The agent is standing by.
Pick a detected control gap below and watch the five-stage run execute in real time — policy retrieval, evidence inspection, bounded plan, human approval, validation, and filed evidence artefact.
- Synthetic gaps
- 7
- Grounded tools
- 5
- Typical run
- ~45s
Across 5 regulated control domains
Policy, evidence, owners, memory, blast radius
End-to-end: diagnosis to filed evidence
Why this agent
Not a chatbot — a bounded remediation worker.
Grounded by policy
Every claim is cited from the internal policy library — no hallucinated regulations.
Tool-augmented
Calls retrieval tools live during the run. You see every lookup in the trace.
Memory-aware
Matches the gap against past remediations and reuses proven patterns.
Blast-radius first
Every plan lists what it touches, what could go wrong, and how to reverse it.
Detected gap queue
One click to start a run.
These are the synthetic gaps a detection platform like Brontë would surface. Select one to load the workspace with the full control context.
Identity & Access
CriticalMFA enforcement gap on privileged admin accounts
CTRL-IAM-047
Three production administrator accounts in the central identity provider remain exempt from mandatory MFA policy despite having standing access to customer, treasury, and identity administration consoles.
Data Protection
HighEncryption-at-rest gap on general ledger replica
CTRL-DP-112
A non-production replica of the general ledger PostgreSQL cluster was restored into the analytics VPC without storage-level encryption, leaving financial records exposed if the underlying volume is accessed outside the application layer.
Change Management
HighChange approval bypass in deployment pipeline
CTRL-CHG-031
Seven production deployments in the last quarter were merged and released through the automated pipeline without the required second-engineer approval because the branch protection rule was disabled for the release service account.
Transaction Monitoring
CriticalSanctions screening lag on cross-border payments
CTRL-TM-204
Sanctions-list updates are taking up to 36 hours to propagate from the compliance feed handler into the cross-border payments screening engine, materially exceeding the required four-hour maximum and increasing exposure to prohibited counterparties.
Vendor Risk
MediumVendor access review overdue for third-party support vendors
CTRL-VRM-019
Quarterly access recertification for four third-party support vendors has not been completed for two consecutive review cycles, leaving external production access active without current business-owner attestation.
Change Management
CriticalUnreviewed LLM used in customer complaints triage
CTRL-MDL-014
The customer complaints triage service has been promoted to production using a third-party LLM endpoint with no model-risk sign-off, no human-review gate on outbound responses, and no evidence captured for regulator-facing decisions about hardship, fees, or dispute resolution.
Data Protection
HighAudit log retention gap on payments service
CTRL-DP-188
Audit logs for the payments microservice are being purged after 30 days in the observability pipeline instead of the required 12 months, reducing the ability to investigate fraud events and meet card scheme evidence obligations.