What it does#
AuditAI is a multi-tenant SaaS platform for IT auditors and GRC teams running governance audits of AI and machine-learning systems. It covers the full engagement lifecycle, from scoping through remediation tracking. Where most AI governance tools watch live model traffic, AuditAI is the engagement-management system auditors work in day to day, in the spirit of AuditBoard or Workiva but built specifically for AI and ML risk.
Why it matters#
Financial institutions and regulated enterprises are now expected to evidence AI governance against a moving target of frameworks. AuditAI turns that into a repeatable, defensible workflow instead of a folder of spreadsheets.
Highlights#
- 160+ controls mapped across eight frameworks (NIST AI RMF 1.0, NIST AI 600-1, ISO/IEC 42001:2023, OWASP LLM Top 10, EU AI Act, MITRE ATLAS, Federal Reserve SR 11-7, and select US state AI laws), with cross-framework equivalencies so one piece of evidence can satisfy several requirements.
- Tamper-evident audit trail: database-enforced immutability, SHA-256 hash chains, and external Merkle-root anchoring to customer-owned storage.
- Bring Your Own Key encryption with adapters for AWS KMS, GCP Cloud KMS, and Azure Key Vault.
- Tenant isolation at the application layer and through PostgreSQL Row-Level Security.
- Claude-assisted drafting of findings and summaries, behind safety guardrails.
- SOC 2 evidence pipeline and OSCAL export.
Stack#
Next.js 15, React 19, TypeScript, and Tailwind on the front end; Next API routes, Prisma, and PostgreSQL behind it; Anthropic Claude for assisted drafting; Vercel, Supabase, Cloudflare R2, and Inngest for infrastructure. Roughly 550 automated tests run in CI alongside CodeQL and Trivy.
