§ 06Product Specification

Ruthlessly scoped to a 12-month MVP with expansion built into the schema.

The MVP delivers a single, dated, defensible EU AI Act Article 9 & 15 evidence package for one live production model — end to end — in under two weeks of onboarding. Every subsequent framework, model, agent and jurisdiction is additive on the same graph.

MVP scope

Nine features. No more.

01

AI system inventory

Auto-discovery from MLflow, SageMaker, Databricks, Vertex AI, GitHub. Manual entry for vendor/embedded systems. Risk-tier classification against EU AI Act Annex III.

02

Control graph

Pre-built mappings across EU AI Act, NIST AI RMF, ISO/IEC 42001, SR 11-7, Colorado AI Act, HIPAA-AI overlays. Cross-framework dedup so one evidence artifact satisfies many controls.

03

Evidence collectors

Signed webhooks from training pipelines, evaluation runs, human review tools, incident systems. Every artifact hash-timestamped and lineage-linked.

04

AI gateway integration

OpenAI, Anthropic, Bedrock, Vertex, Azure OpenAI proxy hooks. Prompt/response capture with PII redaction; per-inference policy decisions.

05

Agentic control monitor

Runtime detection of policy violations in agent traces: unauthorized tool use, unsafe data exfil, missing human-in-loop step.

06

Auto-drafted documentation

Model cards, EU AI Act Article 11 technical files, SR 11-7 validation memos regenerated on each model version.

07

Audit package generator

One-click scoped export for ISO 42001, EU AI Act notified body, or SR 11-7 internal audit. Time-boxed read-only auditor workspace.

08

Third-party model risk

Vendor questionnaires + evidence intake for Copilot, ChatGPT Enterprise, embedded SaaS AI. Continuous re-attestation on version changes.

09

Role-based workspace + SSO

Chief AI Officer, MRM, CISO, GC, ML lead views. SAML/SCIM. Full audit log on the platform itself (meta-governance).

Post-MVP roadmap

Phased by retention and expansion impact.

PhaseCapabilitiesRationaleEst. build
Phase 2
Months 12–20
Continuous risk scoring, red-team orchestration (Garak/promptfoo integrations), regulator-specific packs (Colorado AI Act, NYC LL144, NAIC Model 668), insurance-carrier evidence exports.Directly expands ACV via per-jurisdiction modules; unlocks insurance channel partnerships.~3 eng-quarters
Phase 3
Months 20–36
Auditor marketplace (BSI, DNV, TÜV, Big Four), benchmark analytics (anonymized industry baselines), agent policy DSL, on-prem/VPC deployment for banks and defense.Distribution moat (auditor relationships) + data moat (benchmarks) + widens TAM into air-gapped verticals.~5 eng-quarters
Phase 4
Year 3+
Governed AI marketplace (pre-certified models with portable Axiom evidence), regulator direct APIs, Axiom-branded ISO 42001 accelerator with certification bodies.Category-defining ecosystem play; positions Axiom as the trust layer for enterprise AI procurement.Ongoing

Critical user flows

  1. 01

    Onboard a live model in under 30 minutes

    Chief AI Officer connects MLflow via OAuth → Axiom pulls 47 model versions → clusters them by owner → proposes EU AI Act risk tier per system → MRM lead approves → 12 evidence collectors auto-deploy → first draft technical file rendered in the browser.
  2. 02

    Handle a regulator inquiry in 2 hours, not 2 weeks

    GC receives a regulator letter → creates a scoped auditor workspace filtered to the requested model + date range → Axiom generates the evidence pack (technical file, incident log, human oversight sign-offs, drift reports) → GC shares a read-only URL with a 30-day expiry → all auditor views logged.
  3. 03

    Retrain and re-certify without release blockage

    Model retraining completes in Databricks → webhook fires Axiom → new run compared against control set → validation memo delta drafted by LLM agent grounded in the evidence graph → MRM validator reviews with change-highlighted diff → signs → release gate opens.

Success metrics

Feature-level and economic.

Product KPIs

  • — Time-to-first-audit-pack: <14 days from kickoff
  • — Evidence coverage per system: >90% automated by day 60
  • — Draft-to-final ratio on generated docs: >0.8 accepted with light edits
  • — Weekly active governance users per account: >6 by day 90

Economic KPIs

  • — Logo net revenue retention >125% by month 24
  • — Gross margin >82% by end of year 2
  • — CAC payback <14 months blended
  • — Gross logo churn <6% annually