Skip to content
NeoXamAgents

Compliance Officer · Auditor

AI agents your compliance team can certify

Every agent run reconstructable step by step. Approvals and denials recorded as audit entries. The whole fleet reviewable from one Git-governed catalog.

AI your auditors can read.

Pains → gains

From investigation toil to structured findings

Deterministic systems keep the books. Agents handle bounded reasoning tasks inside them. Your team stays in command.

The work today

  • AI adoption threatens the thing compliance exists to protect: showing who did what, with what information, and why.

  • Copilots are black boxes — free-text answers with no version, no trace, no evidence.

  • Each team's AI experiment is another surface to certify, with no common control plane.

  • Regulators ask for reconstruction; screenshots are not an audit trail.

With NeoXam Agents

  • Reconstruct any run

    Every agent run is reconstructable step by step: model used, ordered tool calls with inputs and outputs, tokens, cost, duration — plus the exact catalog version (Git SHA) that executed.

  • Approvals as audit entries

    Human approvals and denials will be recorded as first-class audit entries — who, when, why — when human-in-the-loop approvals ship in Beta.

  • One catalog to certify

    The whole fleet is reviewable from one Git-governed catalog. Nothing undeclared can run, so the certification surface is finite, versioned and reviewed.

  • Exportable evidence

    The audit log is append-only, designed for 7-year regulatory retention, and exportable for compliance review.

The agents

Agents that matter for your team

Every agent is declared in a Git-governed catalog, gated by evaluation baselines, policy-controlled at every tool call, and traced end to end. Statuses below are exact.

  • Compliance breach analysis agents

    Coming with GA (Q3 2026)

    Will explain compliance breaches with traceable evidence at the moment they are flagged, replacing manual reconstruction. Breach analysis runs inside PMS/Density today, pre-platform; it unifies on the governed platform at GA.

    Agents in Density

  • Reconciliation Investigator

    Shipped — pilot live

    aro.reconciliation-investigator

    The shipped reference for what an auditable agent looks like: every investigation is fully traced, typed and reconstructable — the audit posture every platform agent inherits.

    Agents in Aro

Key capabilities

Why this works here

  • Per-run catalog SHA

    Shipped

    Prove exactly which agent version, prompt and tools produced any output — every run records the catalog Git SHA it executed.

  • Append-only audit log

    Shipped

    Designed for 7-year regulatory retention — the regulatory minimum for the vertical — with CSV export for compliance roles.

  • Policy-controlled tool calls

    Shipped

    Every tool call passes an allow/ask/deny policy declared in the agent's descriptor; sensitive actions will pause for recorded human approval in Beta.

  • No content in telemetry

    Shipped

    A redaction layer with an automated contract test guarantees no prompt or completion content leaks into telemetry.

NeoXam products

Agents are embedded in the NeoXam products your teams already use — not bolted on beside them.

  • Density

    Portfolio Management & Compliance (PMS)

    Coming with GA (Q3 2026)

    Compliance breaches will be explained with traceable evidence at the moment they are flagged.

    Agents in Density

  • Aro

    Reconciliation

    Shipped — pilot live

    Every reconciliation break investigated before your analyst opens it — root cause, evidence, recommended action, fully traced.

    Agents in Aro

FAQ

Questions your team will ask

Can we reconstruct a run for a regulator?

Yes, today. Every run records the model, ordered tool calls with inputs and outputs, tokens, cost, duration and the exact catalog version (Git SHA) that executed. The audit log is append-only and exportable.

How long are audit records retained?

The audit log is designed for 7-year retention — the regulatory minimum for the vertical — and retention is configurable per tenant.

What about human accountability for agent actions?

Per-tool allow/ask/deny policies are declared in every agent's descriptor. With the Beta, an ask policy will pause the run for explicit human approval, and every decision — who, when, why — will be recorded as a first-class audit entry.

Is anything running outside the catalog?

No. The catalog-first integrity contract means nothing undeclared is callable, injectable or provisionable. Every agent, tool, skill and environment is declared, versioned and reviewed through pull requests.

Join the Early Adopter Program

General availability lands in Q3 2026. The Early Adopter Program is open now — a limited cohort, a one-year platform trial, and three workshop streams: Business ROI, Compliance, and Operational fit.