Auditors don't want your intentions; they want evidence. Kynara maps your live configuration — policies, roles, approvals, budgets, audit chain — to named controls in OWASP AI Exchange, MITRE ATLAS, ISO/IEC 42001 and the EU AI Act, and exports it in one click.
Most compliance pages are static claims. Kynara's Compliance Evidence report is generated from what is actually enforced in your org at request time. If nothing uses taint tracking, the control shows not configured — and tells you how to fix it. When your auditor asks "show me your human-oversight control," the answer is an export with the implementing policies listed by ID.
| Kynara mechanism | OWASP AI Exchange | MITRE ATLAS | ISO / EU AI Act |
|---|---|---|---|
| Role-scoped agent permissions (RBAC gate) | #LEAST MODEL PRIVILEGE | AML.M0028 | ISO 27002 8.2 |
require_approval policies + review queue | #OVERSIGHT | AML.M0029 | ISO 42001 B.9.3 · EU AI Act Art. 14 |
Taint tracking (is_tainted downgrade) | #LEAST MODEL PRIVILEGE (risk elevation) | AML.M0030 | — |
Sequence policies (preceded_by) | #OVERSIGHT (step sanity checks) | AML.M0029/M0030 | — |
| Delegation non-escalation (scope intersection) | #LEAST MODEL PRIVILEGE (honor the served) | AML.M0027 | — |
| Daily action budgets | Exhaustion controls | AML.M0026 | — |
| Hash-chained audit log + verification | — | — | ISO 42001 records · EU AI Act Art. 12 · SOC 2 CC7.2 |
| Agent kill switch | #OVERSIGHT (halt) | — | EU AI Act Art. 14(4)(e) |
| Approval-fatigue monitoring | #OVERSIGHT (limitations) | — | Art. 14 effectiveness |
GET /api/v1/compliance/evidence for continuous-compliance pipelines and GRC tools.Free plan: 3 seats, 10k decisions/month.