SOX · GLBA · PCI-DSS · FFIEC

AI safety + compliance for regulated finance

The eval + guardrail + red-team + audit platform for AI workloads in banks, brokers, asset managers, and fintech. Block account-data leakage at the gateway, prove every customer-facing response was screened, generate the audit trail regulators expect.

0
Scorers
0
LLM providers
0
Red-team plugins
0.00ms
Firewall p95

What ships today

Honest posture, not roadmap promises

Every checked item is in production today. In-progress items are flagged explicitly — no overclaiming, no vapor.

PCI-DSS card-data firewall (auto-redact PAN/CVV/track-data)
SOX-relevant change-control via tamper-evident audit log
GLBA NPI handling (encryption + minimum-necessary at gateway)
FFIEC IT Booklet model-risk controls (eval + drift)
Adverse-action / fair-lending bias scorers (ECOA-relevant)
Regulator-ready evidence-bundle export (control mapping + run logs)
FINRA-specific control pack (record-keeping + supervision)

Built for buyer reality

Financial services AI use cases we ship for

Customer-facing advisory chatbot

Retail-banking chatbot answers account questions + recommends products. Cannot give investment advice that crosses into licensed territory, cannot leak prior customers' balances, cannot output fabricated rates.

EvalGuard features

  • Hallucination scorer: faithfulness check against the real product-catalog source
  • Topic firewall: blocks queries crossing into investment-advisory territory
  • PII firewall: auto-redacts account numbers, SSN, routing numbers from logs
  • Cross-tenant RLS prevents one customer's session bleeding into another's

AML / KYC document review

AI extracts beneficial-owner info from corporate-formation documents and flags suspicious patterns. False negatives expose the bank to BSA fines; PII handling must satisfy GLBA.

EvalGuard features

  • Output guardrail: block mode rejects extractions with low-confidence fields
  • Audit log: every doc review linked to reviewer + decision for regulator audit
  • Cost ledger: per-document USD attribution for compliance-cost accounting
  • BYOK encryption keeps customer PII out of third-party LLM training corpora

Fraud-explanation generation

AI drafts the human-readable reason for a fraud-decline event so customer-service reps can communicate. Must not invent transaction details, must not leak the fraud-detection model's heuristics.

EvalGuard features

  • Prompt-extraction defense: 249 plugins catch heuristic-exfiltration attempts
  • Faithfulness scorer: every drafted reason cited against the underlying transaction record
  • Output toxicity scorer flags accusatory phrasing before it reaches the customer
  • Multi-model routing: fast/cheap model for low-risk cases, premium model for disputes

Regulatory-filing automation

AI drafts CCAR / DFAST / 10-K narrative sections from underlying data. Every claim must be source-citable, every number must be reproducible, every draft must be diffable for compliance review.

EvalGuard features

  • Citation-coverage scorer: % of sentences with traceable source citations
  • Tamper-evident audit log: integrity_hash chain proves no post-hoc edits
  • Version-control on prompts + outputs (prompt IDE) for compliance handoff
  • EU AI Act high-risk classification + ISO 42001 SoA auto-generation

Wire it in 60 seconds

Wrap your OpenAI client. Get account-data guardrails for free.

PAN/SSN firewall patterns + ECOA-faithfulness scorer thresholds + FFIEC 7-year retention live in the EvalGuard control plane. Your code only wraps the client.

typescript
import OpenAI from "openai";
import { wrapOpenAI, EvalGuardOutputViolationError } from "evalguardai-openai";

const openai = wrapOpenAI(new OpenAI(), {
  apiKey: process.env.EVALGUARD_API_KEY!,
  projectId: "adverse-action-drafts",
  metadata: { vertical: "finserv", regulators: ["FFIEC", "SOX", "GLBA"] },
  blockOnViolation: true,                  // PAN/SSN never reach the model
  evalOnResponse: { failOnScore: 0.8 },    // ECOA-faithfulness gate
  onOutputViolation: (s) => routeToHumanReview(s),
});

try {
  await openai.chat.completions.create({
    model: "gpt-4o",
    messages: [{ role: "user", content: adverseActionPrompt }],
  });
} catch (err) {
  if (err instanceof EvalGuardOutputViolationError) {
    // 7-year retention audit row already written for the FFIEC examiner.
  }
}
Firewall patterns + scorer thresholds + retention configured in the control plane — code stays SDK-clean.
Same integration for Anthropic, Gemini, and 91+ providers — swap wrapOpenAI for wrapAnthropic.

Stack

Six surfaces, one platform

Eval, firewall, red-team, audit, BYOK, dashboard — every surface ships out of the box. No bolt-on vendors, no procurement cycle per capability.

Account-data firewall

PCI/GLBA-grade redaction across PAN, CVV, account numbers, routing, SSN, NPI.

Faithfulness scorers

Citation-coverage + hallucination + numeric-claim scorers for regulator-facing outputs.

Red-team (249 plugins)

Finance pack: PII extraction, advisory-jailbreak, fraud-rule exfiltration, social-engineering.

Audit log + evidence bundle

Tamper-evident audit log + regulator-ready evidence-bundle export (SOX/SOC2 control mapping).

Gateway cost + budget

Per-tenant USD budget caps + multi-model quality-cost routing for cost-sensitive workloads.

Compliance dashboard

Per-tenant SOX/GLBA/PCI control coverage with auto-generated evidence for your auditor.

Ready to ship AI that survives the next regulator review?

Free trial includes PCI-DSS firewall, faithfulness scorers, evidence-bundle export, and the full audit-trail engine. SOC 2 Type II report on request once attestation completes.

Start free trialTalk to founders

Apache-2.0 source · SOC 2 Type II in progress · full trust center