development in public.

Repository: github.com/LukV/lumen

04Next step

A 60-minute architecture conversation, with your DPO in the room.

hello@lumen-analytics.com
No form. No newsletter. One reply, within 24 hours.