Generate
Run an external assessment and receive a governance report without persistent evidence retention by the platform.
AIGovXRay
Automating AI governance with continuity you control.
AIGovXRay turns observable AI system signals into findings, evidence posture, framework mapping, and a continuity capsule that lets users preserve timeline and drift context without the platform retaining their evidence.
Get an initial picture of your AI system's governance gap, exposure surface, and operational accountability posture.
Web and Deep Scans will be free of charge until 15/07/2026 as part of Launch.
EU AI ActNIST AI RMFISO 42001NIS2SOC 2 Type IIDORA
Continuity capsule
The report carries the continuity context forward, so the user can keep the surveillance record while the platform remains zero-retain by design.
This reduces data leakage risk and makes secure external assessments easier to start, even before long NDA or DPA processes are practical for an initial governance view.
Download Sample ReportCore innovation
Automation without custody of your evidence.
The continuity capsule is designed to make AI governance repeatable: users keep their own supervision history, while AIGovXRay can compare future assessments for drift, exposure changes, and accountability gaps.
Keep
Store the report-side continuity capsule in your own records as the portable history of the assessment.
Compare
Bring the capsule back in a later run to build a timeline, detect drift, and preserve surveillance continuity.
Automate
Use repeatable report continuity to support AI governance workflows without months of pre-assessment data negotiations.
Real findings showcase
Evidence artifacts before marketing claims.
Findings are written in public-safe language while preserving the governance signal: agent exposure, attribution gaps, evidence fragility, and missing runtime proof.
HighAgentic exposure finding
Client-visible agent proxy artifact
A frontend-delivered artifact exposed agent/proxy infrastructure clues while ownership and mediation evidence remained unavailable.
/apis/[redacted].AI.Agents.Proxy/[route] | header applicationId | service hint [redacted]
MediumAgentic exposure finding
Actor attribution gap
An action-taking capability was visible, but the captured records did not show who authorized or initiated the action path.
Finding type actor_attribution_gap | time resolution partially resolved | actor resolution ambiguous
MediumAgentic exposure finding
High evidence fragility
Runtime traces, access-control evidence, and page-level disclosure metadata were not available in the web-surface scan.
Missing evidence: DOM snapshot + runtime traces + backend access-control proof
Governance gap pack
From uploaded evidence to reviewable control gaps.
These patterns are adapted from a redacted uploaded-evidence scan: the useful signal is preserved, while system names, file paths, IDs, and raw excerpts stay out of the public page.
Release provenance gap
Release and rollback continuity could not be fully reconstructed from the supplied evidence pack.
Human oversight gap
Human review checkpoint evidence was incomplete for an observed AI-assisted workflow.
Risk register gap
Risk register records lacked fields needed for accountable governance review.
Supplier assurance gap
Supplier registry evidence did not fully link vendor dependencies to controlled system ownership.
System inventory gap
System inventory records were missing stable identity and ownership fields.
Security monitoring gap
Security operations records lacked enough incident and triage metadata to support fast assurance.
Framework mapping
Evidence mapped to the language buyers already use.
AIGovXRay helps teams organize evidence and gaps against known AI governance, resilience, and assurance lenses. It supports review readiness; it does not replace legal advice or certification.
EU AI Act
NIST AI RMF
ISO 42001
NIS2
SOC 2 Type II
DORA
Why it matters
Translate AI visibility into business impact.
Operational risk
Surface where agentic systems can make, delegate, or trigger actions outside expected control boundaries.
Auditability
Turn runtime behavior, evidence snippets, and governance checkpoints into a record an auditor can follow.
Regulatory readiness
Support EU AI Act, NIST AI RMF, ISO 42001, NIS2, SOC 2 Type II, and DORA reviews with evidence-led visibility.
Third-party oversight
Track vendor-hosted models, embedded agents, proxy layers, and delegated workflows across the supply chain.
Visual artifacts
Reports, timelines, controls, and evidence snippets.
This public artifact is redacted and reconstructed from report patterns. It is designed to show inspection maturity without exposing client identity, infrastructure details, or raw evidence.