compl.ai
Book a demo
THE AGENTS

Acts when it should. Asks when it counts.

Not a rule-follower — a risk reader. Every action is weighed by what's actually at stake: reversible and internal runs immediately; legally gated, externally visible, or genuinely ambiguous waits for your call.

Book a demo

Compliance Agent

live

Drafts policies, fixes drift, surfaces only what needs your sign-off.

Maps your environment to controls, drafts policies from company context, remediates low-risk drift automatically, and flags policy-config inconsistencies before auditors do.

Acts on
  • Fix AWS security group misconfigurations
  • Enforce MDM disk-encryption rollout
  • Revoke stale access (>90 days inactive)
  • Refresh evidence on every hourly test
Asks first
  • Policy sign-off & external publication
  • Auditor invitations
  • RFP responses with contractual language
  • Sending messages on your behalf
Plain-English log entry

"I revoked João's access to prod-db — last active 94 days ago, flagged stale by P-AC-02. Reversible for 30 days."

Questionnaire Agent

live

Auto-answers RFPs and security questionnaires from your evidence library.

Drafts answers from your evidence library and prior approved responses; routes ambiguous questions to the right human owner with full context.

Acts on
  • Draft 75%+ of inbound RFP answers
  • Pull citations from approved evidence
  • Pre-fill SIG, CAIQ, VSA templates
  • Track questionnaire SLA per buyer
Asks first
  • Anything touching legal / contractual language
  • External representation of compliance posture
  • New claims not yet in the evidence library

Vendor Risk Agent

roadmap

Reads vendor SOC 2 reports, scores risk, watches for changes.

Analyses vendor SOC 2 / ISO reports, drafts risk-scored assessment summaries, and monitors public signals — breaches, policy updates, ownership changes — for every active subprocessor.

Acts on
  • Re-rate vendor risk on report refresh
  • Pull updated DPAs automatically
  • Detect public breach signals
  • Alert when scope of access changes
Asks first
  • Net-new vendor approvals
  • Risk acceptance for high-tier findings

Customer Trust Agent

roadmap

Answers prospects in your Trust Center with a logged audit trail.

Powers real-time Q&A in your public Trust Center using a curated knowledge base. Every interaction is logged for audit, and answers cite the underlying evidence.

Acts on
  • Answer FAQ-class buyer questions instantly
  • Surface live posture for visitors
  • Log every interaction for audit
Asks first
  • Net-new claims about company policy
  • Anything routing to a human contact
HOW AN AGENT ACTS

Five steps. Always the same. Always logged.

The same loop runs whether the agent is fixing a security group at 2am or drafting a 200-question SIG response on a Tuesday.

  1. 01
    Detect

    Hourly automated tests catch a control drift, an inbound questionnaire, or a vendor signal change.

  2. 02
    Draft

    The agent drafts the response: a config patch, a policy edit, an answer, a Slack DM. Every draft is source-cited.

  3. 03
    Score

    A confidence score is attached. High-confidence drafts move to the next step automatically; low-confidence routes to a human.

  4. 04
    Act or ask

    Non-legal items execute immediately. Legally-gated actions (sign-off, external send, auditor invite) wait for your approval.

  5. 05
    Log

    Every action — automatic or approved — appends to an immutable, plain-English audit log. Reversible for 30 days.

SAFETY POSTURE

Every action is reversible for 30 days.

Every agent action — automatic or human-approved — is source-cited, confidence-scored, plain-English explained, and rollback-ready for 30 days. One click, in the activity feed.

Book a demo Read the security posture →