What it does
AuditAI is a multi-tenant SaaS platform for IT auditors and GRC teams running governance audits of AI and machine-learning systems. It covers the full engagement lifecycle, from scoping through remediation tracking. Where most AI governance tools watch live model traffic, AuditAI is the engagement-management system auditors work in day to day, in the spirit of AuditBoard or Workiva but built specifically for AI and ML risk.
Why it matters
Financial institutions and regulated enterprises are now expected to evidence AI governance against a moving target of frameworks. AuditAI turns that into a repeatable, defensible workflow instead of a folder of spreadsheets.
Highlights
- 160+ controls mapped across eight frameworks (NIST AI RMF 1.0, NIST AI 600-1, ISO/IEC 42001:2023, OWASP LLM Top 10, EU AI Act, MITRE ATLAS, Federal Reserve SR 11-7, and select US state AI laws), with cross-framework equivalencies so one piece of evidence can satisfy several requirements.
- Tamper-evident audit trail: database-enforced immutability, SHA-256 hash chains, and external Merkle-root anchoring to customer-owned storage.
- Bring Your Own Key encryption with adapters for AWS KMS, GCP Cloud KMS, and Azure Key Vault.
- Tenant isolation at the application layer and through PostgreSQL Row-Level Security.
- Claude-assisted drafting of findings and summaries, behind safety guardrails.
- SOC 2 evidence pipeline and OSCAL export.
Stack
Next.js 15, React 19, TypeScript, and Tailwind on the front end; Next API routes, Prisma, and PostgreSQL behind it; Anthropic Claude for assisted drafting; Vercel, Supabase, Cloudflare R2, and Inngest for infrastructure. Roughly 550 automated tests run in CI alongside CodeQL and Trivy.
