VendorAuditAI is an AI-powered platform that automates third-party vendor security assessments.
Organizations spend 6-8 hours manually reviewing each vendor's SOC 2 report, ISO certification, or security questionnaire. With hundreds of vendors to assess annually, security teams are overwhelmed. Critical risks get buried in 200+ page documents. Point-in-time assessments create blind spots between reviews.
VendorAuditAI uses Claude Opus 4.5 with RAG architecture to analyze vendor security documents in minutes, not hours. Upload a SOC 2 report, and AI extracts controls, identifies gaps, and maps findings to 12 compliance frameworks simultaneously. Four autonomous agents continuously monitor your vendor ecosystem for emerging risks, expired certifications, and compliance drift.
Result: 97% reduction in assessment time. $380K+ annual cost savings. 24/7 continuous monitoring.
Overview | Features | Modules | AI Agents | Compliance | Architecture | API | Quick Start
Experience the sleek, cybersecurity-inspired interface
The public-facing marketing page showcasing VendorAuditAI's AI-powered vendor risk management capabilities
Secure authentication portal with AI-themed design and enterprise SSO support
Real-time vendor risk posture with animated metrics and threat intelligence
Four autonomous agents continuously monitoring your vendor ecosystem
Comprehensive risk analytics with compliance coverage and activity tracking
25-category enterprise taxonomy with risk tiering and status tracking
Guided workflows for AI tool adoption and compliance
Self-service catalog of pre-approved AI tools with deployment status, risk ratings, and one-click provisioning for enterprise teams
Connect with Jira, ServiceNow, Slack, and more
Task management with SLA tracking and priority handling
Track and assess Business Process Outsourcing providers with fourth-party risk visibility, geographic risk mapping, and subcontractor disclosure tracking
Upload and process SOC 2 reports, ISO certifications, and security questionnaires with AI-powered semantic chunking and automatic classification
Ask questions about vendor documents in plain English and receive AI-generated answers with exact page citations and confidence scores
Run AI-powered compliance analysis against 12 frameworks simultaneously, extracting controls and identifying security gaps automatically
Visualize vendor risk distribution, severity breakdowns, and compliance trends with interactive charts and real-time scoring
Configure automated assessment schedules, alert thresholds, and notification channels for 24/7 vendor ecosystem surveillance
| Challenge | Impact |
|---|---|
| 60% of data breaches originate from third-party vendors | Ponemon Institute |
| $4.88M average cost per data breach in 2024 | IBM Security |
| 6-8 hours per vendor to manually review SOC 2 reports | Industry average |
| 200+ page documents with critical risks buried in text | Analyst fatigue |
| Capability | Result |
|---|---|
| AI Document Analysis | 15-minute assessments vs 8 hours |
| Multi-Framework Mapping | One document mapped to 12 frameworks |
| Autonomous Agents | 24/7 threat detection and monitoring |
| Natural Language Q&A | Ask questions, get cited answers |
| Capability | Manual Process | VendorAuditAI |
|---|---|---|
| Assessment Time | 6 to 8 hours | 15 minutes |
| Framework Coverage | 1 at a time | 12 simultaneous |
| Monitoring | Quarterly snapshots | 24/7 continuous |
| Risk Detection | Analyst dependent | AI automated |
| Cost Per Assessment | $800+ labor | Under $100 |
| Scalability | Linear headcount | Unlimited |
Real enterprise TPRM challenges and the architectural solutions I built to solve them.
"How do you assess 500+ vendors annually when each SOC 2 report takes 6-8 hours?"
My Answer: You don't scale humans. You scale intelligence.
| Stage | Description |
|---|---|
| Document Intake | PDF/DOCX parsing with OCR and auto classification |
| AI Analysis | Claude Opus 4.5 with RAG extracts controls, maps to 12 frameworks |
| Analyst Review | Pre populated findings, one click approval |
| Result | AI handles 90%, humans handle 10%. 6 to 8 hours becomes 15 minutes |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
subgraph Stage1["Stage 1: Document Intake"]
A[Upload SOC 2, ISO 27001, SIG] --> B[PDF/DOCX Parsing + OCR]
B --> C[Auto Classification]
C --> D[Semantic Chunking]
end
subgraph Stage2["Stage 2: AI Analysis"]
E[Claude Opus 4.5 + RAG]
F[Extract Controls & Findings]
G[Map to 12 Frameworks]
H[Generate Risk Scores]
E --> F --> G --> H
end
subgraph Stage3["Stage 3: Analyst Review"]
I[Pre-populated Findings]
J[One-click Approval]
I --> J
end
D --> E
H --> I
J --> K[Assessment Complete]
| Metric | Impact |
|---|---|
| Assessment time | -97% |
| Analyst capacity | +900% |
| Cost per assessment | -87% |
"How do you categorize hundreds of vendors into meaningful risk tiers?"
My Answer: Classification drives prioritization.
| Component | Description |
|---|---|
| 25 Category Taxonomy | Cloud Infrastructure, Payment Processing, AI/ML Platforms, Identity and Access |
| AI Auto Classification | Vendor name and website analyzed to assign category |
| Risk Tier Mapping | Categories map to Tiers 1 through 4 based on data access and criticality |
| Assessment Frequency | Tier 1 quarterly, Tier 2 semi annual, Tier 3 annual, Tier 4 biennial |
| Result | You spend time where risk actually lives |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
A[Vendor Name + Website] --> B[AI Classification Engine]
subgraph Categories["25 Enterprise Categories"]
C1[Cloud Infrastructure]
C2[Payment Processing]
C3[AI/ML Platforms]
C4[Identity & Access]
C5[Security Tools]
C6[+ 20 More]
end
B --> Categories
Categories --> D{Risk Tier Assignment}
D --> T1["Tier 1 Critical<br/>Quarterly Review"]
D --> T2["Tier 2 High<br/>Semi-annual Review"]
D --> T3["Tier 3 Medium<br/>Annual Review"]
D --> T4["Tier 4 Low<br/>Biennial Review"]
"How do you assess AI vendors when traditional frameworks don't cover autonomous systems?"
My Answer: Traditional frameworks weren't built for AI.
| Component | Description |
|---|---|
| AI Tool Classification | Dedicated assessment module for AI/ML vendors |
| NIST AI RMF | 70+ controls specifically for AI governance |
| Stack Type Classification | Foundation Model, GenAI App, Autonomous Agent, Fine Tuning Platform |
| Data Training Risk | Does your data train their models? Opt in only or all data? |
| Autonomous Action Scope | Read only, human approval required, or fully autonomous? |
| Result | These are the questions SOC 2 does not ask |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
A["AI VENDOR RISK CLASSIFICATION"] --> B["Stack Type"]
A --> C["Data Training"]
A --> D["Autonomy"]
B --> E["NIST AI RMF + Custom"]
C --> E
D --> E
"A SOC 2 report is a snapshot. How do you know if security has degraded?"
My Answer: Point-in-time assessments create blind spots.
| Agent | Function |
|---|---|
| Sentinel Prime | Threat detection, scans for security risks and anomalies |
| Vector Analyst | Risk scoring based on findings, compliance, and history |
| Watchdog Zero | Vulnerability scanning, identifies gaps and expired certs |
| Audit Core | Compliance verification, maps documents to frameworks |
| Integration | Alerts push to Jira, ServiceNow, Slack automatically |
| Result | 24/7 coverage with no new dashboards to watch |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TB
subgraph agents["AI AGENT MONITORING NETWORK"]
subgraph detection["Detection Layer"]
sentinel["SENTINEL PRIME<br/>Threat Detection<br/>- Security risks<br/>- Anomaly detect<br/>- Emerging CVEs"]
vector["VECTOR ANALYST<br/>Risk Scoring<br/>- Score findings<br/>- History trends<br/>- Confidence lvl"]
watchdog["WATCHDOG ZERO<br/>Vuln Scanning<br/>- Security gaps<br/>- Expired certs<br/>- Missing ctrl"]
end
subgraph core["Processing Layer"]
audit["AUDIT CORE<br/>- Framework coverage analysis (12 frameworks, 2500+ controls)<br/>- Continuous control monitoring and drift detection<br/>- Certificate expiration tracking and alerts<br/>- Compliance score calculation and trending"]
end
subgraph remediation["Alert & Remediation Layer"]
jira["Jira<br/>Auto-create tickets"]
servicenow["ServiceNow<br/>Incident mgmt"]
slack["Slack<br/>Real-time alerts"]
email["Email<br/>Digest reports"]
end
end
sentinel --> audit
vector --> audit
watchdog --> audit
audit --> jira
audit --> servicenow
audit --> slack
audit --> email
"Your vendor outsources to another vendor. How do you assess that layered risk?"
My Answer: Fourth-party risk is where breaches hide.
| Layer | Description |
|---|---|
| Provider Profiles | Company info, contract terms, SLAs, subcontractor disclosure |
| Process Specific Risk | Is this Tier 1 financial processing or Tier 3 data entry? |
| Geographic Risk | GDPR compliance, data residency, political stability, business continuity |
| Visibility | Track the full chain from your company to vendor to their subcontractor |
| Result | You cannot manage what you cannot see |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TB
subgraph Chain["Fourth-Party Risk Chain"]
direction LR
A["Your Company"] --> B["Primary Vendor"] --> C["BPO Provider<br/>(4th Party)"]
end
Chain --> Layer1
subgraph Layer1["Layer 1: Provider Tracking"]
direction TB
L1A["Company Profile<br/>Legal name, HQ location, office sites"]
L1B["Contract Terms<br/>SLAs, liability caps, termination"]
L1C["Data Access Levels<br/>What data do they touch? PII? Financial?"]
L1D["Subcontractor Disclosure<br/>Who do THEY outsource to?"]
end
Layer1 --> Layer2
subgraph Layer2["Layer 2: Process-Specific Risk"]
direction TB
L2A["Financial Processing - Tier 1<br/>Payments, accounting, audit"]
L2B["Customer Support - Tier 2<br/>Help desk, chat, phone"]
L2C["IT Support - Tier 2<br/>Infrastructure, dev, ops"]
L2D["Data Entry - Tier 3<br/>Document processing, input"]
end
Layer2 --> Layer3
subgraph Layer3["Layer 3: Geographic Risk"]
direction TB
L3A["Data Residency<br/>GDPR, CCPA, PDPA, etc."]
L3B["Political Stability<br/>Country risk scores, sanctions"]
L3C["Regulatory Jurisdiction<br/>Which laws apply? Cross-border transfer"]
L3D["Business Continuity<br/>Natural disasters, infrastructure"]
end
Layer3 --> Result["RESULT: Full visibility into fourth-party risk chain"]
"How do you show the board that TPRM prevents breaches, not just generates paperwork?"
My Answer: Boards don't care about controls. They care about risk posture and ROI.
| Metric | Description |
|---|---|
| Risk Posture Score | Overall score with 90 day trend analysis |
| Cost Savings | $380K+ annually from automation vs manual assessments |
| Compliance Percentages | By framework such as SOC 2 at 94% and ISO 27001 at 67% |
| Remediation SLAs | Track whether findings get fixed on time |
| Export | PDF and CSV for board presentations |
| Result | Security teams speak risk, boards speak money, this translates |
Solution Architecture:
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart LR
subgraph RISK["Risk Posture"]
R["72/100 Moderate<br/>+8 pts trend"]
end
subgraph OPS["ROI Metrics"]
O["127 assessments<br/>18 min avg<br/>$380K saved"]
end
subgraph COMP["Compliance"]
C["SOC 2: 94%<br/>ISO: 67%<br/>89% SLA"]
end
subgraph EXP["Export"]
E["PDF | CSV | Deck"]
end
RISK --> OPS --> COMP --> EXP
| Problem | My Solution | Why It Works |
|---|---|---|
| Scale assessments | 3-stage AI pipeline | 90% automation, 10% human review |
| Categorize vendors | 25-category taxonomy | Risk-based assessment frequency |
| Assess AI vendors | NIST AI RMF + custom controls | Covers what SOC 2 misses |
| Continuous monitoring | 4 autonomous agents | 24/7 coverage, existing tool integration |
| Fourth-party risk | 3-layer BPO tracking | Visibility into hidden risk |
| Executive reporting | Business metrics dashboard | Risk posture + ROI in board language |
| Feature | Description |
|---|---|
| Document Intelligence | Upload PDF/DOCX, AI extracts and analyzes content with semantic chunking |
| Natural Language Query | Ask questions about vendor documents, get cited answers with page references |
| Multi-Framework Compliance | Map documents to SOC 2, NIST, ISO 27001, DORA, SIG, and 7 more frameworks |
| AI Agent Network | 4 autonomous agents for threat detection, risk scoring, and vulnerability scanning |
| Vendor Management | Full CRUD with 25-category enterprise taxonomy and auto-classification |
| Risk Analytics | Real-time dashboards with risk scoring and trend analysis |
| Remediation Workflow | Task management with SLA tracking and external system sync |
| Continuous Monitoring | Scheduled assessments, alerts, and notification channels |
| Feature | Implementation |
|---|---|
| Authentication | JWT tokens, refresh tokens, session management |
| SSO/SAML 2.0 | Azure AD, Google, Okta, OneLogin support |
| MFA/TOTP | Time-based one-time passwords with QR provisioning |
| Audit Logging | Complete trail of user actions and system events |
| Rate Limiting | Configurable per-endpoint protection |
| Encryption | AES-256 at rest, TLS 1.3 in transit |
| # | Module | Description |
|---|---|---|
| 1 | Executive Dashboard | Real-time vendor risk posture with animated metrics |
| 2 | AI Governance Playbooks | Guided workflows for AI tool adoption |
| 3 | Approved AI Registry | Self-service registry for pre-approved AI tools |
| 4 | BPO Risk Management | Business Process Outsourcing risk tracking |
| 5 | Integration Hub | Jira, ServiceNow, Slack, Email, Webhooks |
| 6 | Vendor Management | 25-category taxonomy with risk tiering |
| 7 | Document Management | PDF/DOCX upload with semantic chunking |
| 8 | Compliance Analysis | AI-powered multi-framework mapping |
| 9 | Remediation Workflow | Task management with SLA tracking |
| 10 | Continuous Monitoring | Scheduled assessments and alerts |
| 11 | AI Tool Classification | Stack type and risk factor assessment |
| 12 | Risk Analytics | Trends, comparisons, exportable reports |
Four autonomous AI agents continuously monitor your vendor ecosystem.
| Agent | Role | Capabilities |
|---|---|---|
| Sentinel Prime | Threat Detection | Scans documents for security risks, anomalies, and emerging threats |
| Vector Analyst | Risk Assessment | Calculates risk scores based on findings, compliance, and history |
| Watchdog Zero | Vulnerability Scanner | Identifies security gaps, missing controls, expired certifications |
| Audit Core | Compliance Verification | Maps documents to frameworks, calculates compliance coverage |
Agent Features: Autonomous Execution | Task Queue | Activity Logs | Status Dashboard
VendorAuditAI supports 12 compliance frameworks with 2500+ controls.
| Framework | Controls | Version | Best For |
|---|---|---|---|
| SOC 2 TSC | 64 | 2017 | SaaS vendors, cloud services |
| SIG 2026 | 800+ | 2026 | Industry gold standard |
| NIST CSF | 108 | 2.0 | Critical infrastructure |
| ISO 27001 | 114 | 2022 | International compliance |
| CIS Controls | 153 | 8.0 | Security baselines |
| DORA | 100+ | 2025 | EU financial entities |
| HECVAT | 200+ | 3.06 | Higher education |
| CAIQ | 260+ | 4.0 | Cloud security (CSA STAR) |
| NIST AI RMF | 70+ | 1.0 | AI/ML vendors |
| AI Risk | 50+ | 1.0 | AI vendor assessment |
| PCI-DSS | 300+ | 4.0 | Payment processing |
| HIPAA | 150+ | 2013 | Healthcare vendors |
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart TD
subgraph Client
A[User Browser]
end
subgraph Frontend["Frontend (Netlify)"]
B[React 18 + TypeScript]
C[TailwindCSS + Shadcn/UI]
end
subgraph Backend["Backend (Railway)"]
D[FastAPI + Python 3.12]
E[SQLAlchemy 2.0 + Pydantic]
F[Async Workers]
end
subgraph Data["Data Layer"]
G[(PostgreSQL 16)]
H[(pgvector)]
I[(Redis Cache)]
end
subgraph AI["AI Services"]
J[Claude Opus 4.5]
K[OpenAI Embeddings]
L[Gemini 3.0]
end
A --> B
B --> C
C -->|HTTPS/REST| D
D --> E
D --> F
E --> G
E --> H
F --> I
D --> J
D --> K
D --> L
%%{init: {'theme': 'base', 'themeVariables': { 'primaryColor': '#2d2d2d', 'primaryTextColor': '#ffffff', 'primaryBorderColor': '#000000', 'lineColor': '#4a4a4a', 'secondaryColor': '#3a3a3a', 'tertiaryColor': '#1a1a1a', 'background': '#1a1a1a', 'mainBkg': '#2d2d2d', 'nodeBorder': '#000000', 'clusterBkg': '#252525', 'clusterBorder': '#000000', 'titleColor': '#ffffff', 'edgeLabelBackground': '#2d2d2d'}}}%%
flowchart LR
A[Upload PDF/DOCX] --> B[Parse Text]
B --> C[Semantic Chunking]
C --> D[Generate Embeddings]
D --> E[Index in pgvector]
E --> F[Ready for Q&A]
100+ REST API Endpoints | Swagger UI | ReDoc
| Category | Endpoints | Description |
|---|---|---|
| Auth | 5 | Login, register, refresh, MFA enable/verify |
| Vendors | 5 | CRUD operations for vendor management |
| Documents | 4 | Upload, list, get, delete documents |
| Analysis | 3 | Run AI analysis, list/get findings |
| Query | 2 | Natural language Q&A, history |
| Agents | 4 | List agents, get details, create tasks, view logs |
| Playbooks | 4 | List, get, start, complete step |
| Approved Vendors | 7 | Registry, deploy, request, stats |
| BPO | 5 | Providers, processes, assessments, dashboard |
| Integrations | 5 | CRUD, test connection, sync, logs |
| Compliance | 3 | List frameworks, details, search controls |
| Remediation | 4 | Tasks CRUD, external sync |
| Monitoring | 3 | Alerts, schedules management |
| Metric | Value |
|---|---|
| API Response Time | Under 200ms average |
| Document Processing | 30 seconds per 100 pages |
| Concurrent Users | 500+ supported |
| Uptime SLA | 99.9% target |
| AI Analysis Accuracy | 94% control extraction |
| Framework Mapping | 12 frameworks in parallel |
Python 3.12+ | Node.js 18+ | PostgreSQL 16+
API Keys: Anthropic (Claude), OpenAI (embeddings)
# Clone repository
git clone https://github.com/MikeDominic92/VendorAuditAI.git
cd VendorAuditAI
# Backend setup
cd backend
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -r requirements.txt
# Configure environment
cp .env.example .env
# Edit .env with your API keys and database URL
# Run migrations
alembic upgrade head
# Start backend
uvicorn app.main:app --reload --port 8000
# Frontend setup (new terminal)
cd frontend
npm install
npm run dev# Database
DATABASE_URL=postgresql+asyncpg://user:pass@host:5432/vendorauditai
# Security
SECRET_KEY=your-secret-key-min-32-chars
JWT_SECRET_KEY=your-jwt-secret-min-32-chars
# LLM Provider
LLM_PROVIDER=anthropic
ANTHROPIC_API_KEY=sk-ant-...
# Embeddings
OPENAI_API_KEY=sk-...VendorAuditAI/
|-- backend/
| |-- app/
| | |-- api/v1/endpoints/ # REST API endpoints (100+)
| | |-- data/frameworks/ # 12 compliance framework definitions
| | |-- models/ # SQLAlchemy ORM models
| | |-- schemas/ # Pydantic request/response schemas
| | |-- services/ # Business logic and AI services
| | `-- prompts/ # AI prompt templates
| |-- alembic/versions/ # Database migrations
| |-- tests/ # 129 pytest tests
| `-- requirements.txt
|-- frontend/
| |-- src/
| | |-- components/ # React components
| | |-- pages/ # Route pages (12 modules)
| | |-- hooks/ # Custom React hooks
| | |-- stores/ # State management
| | `-- lib/ # API client, utilities
| `-- package.json
`-- README.md
| Version | Features |
|---|---|
| v0.1 - v0.5 | Document upload, 9 frameworks, SSO/MFA, AI Query, CRUD, remediation |
| v0.6 - v0.9 | AI Agent Network, risk scoring, NIST AI RMF, continuous monitoring |
| v1.0 | Enterprise Security: SSO/SAML 2.0, MFA/TOTP, Audit Logging |
| v1.1 | AI Governance Playbooks, Approved AI Registry, BPO, Integration Hub |
| Version | Features |
|---|---|
| v1.2 | Custom framework builder, advanced analytics |
| v1.3 | Mobile responsive design, dark mode improvements |
| v2.0 | GraphQL API, multi-tenant architecture |
| Category | Technologies |
|---|---|
| AI and ML | Claude Opus 4.5, Gemini 3.0, OpenAI Embeddings, RAG Architecture |
| Backend | Python 3.12, FastAPI, SQLAlchemy 2.0, Pydantic v2, Alembic |
| Frontend | React 18, TypeScript 5, TailwindCSS, Shadcn UI, Framer Motion |
| Database | PostgreSQL 16, pgvector for embeddings, Redis for caching |
| Security | JWT Authentication, SAML 2.0 SSO, MFA with TOTP, AES 256, TLS 1.3 |
| Infrastructure | Railway (backend), Netlify (frontend), GitHub Actions CI/CD |
| Project | Description |
|---|---|
| ai-access-sentinel | ITDR platform with ML-powered anomaly detection |
| entra-id-governance | Microsoft Entra ID governance toolkit |
| keyless-kingdom | Multi-cloud workload identity federation |
| okta-sso-hub | Enterprise SSO with SAML, OIDC, SCIM |
VendorAuditAI
Securing the supply chain, one vendor at a time.
Website |
API |
GitHub
Proprietary - Copyright 2026 Dominic M. Hoang. All Rights Reserved.