Ruthlessly scoped to a 12-month MVP with expansion built into the schema.
The MVP delivers a single, dated, defensible EU AI Act Article 9 & 15 evidence package for one live production model — end to end — in under two weeks of onboarding. Every subsequent framework, model, agent and jurisdiction is additive on the same graph.
MVP scope
Nine features. No more.
01
AI system inventory
Auto-discovery from MLflow, SageMaker, Databricks, Vertex AI, GitHub. Manual entry for vendor/embedded systems. Risk-tier classification against EU AI Act Annex III.
02
Control graph
Pre-built mappings across EU AI Act, NIST AI RMF, ISO/IEC 42001, SR 11-7, Colorado AI Act, HIPAA-AI overlays. Cross-framework dedup so one evidence artifact satisfies many controls.
03
Evidence collectors
Signed webhooks from training pipelines, evaluation runs, human review tools, incident systems. Every artifact hash-timestamped and lineage-linked.
04
AI gateway integration
OpenAI, Anthropic, Bedrock, Vertex, Azure OpenAI proxy hooks. Prompt/response capture with PII redaction; per-inference policy decisions.
05
Agentic control monitor
Runtime detection of policy violations in agent traces: unauthorized tool use, unsafe data exfil, missing human-in-loop step.
06
Auto-drafted documentation
Model cards, EU AI Act Article 11 technical files, SR 11-7 validation memos regenerated on each model version.
07
Audit package generator
One-click scoped export for ISO 42001, EU AI Act notified body, or SR 11-7 internal audit. Time-boxed read-only auditor workspace.
08
Third-party model risk
Vendor questionnaires + evidence intake for Copilot, ChatGPT Enterprise, embedded SaaS AI. Continuous re-attestation on version changes.
09
Role-based workspace + SSO
Chief AI Officer, MRM, CISO, GC, ML lead views. SAML/SCIM. Full audit log on the platform itself (meta-governance).
Post-MVP roadmap
Phased by retention and expansion impact.
| Phase | Capabilities | Rationale | Est. build |
|---|---|---|---|
| Phase 2 Months 12–20 | Continuous risk scoring, red-team orchestration (Garak/promptfoo integrations), regulator-specific packs (Colorado AI Act, NYC LL144, NAIC Model 668), insurance-carrier evidence exports. | Directly expands ACV via per-jurisdiction modules; unlocks insurance channel partnerships. | ~3 eng-quarters |
| Phase 3 Months 20–36 | Auditor marketplace (BSI, DNV, TÜV, Big Four), benchmark analytics (anonymized industry baselines), agent policy DSL, on-prem/VPC deployment for banks and defense. | Distribution moat (auditor relationships) + data moat (benchmarks) + widens TAM into air-gapped verticals. | ~5 eng-quarters |
| Phase 4 Year 3+ | Governed AI marketplace (pre-certified models with portable Axiom evidence), regulator direct APIs, Axiom-branded ISO 42001 accelerator with certification bodies. | Category-defining ecosystem play; positions Axiom as the trust layer for enterprise AI procurement. | Ongoing |
Critical user flows
- 01
Onboard a live model in under 30 minutes
Chief AI Officer connects MLflow via OAuth → Axiom pulls 47 model versions → clusters them by owner → proposes EU AI Act risk tier per system → MRM lead approves → 12 evidence collectors auto-deploy → first draft technical file rendered in the browser. - 02
Handle a regulator inquiry in 2 hours, not 2 weeks
GC receives a regulator letter → creates a scoped auditor workspace filtered to the requested model + date range → Axiom generates the evidence pack (technical file, incident log, human oversight sign-offs, drift reports) → GC shares a read-only URL with a 30-day expiry → all auditor views logged. - 03
Retrain and re-certify without release blockage
Model retraining completes in Databricks → webhook fires Axiom → new run compared against control set → validation memo delta drafted by LLM agent grounded in the evidence graph → MRM validator reviews with change-highlighted diff → signs → release gate opens.
Success metrics
Feature-level and economic.
Product KPIs
- — Time-to-first-audit-pack: <14 days from kickoff
- — Evidence coverage per system: >90% automated by day 60
- — Draft-to-final ratio on generated docs: >0.8 accepted with light edits
- — Weekly active governance users per account: >6 by day 90
Economic KPIs
- — Logo net revenue retention >125% by month 24
- — Gross margin >82% by end of year 2
- — CAC payback <14 months blended
- — Gross logo churn <6% annually