One API call. Dozens of regulatory frameworks. Citation-backed answers with a cryptographic audit trail. The regulatory reasoning layer your compliance platform has been missing.
Generic LLMs are trained on the internet — which means they "know" things that are outdated, incomplete, or simply wrong about your regulatory obligations. They hallucinate section numbers, invent requirements, and produce confident answers with no verifiable source.
Compass is different. It uses RAG retrieval from 73K+ cited obligations across 20+ frameworks — meaning every answer is grounded in the actual regulatory text, not generated from memory. Every response includes citations you can verify. Every API call produces an Ed25519 signed receipt for non-repudiation.
For regulated industries, the difference is not academic. A hallucinated compliance answer can mean a failed audit, a missed deadline, or enforcement action. Compass eliminates that risk by design.
Compass retrieves from a curated, validated corpus of 73K+ obligations — it doesn't generate from training data. The answer comes from the regulation, not the model's memory.
Every response includes specific citations — section, paragraph, source document. Click through to the original text and verify for yourself.
Every API call produces an Ed25519 signed receipt. Verify independently that the response came from Compass, unmodified, with no trust in Onyx AI Labs required.
When your auditor asks for proof, Compass gives you a signed, cited, timestamped trail. Generic AI gives you a screenshot and a shrug.
Compass combines a purpose-trained model, a structured knowledge base, and cryptographic verification — each layer independently verifiable.
Purpose-trained regulatory reasoning engine.
Structured regulatory corpus updated quarterly.
Cryptographic governance and audit infrastructure.
A beam of light through the fog. Every answer grounded in the real text.
Every API response is cryptographically signed. You get a receipt you can store, share, and verify independently using our published public key. Non-repudiation, no trust model.
Thousands of signed receipts batched into Merkle trees, producing a single root hash per batch. Verify any response with a compact proof — efficient at enterprise scale.
Every API response is signed with Ed25519. Store, share, and verify independently using our published public key — no trust required, no reliance on Onyx AI Labs.
Thousands of signed receipts batched into Merkle trees, producing a single root hash per batch. Verify any response with a compact proof — efficient at enterprise scale.
Standard REST API with OpenAPI spec. One API key unlocks all capabilities.
/queryAsk any regulatory question and receive a grounded answer with chapter-and-verse source citations.
/extract-obligationsParse dense regulatory documents into machine-readable requirement records with normalized formatting.
/generate-controlsCompass proposes security and operational controls, each mapped to one or more regulatory mandates with traceability.
/governance/verifyUpload any Compass API receipt and verify its Ed25519 signature against our public key — no trust required.
From US federal regulations to EU governance directives. Compass works with the actual regulatory text, not summaries.
AWS, GCP, Azure
Single-tenant, isolated
Your hardware, your control
No internet. Ever.
Partial list. All frameworks shown are publicly available regulatory texts. Additional frameworks and proprietary mappings available upon request.
Defence contractors, federal agencies, and DoD suppliers navigating CMMC 2.0, NIST 800-171, and evolving compliance mandates. Air-gapped deployment ready.
Banking, capital markets, and insurance. Regulatory frameworks include PCI DSS, 12 CFR, FFIEC, and increasing AI governance requirements from OSFI E-23 and supervisory bodies.
Providers, payers, and health tech companies managing HIPAA compliance alongside emerging AI-specific regulatory frameworks for clinical decision support systems.
Compass is built and deployed on the NVIDIA stack — DGX hardware, TensorRT-LLM inference acceleration, and NIM microservices for production deployment.
Compass is grounded in 18 years of GRC advisory work. These engagements shaped the regulatory corpus and citation architecture behind the API.
Designing a risk and compliance framework for LLM oversight — the thinking behind Compass's governance layer.
How we helped a financial institution use AI to pre-generate four risk scenarios — the kind of work Compass automates.
Governance of LLMs is less about the model itself and more about governing the use case, guardrails, and outcomes.
Schedule a demo. We'll walk through your compliance workflows with citation verification, cryptographic receipts, and audit trails against your actual regulatory requirements.
Request a Demo