ACAI generates SOC 2 Trust Services Criteria evidence automatically. Every request is logged with user, model, timestamp, and token counts. Access controls, monitoring, and anomaly detection are built into the API layer.
Built for SaaS companies, fintech firms, and any organization undergoing SOC 2 audits.
Every API request generates evidence mapped to these controls automatically.
Bearer token auth on all endpoints. No anonymous access. Per-user API key scoping.
Tier-based model access control. API keys scoped per user. Dashboard RBAC via Entra External ID.
Continuous audit logging with dual PostgreSQL + Blob sinks. Correlation IDs on every request.
Content safety scoring, prompt injection detection, PII detection — all logged to the audit trail with severity levels.
Policy profile versioning. Model catalog changes tracked. Infrastructure changes via Bicep IaC with approval gates.
Every AI request generates audit evidence automatically. No manual log collection needed.
Content safety blocks, injection detections, and PII findings all tracked and attributed to TSC controls.
One-click SOC 2 evidence report mapping your API usage to Trust Services Criteria. Ready for your auditor.
One API key. One BAA. SOC 2 evidence your auditor will accept.