Independent audits for private AI
We assess your agents, data boundaries, and controls inside your own network — verifying that prompts, embeddings, and customer data never cross your perimeter, and that every action is governed and traceable.
- Runs entirely inside your perimeter
- Mapped to SOC 2, ISO, NIST AI RMF
- Data-boundary & egress verification
- Prioritized remediation roadmap
Five control domains
An AI audit is not a pen test. We assess the places where models, data, and autonomy create new exposure.
Data boundary & residency
Where prompts, context, embeddings, and outputs are stored and processed — and proof that none of it egresses your perimeter.
Egress & network isolation
Outbound paths from model hosts and agents, DNS and proxy controls, and verification that air-gapped means air-gapped.
Retrieval & context hygiene
Access controls on your vector store, document-level permissions, and leakage between tenants or clearance levels.
Agent action surface
Every tool the agent can call, scoped against least privilege, with approval gates on high-impact and irreversible steps.
Controls & lineage
Logging, decision lineage, model and prompt versioning, and whether your evidence would satisfy an external assessor.
Model & supply chain
Provenance of weights and dependencies, inference isolation, and exposure from third-party endpoints or fine-tunes.
How an audit runs
Read-only by default, inside your network, with no surprises.
Scope
We agree on systems, data classifications, and frameworks in scope, then provision read-only access within your perimeter.
Assess
We inspect configs, logs, prompts, tool definitions, and egress paths in place — and run approved tests in a staging copy.
Report
You receive prioritized findings with evidence and severity, mapped to a control matrix for your frameworks.
Re-audit
After remediation we re-test the closed findings and issue a confirmation your auditors can rely on.
Your data never leaves your network
Most AI security reviews quietly ship your logs and sample data to a vendor's cloud to be analyzed. That defeats the purpose. Our audit runs where your data already lives — on-prem, in your VPC, or fully air-gapped — and inspects everything in place.
We verify the boundary empirically: tracing egress from every model host and agent, confirming proxy and DNS controls, and proving that no prompt, embedding, or document silently crosses a trust boundary. Findings are written only to a location you own.
- No data copied to our systems
- Egress traced from every model host
- Findings stored in your environment
- Air-gap and VPC isolation verified
Generic security scan vs. AI audit
Why model- and agent-specific exposure needs its own assessment.
| A generic scan | An Automatic.co AI audit | |
|---|---|---|
| Where it runs | Vendor cloud, data exported | Inside your perimeter, in place |
| Focus | CVEs and open ports | Data boundary, agent actions, lineage |
| Agent autonomy | Not assessed | Tool scope & approval gates reviewed |
| Retrieval leakage | Invisible to it | Vector-store permissions tested |
| Output | A vulnerability list | Findings mapped to SOC 2 / ISO / NIST |
Frequently asked questions
Does our data leave our environment during an audit?
No. The audit runs inside your perimeter — on-prem, in your VPC, or air-gapped. We inspect configs, logs, and code in place; nothing is copied to our systems, and findings are written to a location you control.
What standards do you map findings to?
We map controls to SOC 2, ISO 27001/42001, the NIST AI RMF, HIPAA, and GDPR as relevant. The report cross-references each finding to the frameworks your auditors and customers already ask about.
Will the audit disrupt our running agents?
No. The assessment is read-only by default — we observe traffic, prompts, tool calls, and access policies without changing them. Any active probing (e.g., prompt-injection tests) happens in a staging copy you approve first.
What do we get at the end?
A prioritized findings report with severity, evidence, and a remediation path, a control matrix mapped to your frameworks, and a working session to walk your team through fixes. Re-audits confirm closure.
Audit your AI before someone else does.
A scoped session to map your AI attack surface and the controls an external assessor will expect — all inside your own network.