01
Upload your evidence
Submit your AI system logs, attach an evidence pack, or point AIGovXRay at a web surface. No integration required, no persistent connection, no ongoing access.
AIGovXRay
Upload - Report - Delete
Turn AI governance obligations, website intake signals, and submitted evidence packs into traceable findings, framework mapping, and an audit-ready evidence pack without months of consulting work, heavy integrations, or slow NDA/DPA back-and-forth.
Get an initial picture of your AI system's governance gap, exposure surface, and operational accountability posture.
Web and Deep Scans are currently free of charge.
Continuity capsule
Continuity without custody. The governance record belongs to you. It always did.
Your report carries the evidence state forward, so future drift detection can work from the artifact you hold instead of a vendor database we maintain.
Download Sample ReportHow it works
Most AI governance programs stall not because organizations lack policies, but because turning those policies into verifiable evidence takes months, consultants, and systems no one wants to integrate. AIGovXRay is built for the opposite motion: upload, report, delete.
01
Submit your AI system logs, attach an evidence pack, or point AIGovXRay at a web surface. No integration required, no persistent connection, no ongoing access.
02
AIGovXRay runs deterministic analysis against your chosen governance frameworks and produces a structured findings report with traceable evidence, regulatory signal mapping, and a full evidence pack. Not a score. Not a prediction. A verifiable record of where you stand.
03
Once your report is generated, uploaded evidence and temporary report artifacts are removed from the scan workspace. What you download is the governance record you keep.
Core innovation
This is where AIGovXRay is architecturally different from persistent-dashboard governance tools. Your report does not just contain findings. It contains a Continuity Capsule: a structured, machine-readable record of the evidence state at the time of your scan, embedded directly in the report artifact you hold.
That means you control the audit trail. There is no vendor database to query, no platform dependency to maintain, and no third-party custody of your governance record. When you need a comparison scan months later, upload your previous report alongside new evidence. AIGovXRay reads the capsule, reconstructs the baseline, and produces a drift-aware report. Continuity without custody.
Run an external assessment and receive a governance report without the platform keeping uploaded source evidence as a long-term replay archive.
Store the report-side continuity capsule in your own records as the portable history of the assessment.
Bring the capsule back in a later run to build a timeline, detect drift, and preserve surveillance continuity.
Use repeatable report continuity to support AI governance workflows without months of pre-assessment data negotiations.
Public signal reports
These reports show the first layer of the AIGovXRay workflow: observable signals from public web surfaces. A Web Surface Scan answers what can be seen before privileged access. A Deep Scan answers what is actually there, then packages the result into an evidence pack and continuity capsule.
European Banking 2026
Revised public-signal report across the EEA, Switzerland, and the United Kingdom. The scan identified 12 confirmed signals, including three HIGH overall risk signals, while preserving the boundary that web-surface evidence is a starting point, not a compliance conclusion.
Download European ReportAmerican Banking 2026
Revised public-signal report across federally insured US banking institutions with observable AI or chatbot interfaces. The report identifies three confirmed signals and a structural pattern: major bank AI systems often sit behind authentication, while public AI surfaces are more visible in community banking.
Download American ReportReal findings showcase
Findings are written in public-safe language while preserving the governance signal: agent exposure, attribution gaps, evidence fragility, and missing runtime proof.
A frontend-delivered artifact exposed agent/proxy infrastructure clues while ownership and mediation evidence remained unavailable.
/apis/[redacted].AI.Agents.Proxy/[route] | header applicationId | service hint [redacted]
An action-taking capability was visible, but the captured records did not show who authorized or initiated the action path.
Finding type actor_attribution_gap | time resolution partially resolved | actor resolution ambiguous
Runtime traces, access-control evidence, and page-level disclosure metadata were not available in the web-surface scan.
Missing evidence: DOM snapshot + runtime traces + backend access-control proof
Governance gap pack
These patterns are adapted from a redacted uploaded-evidence scan: the useful signal is preserved, while system names, file paths, IDs, and raw excerpts stay out of the public page.
Release and rollback continuity could not be fully reconstructed from the supplied evidence pack.
Human review checkpoint evidence was incomplete for an observed AI-assisted workflow.
Risk register records lacked fields needed for accountable governance review.
Supplier registry evidence did not fully link vendor dependencies to controlled system ownership.
System inventory records were missing stable identity and ownership fields.
Security operations records lacked enough incident and triage metadata to support fast assurance.
Framework mapping
AIGovXRay helps teams organize evidence and gaps against known AI governance, resilience, and assurance lenses. It supports review readiness; it does not replace legal advice or certification.
EU AI Act
NIST AI RMF
ISO 42001
NIS2
SOC 2 Type II
DORA
Why it matters
Surface where agentic systems can make, delegate, or trigger actions outside expected control boundaries.
Turn runtime behavior, evidence snippets, and governance checkpoints into a record an auditor can follow.
Support EU AI Act, NIST AI RMF, ISO 42001, NIS2, SOC 2 Type II, and DORA reviews with evidence-led visibility.
Track vendor-hosted models, embedded agents, proxy layers, and delegated workflows across the supply chain.

Visual artifacts
This public artifact is redacted and reconstructed from report patterns. It is designed to show inspection maturity without exposing client identity, infrastructure details, or raw evidence.