Skip to main content
How it works

The 4-Agent Verification Pipeline

From upload to auditor-ready PDF in minutes. Four specialised AI agents work in sequence, with hard-fail PII redaction and a Critic Verifier that catches hallucinated citations before they reach your report.

Try a free audit

The pipeline, step by step

Step 1 — Upload your document

Drop a contract, policy, DPA, BAA, or AI-vendor agreement (PDF, DOCX, TXT) and select which of the 11 frameworks to audit against. The Clause Extractor parses the document, preserves legal identifiers (Art. 6(1)(a), § 164.312(e), Req 3.5.1.1), and isolates regulation-relevant clauses with recursive splitting.

Step 2 — Compliance Validator runs

The Compliance Validator matches each clause against AuditGuard's 1,073-article regulation database using TF-IDF semantic search plus a Pinecone vector store. The LLM is instructed to cite only article IDs from the provided list — it cannot invent article numbers.

Step 3 — Remediation Generator drafts fixes

For each violation, the Remediation Generator drafts replacement clause text with a rationale explaining why the original violates the regulation and how the corrected text resolves the issue.

Step 4 — Critic Verifier cross-checks

The Critic Verifier reviews every finding: it verifies the cited article exists in the database, performs word-overlap analysis to catch hallucinated content, and filters by a confidence threshold. Findings that fail verification are dropped.

Step 5 — PII redaction

Before saving, PII is detected and redacted with 10+ patterns (SSN, DOB, MRN, IBAN, passport, phone, credit card, IP, email) on a hard-fail basis. If redaction errors, the audit is marked failed and results are never saved.

Step 6 — Download the audit report

A PDF with executive summary, per-severity finding allocation, exact regulation article citations, and suggested replacement text. Plus a risk dashboard with trend and distribution analytics. Optional webhook alerts for high-risk findings.

Why a 4-agent pipeline?

Single-pass LLM output is fast but fails at compliance work in two ways: it hallucinates regulation citations, and it processes PII without safeguards. AuditGuard's architecture solves both:

  • Grounded citations. The validator only sees article IDs from AuditGuard's 1,073-entry database — there is no path to inventing one.
  • Critic Verifier. Every finding is independently re-checked. Findings without a verifiable article ID or with low word-overlap against the cited regulation are dropped.
  • Hard-fail PII redaction. 10+ patterns scan the document before any model processes it. If redaction throws, the audit fails closed.
  • Structured output. Pydantic schemas validate every agent's output, so downstream code never sees malformed data.

Security at every stage

  • AES-256-GCM encryption at rest.
  • TLS 1.2+ in transit.
  • Database-level multi-tenant isolation scoped by user ID at the ORM layer.
  • Customer documents are never used for AI training.
  • 72-hour breach notification commitment (GDPR Articles 33–34).

See it on your own contract

14-day free trial, no credit card required. Or email a policy to info@auditguard.org for a free one-page gap report.

Start free trial →