A document-aware AI system that detects regulatory gaps and security violations in policy documents — combining RAG, multi-agent orchestration, and production-grade LLMOps controls.
Enterprises hold thousands of pages of policy and compliance documents. Manually checking them against evolving regulatory obligations and AI security standards is slow, inconsistent, and hard to audit. The goal: an AI system that reads these documents, finds the gaps, and reports them in a structured, auditable way — without hallucinating findings.
A LangChain RAG pipeline with a Chroma vector store and semantic search forms the retrieval backbone. Documents are chunked using 512-token overlapping windows and embedded with sentence-transformer models, so obligations that span section boundaries are never lost. LLM reasoning runs over retrieved context to detect regulatory gaps and security violations in policy documents.
Extracts regulatory obligations from source documents and maps them to internal policy coverage.
Runs gap analysis against the OWASP LLM Top 10, flagging exposure to prompt injection, insecure output handling, and more.
Consolidates findings into structured risk output — machine-readable and audit-ready.
The workflow validates agentic orchestration patterns for enterprise AI governance automation: each agent has a narrow mandate, scoped tools, and a verifiable output contract.
Together these produce a reusable LLMOps pattern for enterprise AI governance.
The system applies production-grade MCP security patterns drawn from live enterprise AI governance requirements: prompt injection detection, output validation, role-scoped tool access, and full audit trail generation for every agent action and tool call.
This project demonstrates the complete stack an enterprise needs to trust AI with compliance work: grounded retrieval, specialised agents, measurable quality, and security controls that satisfy governance review. The same patterns transfer directly to client engagements in regulated industries.
We apply these patterns to real enterprise problems.
Get in Touch