All projects

Project

AuditAI Platform

A multi-tenant SaaS that runs AI and ML governance audits end to end: scoping, control assessment across eight frameworks, findings, and remediation, backed by a tamper-evident audit trail.

AI GovernanceNIST AI RMFISO 42001GRCSaaS
Source

What it does#

AuditAI is a multi-tenant SaaS platform for IT auditors and GRC teams running governance audits of AI and machine-learning systems. It covers the full engagement lifecycle, from scoping through remediation tracking. Where most AI governance tools watch live model traffic, AuditAI is the engagement-management system auditors work in day to day, in the spirit of AuditBoard or Workiva but built specifically for AI and ML risk.

Why it matters#

Financial institutions and regulated enterprises are now expected to evidence AI governance against a moving target of frameworks. AuditAI turns that into a repeatable, defensible workflow instead of a folder of spreadsheets.

Highlights#

  • 160+ controls mapped across eight frameworks (NIST AI RMF 1.0, NIST AI 600-1, ISO/IEC 42001:2023, OWASP LLM Top 10, EU AI Act, MITRE ATLAS, Federal Reserve SR 11-7, and select US state AI laws), with cross-framework equivalencies so one piece of evidence can satisfy several requirements.
  • Tamper-evident audit trail: database-enforced immutability, SHA-256 hash chains, and external Merkle-root anchoring to customer-owned storage.
  • Bring Your Own Key encryption with adapters for AWS KMS, GCP Cloud KMS, and Azure Key Vault.
  • Tenant isolation at the application layer and through PostgreSQL Row-Level Security.
  • Claude-assisted drafting of findings and summaries, behind safety guardrails.
  • SOC 2 evidence pipeline and OSCAL export.

Stack#

Next.js 15, React 19, TypeScript, and Tailwind on the front end; Next API routes, Prisma, and PostgreSQL behind it; Anthropic Claude for assisted drafting; Vercel, Supabase, Cloudflare R2, and Inngest for infrastructure. Roughly 550 automated tests run in CI alongside CodeQL and Trivy.

Media

  • Engagement dashboard — maturity, controls, findings, and risk heatmap

    Engagement dashboard — maturity, controls, findings, and risk heatmap