The stack is boring. The leverage is not.
Modern SaaS defaults for the platform. The differentiation lives in the proprietary control graph, the evidence primitive, and the agentic delivery layer that keeps human COGS near zero as accounts scale.
Recommended stack
| Layer | Choice | Why |
|---|---|---|
| Frontend | React 19 + TanStack Start, Tailwind v4, shadcn primitives | SSR, edge-deployable, type-safe routing; matches the deliverable in your hands. |
| Backend | TypeScript on Node/Bun for API; Python workers for ML-adjacent tasks | TS everywhere shrinks the team; Python only where SR 11-7 quant validation demands it. |
| Data | Postgres (Neon) primary; ClickHouse for evidence-graph analytics; S3 for artifacts | Ledger-quality durability + cheap columnar analytics for cross-customer benchmarks. |
| Auth | WorkOS (SAML/SCIM/directory sync) | Enterprise SSO is table stakes; buying WorkOS is 10× cheaper than building. |
| LLM plane | Bedrock (Claude), Azure OpenAI, self-hosted OSS via vLLM for on-prem accounts | Multi-provider from day one; contract terms allow zero-retention for regulated buyers. |
| Agent framework | In-house orchestration on LangGraph primitives + own eval harness | Off-the-shelf agent SDKs are unstable; own the orchestration to own the reliability story. |
| Hosting | AWS us-east-1 + eu-central-1; VPC deployment SKU for Phase 3 | EU data residency is a hard sale requirement; VPC unlocks banks and defense. |
| Observability | OpenTelemetry → Grafana Cloud; Sentry; PostHog product analytics | Standard, cheap, hire-able. |
| Compliance posture (own product) | SOC 2 Type II by month 9, ISO 27001 month 15, ISO 42001 month 18, HIPAA-ready month 12 | Selling AI governance without your own certs is disqualifying. |
How this yields 85%+ gross margins
Four structural levers.
Agentic delivery replaces PS labor
Onboarding, control mapping, evidence backfill, doc drafting and audit-pack assembly all run as LLM agents against the customer's connected systems. Human touch collapses to a Solutions Engineer per 25–40 accounts vs. incumbents' 4–8. Estimated COGS impact: −18 pp gross margin savings vs. traditional GRC vendors.
Inference costs contained by design
Small models (Haiku/GPT-4o-mini/Llama-3-70B) do 80%+ of work: classification, extraction, mapping, redlining. Frontier only for validation memo drafting and complex reasoning. Aggressive prompt caching + response reuse per control template. Target LLM COGS <3% of revenue.
Multi-tenant control graph
One update to a framework (new EU AI Act delegated act, new NIST profile) ships to all customers instantly. Every improvement is amortized across the whole book, so ongoing R&D per customer trends toward zero.
Storage is negligible against ACV
Evidence artifacts (JSON + PDFs) dominate storage; even at millions of inference-level artifacts, S3/Glacier cost per $60K ACV account is <$40/mo. ClickHouse for hot analytics stays <$120/mo/account through year 3.
Data model
Core entities — small on purpose.
| Entity | Purpose | Notes |
|---|---|---|
| Organization | Tenant boundary | Row-level security via Postgres RLS on every table |
| AISystem | A governed model, agent, or embedded AI | Owns risk tier, purpose, jurisdictions, owners |
| Version | A specific model or agent version | Immutable snapshot; feeds evidence hashing |
| Control | A discrete obligation from a framework | Cross-mapped via ControlLink to dedupe across frameworks |
| ControlLink | Framework A control ↔ framework B control | The proprietary graph; the moat lives here |
| Evidence | Signed, hashed artifact | Points to Version + Control; time-stamped; immutable |
| Attestation | Human sign-off on an Evidence/Control pair | SR 11-7 requires named validator identity |
| Incident | AI-specific incident (bias event, prompt injection, drift) | Feeds regulator-required incident logs (EU AI Act Art. 62) |
| AuditPackage | Scoped, time-boxed export for external auditor | Read-only workspace; every view logged |
Security & multi-tenancy
Isolation. Postgres RLS enforced on every query with tenant-scoped connection pooling. Separate S3 prefixes per org with KMS-per-tenant CMKs for enterprise SKU. Optional bring-your-own-KMS for banks and defense.
Data handling. No customer content trains any model, ever — contractual and technical (zero-retention endpoints, in-VPC inference for enterprise SKU). PII redaction on prompt/response capture is opt-out, not opt-in.
Meta-governance. Axiom itself is governed inside Axiom (dogfood). Every framework update, every model change on the platform is logged, attested, and included in the SOC 2 / ISO 42001 evidence customers can request.
Build vs buy
Where founder time compounds.
Control graph + cross-framework mappings; evidence-hashing pipeline; agent orchestration and eval harness; audit-package generator; regulator-specific templates. This is the moat.
Auth (WorkOS), billing (Stripe), transactional email (Resend), observability (Grafana Cloud), CRM (Attio), search (Typesense). Non-differentiating; costs a fraction of the eng time.