For CISO & Compliance

Deterministic findings.
Probabilistic narrative.

Your auditor needs reproducibility. Redoubt separates the audit engine from the narrative engine — by design. Turn the AI off entirely if compliance requires it. Reports remain complete.

Two layers: deterministic engine below, AI narrative layer above
LAYER 1 · 80% OF THE SYSTEM

Deterministic Engine

Every finding, score, and piece of evidence is produced by a rules-based engine. Given the same config, Redoubt returns the same findings every time. This is what your auditor accepts as evidence.

  • CIS FortiGate Benchmark Level 1 & 2
  • CVE correlation via Fortinet PSIRT
  • Ansible + fortinet.fortios API pull
  • Shadow/redundant/any-any rule detection
  • VPN algorithm strength table lookup
  • Framework mapping (NIST · PCI · ISO · NERC)
LAYER 2 · 20% OF THE SYSTEM

AI Narrative Layer

A local Llama 3.1 model enriches findings with natural-language explanations, remediation guidance, and priority context. It never creates or modifies findings — only decorates them. It can be disabled entirely.

  • Natural language in English & Spanish
  • Remediation scripts tailored to your config
  • Context-aware priority reasoning
  • Q&A over your fleet (optional)
  • Fully removable without affecting findings
  • Zero external inference endpoints
// WHY AUDITORS ACCEPT IT

Reproducibility is the audit standard.

A SOC 2 auditor, PCI QSA, or ISO assessor cannot accept findings that change between runs on the same input. That's why most "AI-powered compliance" tools fail audit review. Redoubt's architecture explicitly separates the deterministic evidence (what your auditor reviews) from the probabilistic narrative (what your team reads).

If your compliance policy prohibits AI in the audit loop, disable Layer 2. Redoubt continues producing complete audit reports — just without the natural-language commentary around them.