- controls automated
- evidence assembles automatically
A ready evidence pack for a 152-FZ audit.
Passport, INN and SNILS detectors out of the box: personal data is visible in traffic before it reaches the model.
Every run yields a ready set of controls: mapped and automated, the evidence bundle assembles itself. Not a compliance declaration, but a machine-assembled evidence pack you bring to the auditor.
A ready evidence pack for a 152-FZ audit.
Passport, INN and SNILS detectors out of the box: personal data is visible in traffic before it reaches the model.
Data-subject rights are fulfilled by the machine, not by email threads.
Art. 17 "right to be forgotten": an automated /forget cascade across every store.
Controls-as-code and an evidence auto-collector for the audit.
This is audit-readiness, not certification: the product has no SOC 2 audit. The pack speeds up passing an external auditor.
audit-readyEvery risk LLM01–LLM10 is mapped to a concrete product control. Tactics from MITRE ATLAS are covered by detections and playbooks in the AI scanner. This is a mapping of risks to controls, not a claim of full coverage.
Every request, DLP verdict and kill-switch toggle lands in a tamper-evident log that verifies offline and streams into your SIEM.
Hover a link to highlight the chain verification.
offline-verifiable · SIEM CEF export · org_id isolation
A record cannot be silently altered or deleted.
Every log record is chained by HMAC to the previous one. Any edit breaks the chain, and the verify endpoint shows the break.
Integrity is verified without contacting the vendor.
Chain verification is self-contained and runs in air-gap: the auditor verifies the log on their own side.
Events flow into your SIEM in a standard format.
DLP and kill-switch events export to CEF. E2E-tested with Splunk.
Tenants never see each other's data.
Multi-tenancy at the org_id level: cross-org access to users and logs returns 404.
HA.Prizma is part of the MLSec methodology toolset. The methodology itself is open, and your process maturity can be measured with a quick questionnaire.
An open Russian-language handbook on AI/ML security: 31 chapters in seven groups, from threat modeling and red-teaming to MITRE ATLAS in Russian and FinOps for AI. The methodology the product stands on; maintained by a separate team.
Sixty questions across ten domains, a 1–5 scale. The output: a maturity chart, a gap analysis against industry benchmarks and a prioritized roadmap for the quarter.
The industry pain and how HA.Prizma answers it.
pain
Analysts and developers carry card numbers, account details and customer data into LLMs; the regulator demands provable control.
HA.Prizma
DLP catches Financial entities (Luhn validator) before they leave, budgets curb overspend, and the HMAC log with the SOC 2 evidence pack give material for the audit.
pain
A closed perimeter, no cloud egress, personal data under 152-FZ.
HA.Prizma
Deploys in air-gap with an offline license and no call-home; passport/INN/SNILS detectors and a 152-FZ evidence pack with automated controls out of the box.
pain
Medical data (PHI) ends up in the prompts of clinical and research tools.
HA.Prizma
A PHI layer and masking inbound and outbound, a /forget cascade for the right to be forgotten, a full audit of access to patient data.
pain
Thousands of developers and dozens of AI tools, zero visibility into shadow usage.
HA.Prizma
Network enforcement (PAC/DNS/firewall) routes all traffic to the gateway, shadow-AI detection and a topology graph show who works through which model.
A self-hosted LLM Firewall inside your perimeter. One base_url line, and no prompt leaves directly.