AIGovXRay

AI governance evidence.In minutes.Zero vendor custody.

Upload - Report - Delete

Turn AI governance obligations, website intake signals, and submitted evidence packs into traceable findings, framework mapping, and an audit-ready evidence pack without months of consulting work, heavy integrations, or slow NDA/DPA back-and-forth.

Get an initial picture of your AI system's governance gap, exposure surface, and operational accountability posture.

Web and Deep Scans are currently free of charge.

EU AI ActNIST AI RMFISO 42001NIS2SOC 2 Type IIDORA

Continuity capsule

Continuity without custody. The governance record belongs to you. It always did.

Your report carries the evidence state forward, so future drift detection can work from the artifact you hold instead of a vendor database we maintain.

Download Sample Report

How it works

From governance policy to verifiable evidence in three steps.

Most AI governance programs stall not because organizations lack policies, but because turning those policies into verifiable evidence takes months, consultants, and systems no one wants to integrate. AIGovXRay is built for the opposite motion: upload, report, delete.

01

Upload your evidence

Submit your AI system logs, attach an evidence pack, or point AIGovXRay at a web surface. No integration required, no persistent connection, no ongoing access.

02

Get your report

AIGovXRay runs deterministic analysis against your chosen governance frameworks and produces a structured findings report with traceable evidence, regulatory signal mapping, and a full evidence pack. Not a score. Not a prediction. A verifiable record of where you stand.

03

We delete everything

Once your report is generated, uploaded evidence and temporary report artifacts are removed from the scan workspace. What you download is the governance record you keep.

Core innovation

Continuity Capsule: the audit trail without the vendor database.

This is where AIGovXRay is architecturally different from persistent-dashboard governance tools. Your report does not just contain findings. It contains a Continuity Capsule: a structured, machine-readable record of the evidence state at the time of your scan, embedded directly in the report artifact you hold.

That means you control the audit trail. There is no vendor database to query, no platform dependency to maintain, and no third-party custody of your governance record. When you need a comparison scan months later, upload your previous report alongside new evidence. AIGovXRay reads the capsule, reconstructs the baseline, and produces a drift-aware report. Continuity without custody.

Generate

Run an external assessment and receive a governance report without the platform keeping uploaded source evidence as a long-term replay archive.

Keep

Store the report-side continuity capsule in your own records as the portable history of the assessment.

Compare

Bring the capsule back in a later run to build a timeline, detect drift, and preserve surveillance continuity.

Automate

Use repeatable report continuity to support AI governance workflows without months of pre-assessment data negotiations.

Public signal reports

From public signal to audit-grade evidence.

These reports show the first layer of the AIGovXRay workflow: observable signals from public web surfaces. A Web Surface Scan answers what can be seen before privileged access. A Deep Scan answers what is actually there, then packages the result into an evidence pack and continuity capsule.

European Banking 2026

102 SI banks and materially related entities.

Revised public-signal report across the EEA, Switzerland, and the United Kingdom. The scan identified 12 confirmed signals, including three HIGH overall risk signals, while preserving the boundary that web-surface evidence is a starting point, not a compliance conclusion.

Download European Report

American Banking 2026

35 US institutions with observable public AI surfaces.

Revised public-signal report across federally insured US banking institutions with observable AI or chatbot interfaces. The report identifies three confirmed signals and a structural pattern: major bank AI systems often sit behind authentication, while public AI surfaces are more visible in community banking.

Download American Report

Real findings showcase

Evidence artifacts before marketing claims.

Findings are written in public-safe language while preserving the governance signal: agent exposure, attribution gaps, evidence fragility, and missing runtime proof.

HighAgentic exposure finding

Client-visible agent proxy artifact

A frontend-delivered artifact exposed agent/proxy infrastructure clues while ownership and mediation evidence remained unavailable.

/apis/[redacted].AI.Agents.Proxy/[route] | header applicationId | service hint [redacted]

MediumAgentic exposure finding

Actor attribution gap

An action-taking capability was visible, but the captured records did not show who authorized or initiated the action path.

Finding type actor_attribution_gap | time resolution partially resolved | actor resolution ambiguous

MediumAgentic exposure finding

High evidence fragility

Runtime traces, access-control evidence, and page-level disclosure metadata were not available in the web-surface scan.

Missing evidence: DOM snapshot + runtime traces + backend access-control proof

Governance gap pack

From uploaded evidence to reviewable control gaps.

These patterns are adapted from a redacted uploaded-evidence scan: the useful signal is preserved, while system names, file paths, IDs, and raw excerpts stay out of the public page.

Release provenance gap

Release and rollback continuity could not be fully reconstructed from the supplied evidence pack.

Human oversight gap

Human review checkpoint evidence was incomplete for an observed AI-assisted workflow.

Risk register gap

Risk register records lacked fields needed for accountable governance review.

Supplier assurance gap

Supplier registry evidence did not fully link vendor dependencies to controlled system ownership.

System inventory gap

System inventory records were missing stable identity and ownership fields.

Security monitoring gap

Security operations records lacked enough incident and triage metadata to support fast assurance.

Framework mapping

Evidence mapped to the language buyers already use.

AIGovXRay helps teams organize evidence and gaps against known AI governance, resilience, and assurance lenses. It supports review readiness; it does not replace legal advice or certification.

EU AI Act

NIST AI RMF

ISO 42001

NIS2

SOC 2 Type II

DORA

Why it matters

Translate AI visibility into business impact.

Operational risk

Surface where agentic systems can make, delegate, or trigger actions outside expected control boundaries.

Auditability

Turn runtime behavior, evidence snippets, and governance checkpoints into a record an auditor can follow.

Regulatory readiness

Support EU AI Act, NIST AI RMF, ISO 42001, NIS2, SOC 2 Type II, and DORA reviews with evidence-led visibility.

Third-party oversight

Track vendor-hosted models, embedded agents, proxy layers, and delegated workflows across the supply chain.

Redacted AIGovXRay report artifact screenshot

Visual artifacts

Reports, timelines, controls, and evidence snippets.

This public artifact is redacted and reconstructed from report patterns. It is designed to show inspection maturity without exposing client identity, infrastructure details, or raw evidence.