Case Study · Independent Project

Agentic AI Compliance & Security Analyzer

A document-aware AI system that detects regulatory gaps and security violations in policy documents — combining RAG, multi-agent orchestration, and production-grade LLMOps controls.

Timeline: Oct 2024 – Jan 2025  ·  Domain: Enterprise AI governance

PythonLangChainChroma Vector DB Semantic SearchRAGOpenAI / Claude APIs MCP ToolsPrompt VersioningOWASP LLM Top 10 Prompt Injection DefenceCompliance Document Parsing Multi-Agent Orchestration

The Challenge

Enterprises hold thousands of pages of policy and compliance documents. Manually checking them against evolving regulatory obligations and AI security standards is slow, inconsistent, and hard to audit. The goal: an AI system that reads these documents, finds the gaps, and reports them in a structured, auditable way — without hallucinating findings.

The Solution

1 · Document-Aware RAG Pipeline

A LangChain RAG pipeline with a Chroma vector store and semantic search forms the retrieval backbone. Documents are chunked using 512-token overlapping windows and embedded with sentence-transformer models, so obligations that span section boundaries are never lost. LLM reasoning runs over retrieved context to detect regulatory gaps and security violations in policy documents.

2 · Three-Agent Workflow

📋

Compliance Agent

Extracts regulatory obligations from source documents and maps them to internal policy coverage.

🔍

Security Agent

Runs gap analysis against the OWASP LLM Top 10, flagging exposure to prompt injection, insecure output handling, and more.

📊

Reporting Agent

Consolidates findings into structured risk output — machine-readable and audit-ready.

The workflow validates agentic orchestration patterns for enterprise AI governance automation: each agent has a narrow mandate, scoped tools, and a verifiable output contract.

3 · LLMOps Controls

Together these produce a reusable LLMOps pattern for enterprise AI governance.

4 · Enterprise Security Patterns

The system applies production-grade MCP security patterns drawn from live enterprise AI governance requirements: prompt injection detection, output validation, role-scoped tool access, and full audit trail generation for every agent action and tool call.

Why It Matters

This project demonstrates the complete stack an enterprise needs to trust AI with compliance work: grounded retrieval, specialised agents, measurable quality, and security controls that satisfy governance review. The same patterns transfer directly to client engagements in regulated industries.

Need AI governance for your organisation?

We apply these patterns to real enterprise problems.

Get in Touch