HomeAboutServicesBlogPodcastContact Client Login Work With Us
← All Work
Security & Compliance

PRISMA — AI Compliance Analyst

Prism Risk Intelligence & Security Management Advisor: an AI analyst layered on the baseline data that answers compliance questions and cites the underlying CIS rule IDs so answers can be verified.

Live Built & operated in-house
PRISMA — AI Compliance Analyst — overview infographic

Before (the problem)

Even with the benchmark data normalized (see the Security Baseline Dashboard), answering an actual compliance question still meant a human digging through rules by hand. And the answers AI tools usually give to compliance questions share one fatal flaw: they cannot be verified. An unsourced “yes, you’re covered” is worth nothing in an audit.

What we built

An AI compliance analyst layered on the baseline data:

  • Answers natural-language compliance questions over the CIS rule set
  • Cites the underlying CIS rule IDs for every answer
  • Retrieval over the rule library so responses are grounded, not generated from memory

How it works

  1. A question is posed in plain language.
  2. PRISMA retrieves the relevant rules from the normalized CIS store.
  3. Claude reasons over the retrieved rules to compose an answer.
  4. The answer ships with the cited rule IDs, so a reviewer can verify it.

Outcomes

  • Every answer is traceable to a cited rule — auditable, not a guess
  • Makes an 11,000+ rule library conversational instead of a manual lookup
  • Closes the trust gap that makes most AI compliance answers unusable

Stack & role

Claude API · Retrieval over CIS rules · Node.js. Built & operated in-house.

Timeline

Built in-house; live. Sits on top of the Security Baseline Dashboard’s data layer.

What it proves

AI for compliance is only useful when it is verifiable. PRISMA’s answers carry their citations — the difference between a conversational tool and an auditable one.

← Back to all work