Compliance Officer · Auditor
AI agents your compliance team can certify
Every agent run reconstructable step by step. Approvals and denials recorded as audit entries. The whole fleet reviewable from one Git-governed catalog.
AI your auditors can read.
Pains → gains
From investigation toil to structured findings
Deterministic systems keep the books. Agents handle bounded reasoning tasks inside them. Your team stays in command.
The work today
AI adoption threatens the thing compliance exists to protect: showing who did what, with what information, and why.
Copilots are black boxes — free-text answers with no version, no trace, no evidence.
Each team's AI experiment is another surface to certify, with no common control plane.
Regulators ask for reconstruction; screenshots are not an audit trail.
With NeoXam Agents
Reconstruct any run
Every agent run is reconstructable step by step: model used, ordered tool calls with inputs and outputs, tokens, cost, duration — plus the exact catalog version (Git SHA) that executed.
Approvals as audit entries
Human approvals and denials will be recorded as first-class audit entries — who, when, why — when human-in-the-loop approvals ship in Beta.
One catalog to certify
The whole fleet is reviewable from one Git-governed catalog. Nothing undeclared can run, so the certification surface is finite, versioned and reviewed.
Exportable evidence
The audit log is append-only, designed for 7-year regulatory retention, and exportable for compliance review.
The agents
Agents that matter for your team
Every agent is declared in a Git-governed catalog, gated by evaluation baselines, policy-controlled at every tool call, and traced end to end. Statuses below are exact.
Compliance breach analysis agents
Coming with GA (Q3 2026)Will explain compliance breaches with traceable evidence at the moment they are flagged, replacing manual reconstruction. Breach analysis runs inside PMS/Density today, pre-platform; it unifies on the governed platform at GA.
Reconciliation Investigator
Shipped — pilot livearo.reconciliation-investigator
The shipped reference for what an auditable agent looks like: every investigation is fully traced, typed and reconstructable — the audit posture every platform agent inherits.
Key capabilities
Why this works here
Per-run catalog SHA
ShippedProve exactly which agent version, prompt and tools produced any output — every run records the catalog Git SHA it executed.
Append-only audit log
ShippedDesigned for 7-year regulatory retention — the regulatory minimum for the vertical — with CSV export for compliance roles.
Policy-controlled tool calls
ShippedEvery tool call passes an allow/ask/deny policy declared in the agent's descriptor; sensitive actions will pause for recorded human approval in Beta.
No content in telemetry
ShippedA redaction layer with an automated contract test guarantees no prompt or completion content leaks into telemetry.
NeoXam products
Where these agents live
Agents are embedded in the NeoXam products your teams already use — not bolted on beside them.
- Coming with GA (Q3 2026)
Density
Portfolio Management & Compliance (PMS)
Compliance breaches will be explained with traceable evidence at the moment they are flagged.
- Shipped — pilot live
Aro
Reconciliation
Every reconciliation break investigated before your analyst opens it — root cause, evidence, recommended action, fully traced.
FAQ
Questions your team will ask
Can we reconstruct a run for a regulator?
Yes, today. Every run records the model, ordered tool calls with inputs and outputs, tokens, cost, duration and the exact catalog version (Git SHA) that executed. The audit log is append-only and exportable.
How long are audit records retained?
The audit log is designed for 7-year retention — the regulatory minimum for the vertical — and retention is configurable per tenant.
What about human accountability for agent actions?
Per-tool allow/ask/deny policies are declared in every agent's descriptor. With the Beta, an ask policy will pause the run for explicit human approval, and every decision — who, when, why — will be recorded as a first-class audit entry.
Is anything running outside the catalog?
No. The catalog-first integrity contract means nothing undeclared is callable, injectable or provisionable. Every agent, tool, skill and environment is declared, versioned and reviewed through pull requests.
Join the Early Adopter Program
General availability lands in Q3 2026. The Early Adopter Program is open now — a limited cohort, a one-year platform trial, and three workshop streams: Business ROI, Compliance, and Operational fit.