How it works

From zero visibility to audit-ready in five steps.

The rest happens continuously, in the background.

Step
01

Discover tools

Browser extension and network sensor surface every AI tool in use, approved or not. New tools are flagged within minutes. Each one is automatically scored by risk tier and added to the review queue.

  • Browser extension deploys in under 5 minutes. First results appear within minutes of first use
  • Detects 200+ known AI services including free tools accessed through personal accounts
  • Continuous, not periodic — new tools appear in the queue within minutes of first use
Copilot
GPT-4
Claude
Gemini
LLM API
Step
02

Register systems

Each tool gets a record: vendor, owner, business purpose, data flows, and a risk profile suggested by the AI. Every system has a named owner and approver from day one.

  • Lifecycle tracked: Registered, Under Assessment, Policy Assigned, Operational, Retired
  • AI assistant fills in the form from any uploaded document
  • Owner and approver assigned at registration
Assessment Engine
Privacy
55
Security
63
Bias
71
Reliability
79
Compliance
87
Compliance lead reviewing the platform
Step
03

Set policies

Pick from pre-built templates aligned to EU AI Act, ISO 42001, GDPR, NIST AI RMF, and more. Or write your own with the policy editor. Two people are required to approve any policy before it goes live.

  • Pre-built templates take 20 to 30 minutes to review and activate
  • Custom policies take longer depending on clause count
  • Two-person approval required before activation
  • Previous versions preserved for audit
  • Clause-level tracking of every obligation
Policy Hub
Approved
Review
Blocked
Step
04

Close gaps

Open obligations are routed to the right owner with a deadline. Two-person approval is required for high-risk assessments. Exceptions can be granted with a hard expiry date. The gap reopens automatically when the exception expires.

  • Two-person approval for high-risk systems
  • SLA timers on every open gap
  • Exceptions expire and reopen automatically
Open ObligationsSLA
DPIA missing
Owner assign
Model card
Step
05

Generate reports

Export audit-ready evidence with one click. Per-framework PDF exports. Signed evidence records. Fully governed systems can receive an AI Passport, shareable as a portable record.

  • Per-framework PDF export
  • Signed evidence records
  • AI Passport for fully governed systems
Live Governance
Compliance
98%
Alerts
2 open

Most teams complete the first three steps in a single afternoon.

Ready to map your AI?

Free forever for up to 5 systems.