Compliance
Altrace produces the evidence your compliance team needs — automatically. Every governance decision is recorded in a tamper-evident audit trail. Point your auditor at the dashboard, not a pile of log files.
Frameworks
Deadline: August 2, 2026
The EU AI Act requires demonstrable human oversight, risk management, and transparency for AI systems. Altrace enforces these requirements automatically and produces the evidence auditors need to verify compliance.
Trust Service Criteria
SOC 2 auditors ask: "Can you prove your AI agents are governed?" Altrace records every governance decision — allow, block, warn, kill — in a tamper-evident audit trail with full context. Continuous evidence, not periodic snapshots.
33 of 51 controls covered
AIUC-1 is the emerging standard for governing autonomous AI agents. Altrace covers 24 controls fully and 9 partially — the broadest coverage available. Compliance status is reported automatically, not assembled manually.
Covers 23 of 26 subcategories across all four functions. Provides runtime enforcement evidence that maps directly to your risk management framework.
Addresses 12 of 16 applicable adversarial AI techniques. Protects against reconnaissance, unauthorized access, data exfiltration, and impact attacks on your AI systems.
Enforcement
Governance is enforced at the infrastructure layer, below the application. Your agents cannot bypass controls — and every action is recorded for audit.
Controls are enforced below the application layer. Agents have no path to bypass governance, regardless of how they are coded or configured.
Every governance decision recorded in an immutable chain. Auditors get structured records with clear reason codes — not raw log files to parse.
One action blocks all AI requests for a team or agent. The kill switch stays active through restarts — proving human oversight capability to any auditor.
When agents delegate to other agents, authority can only shrink — never grow. Budget, model access, and tool permissions are restricted at each level of delegation.
Per-team and per-agent spending limits with graduated enforcement. Soft limits generate warnings. Hard limits block requests before they incur cost.
Content classification produces yes/no labels only. Your data is never extracted, stored, or transmitted to any third party. Ideal for regulated industries.
Also Mapped
Protects against the most common AI security risks: prompt injection, system prompt leakage, tool poisoning, and supply chain attacks.
Covers 8 of 10 MCP-specific risks: privilege escalation, tool poisoning, prompt injection, audit logging, shadow MCP servers, and authentication.
Addresses technical safeguards for AI processing PHI: access controls, audit trails, content classification for 22-country PII/PHI patterns.
Supports AI management system requirements through structured governance, automated risk assessment, and continuous audit evidence.
Maps to Cisco's AI security controls for agentic systems: access control, runtime monitoring, anomaly detection, and governance auditability across multi-agent deployments.
Request access and we will walk through how Altrace maps to your specific regulatory requirements.