Ancilis — Agent Compliance Intelligence

01 The product

Posture, proof, and next decisions — in one surface.

The agent compliance interface your GRC platform doesn't have. Integrations in. Evidence out. A standalone picture of what your agents are doing and whether it's defensible.

https://app.ancilis.ai/dashboard

Agent posture overview

5 agents · 7 active overlays · last sync 38s ago

Audit-ready

Agents discovered

12

+3 this week

Coverage

94%

26 of 26 AKSI controls

Evidence records

170

hash-chained

Open findings

3

1 critical · 2 minor

Certification readiness

SOC 2 Type II

97%

HIPAA

91%

EU AI Act

82%

PCI-DSS 4.0

88%

AIUC-1

76%

Recent evidence

ALLOW claim_verifier.invoke
AKSI-OP-02 · tool_call 38s

BLOCK support_bot → resume.pdf
AKSI-DP-04 · PII egress 2m

FLAG triage_agent.read_db
AKSI-DP-01 · PHI access 4m

ALLOW underwriter.score
AKSI-GV-03 · attestation 7m

Data flow — by classification

PHI CHD CUI FIN PII

02 The gap

Your company has SOC 2. Your GRC platform proves it. But neither covers what your agents are actually doing.

Your security stack

Finds agent risk

Singulr, Noma, Operant — they enforce controls, detect prompt injection, block unsafe tool calls. Good. Necessary. Not auditable.

The gap

Turns risk into evidence

Security findings aren't compliance evidence. Ancilis takes what your security stack sees, maps it to AKSI controls, overlays your frameworks, produces the auditor-ready record.

Your GRC stack

Proves your posture

Vanta, Drata, ServiceNow — they prove what your company does. Ancilis feeds them what your agents do. Your workflow, unchanged.

03 How it works

Connect once. Assess continuously.

Same model as Vanta, Wiz, and Noma: API integrations only. No containers, no sensors, no binaries in your environment. Five minutes to first posture read.

STEP 01

Connect your environment

OAuth into AWS, OpenAI, Anthropic, GitHub. Connect existing agent security tools — Singulr, Noma, Operant — their findings become your compliance evidence.

7 integrations day one
+ Ancilis SDK for highest fidelity

STEP 02

Discover & classify

The Sentry correlates signals across integrations — MCP configs, Bedrock invocations, tool-call patterns. Classification engine identifies PHI, CHD, CUI, FIN, PII in the data your agents handle.

5 agent architectures detected
16 data types classified

STEP 03

Auto-scope & prove

AKSI controls apply to every agent. Regulatory overlays activate from the data classification itself — HIPAA if PHI appears, PCI if CHD appears, EU AI Act if the system qualifies. Evidence flows to your GRC stack.

26 AKSI controls · crosswalks built-in
Output to Vanta · Drata · ServiceNow

04 What you get

A framework built for agents. Finally.

AKSI is the agent common control framework. Declare the data your agents touch; get the controls; see the posture; prove it. No framework crosswalking by hand.

Auto-scoping

Declare the data, get the controls. Regulatory overlays — HIPAA, PCI, GDPR, EU AI Act, CMMC — activate from what your agents actually touch. No manual crosswalks.

Hash-chained evidence

Every agent action becomes a tamper-evident evidence record. Cryptographically linked, timestamp-ordered, auditor-defensible. Integrity without narrative gymnastics.

OSCAL export

Machine-readable compliance output. Feed Vanta, Drata, ServiceNow, or any FedRAMP-aligned pipeline. Your GRC stack, upgraded — not replaced.

05 Built for

Teams shipping agents into regulated environments.

Security engineers

You own agent risk. Now prove it.

Security tools show you findings. Ancilis turns those findings into the evidence your compliance team needs, without doubling your tooling.

Compliance leads

SOC 2 covers your company. Ancilis covers your agents.

Your framework crosswalks are already built. Auto-scoping from data classification means no more mapping controls to LLM tool calls by hand.

GRC teams

Your stack stays. The agent layer arrives.

Keep Vanta, Drata, or ServiceNow. Ancilis is the module they don't have — agent evidence in, compliance posture out.