Built in public.
Shipped continuously.

Multi-tenant compliance platform

Row-level security isolating all tenant data at the database layer with full RBAC.

ISO 27001:2022 Annex A control library

93 controls across 4 themes pre-loaded; map to policies, risks, and evidence.

AI policy generation

Claude-powered policy drafts in under 2 minutes, aligned to any supported framework.

Risk Register

5×5 likelihood/impact matrix with treatment workflow and AI-suggested controls.

Evidence Collector

Manual uploads + integrations with AWS Config, GitHub, Jira, Confluence, and Slack.

SOC 2 Type II control mapping

64 trust service criteria mapped with gap indicators and remediation guidance.

GraphQL API + Terraform provider

Full API surface with nested resolvers, DataLoader batching, and IaC support.

Webhooks + API Keys

18 event types with retry logic, signature verification, and scoped key management.

Open Policy Library

38+ community templates across ISO 27001, SOC 2, GDPR, NIS2, NIST CSF, and DORA.

TypeScript + Python SDKs

Published to npm and PyPI with full type coverage and async support.

GitHub Actions plugin

Trigger evidence collection, gap analysis, and drift-threshold PR checks in CI.

OIDC federation

Connect Okta, Auth0, Azure AD, or Google Workspace for SSO.

Compliance Drift Detection

Daily automated baseline comparisons with threshold alerts.

Executive Dashboard

Board-ready KPI screen with framework scores, risks, and audit status.

AI-BOM + Supply Chain module

AI inventory with ISO 42001 mapping and vendor risk tier management.

Immutable Audit Trail

Tamper-evident hash chain — cryptographically anchored event log that cannot be modified by any user role.

EU AI Act compliance tracker

Obligation tracker with compliance ring SVG, tier grouping (prohibited / high-risk / limited-risk / minimal), per-obligation evidence picker, notes, and revert action.

Policy attestation campaigns

Magic-link sign-off for internal users and external staff, completion email, and attestation report download.

Billing & subscriptions

Stripe integration with Customer Portal, invoice history, and payment idempotency keys on all charge operations.

MSSP portal with tenant impersonation

Managed Security Service Provider portal — operators can impersonate any tenant for support and configuration.

Public trust portal

Per-tenant slug trust portal exposing compliance status to customers and prospects without requiring an account.

Vendor questionnaire portal

External respondent access via one-time link — suppliers complete security questionnaires without creating an AISEC account.

Risk due dates & overdue alerts

Date input on risk create and detail drawer; overdue monitoring rule fires automatically with alert notification.

JWT revocation + bcrypt upgrade

JTI blocklist for instant token revocation; bcrypt cost factor upgraded to 12; demo tenant guard added.

Full mobile responsiveness

Every screen adapts to phones and tablets — compliance work should not be desktop-only.

WCAG 2.1 AA accessibility audit

Full contrast audit, keyboard navigation, screen reader testing, and ARIA landmark pass across all views.

k6 load test suite

Scripted load scenarios for all critical API paths — targeting p95 < 300ms at 500 concurrent users.

Demo tenant daily reset automation

Automated pipeline resets the demo tenant to a clean, realistic state every 24 hours.

Test coverage: 52% → 80%

Systematic addition of unit, integration, and E2E tests across the monorepo to reach 80% coverage.

Q3 2026

Slack + Microsoft Teams deep integration

Compliance alerts, risk approvals, and evidence requests directly in your messaging tools.

Q3 2026

SCIM auto-provisioning

Sync users, groups, and roles directly from your IdP — zero manual user management.

Q3 2026

Evidence auto-collection from cloud providers

Pull configuration snapshots from AWS, Azure, and GCP on a schedule — no manual uploads.

Q3 2026

Automated control testing

Schedule and run repeatable technical tests against controls; auto-attach results as evidence.

Q3 2026

On-premise deployment option

Docker Compose and Kubernetes Helm chart for air-gapped or data-residency constrained environments.

Q4 2026

Advanced reporting builder

Drag-and-drop report designer for custom audit packages, board reports, and regulator submissions.

Q4 2026

Multi-framework overlap mapping

Map a single control once and generate mapped evidence, narratives, and reports for every framework simultaneously.

AI Audit Agent

Autonomous agent that continuously monitors your posture, writes gap commentary, requests evidence, and drafts corrective action plans.

Custom AI model support

Bring your own Claude API key or connect to locally hosted models for highly sensitive environments.

Regulatory change monitoring

Track amendments to ISO 27001, SOC 2 criteria, GDPR guidance, NIS2 implementing acts, and DORA RTS — notified before they affect your programme.

AI red-teaming playbooks

Structured adversarial testing workflows for AI systems in your inventory, aligned to NIST AI RMF and MITRE ATLAS.

Compliance data marketplace

Share anonymised benchmark data with the community; consume peer posture data to calibrate your own risk appetite.