CORTEX AI · GROUNDED IN YOUR WORK

Grounded in your
firm’s own work.

Cortex is the compliance engine inside Kliper. Drop in evidence and it scans, summarizes, and suggests the requirement it answers — then drafts the testing procedure from your own past work, citing a source on every sentence. Nothing comes from the open web.

Start free trial See how it works

SOC 2 Type II Per-tenant encryption No credit card · 14 days free

Live · Cortex classifying new evidence

app.kliper.com/engagements/acme-fintech/evidence

Evidence intake · uploaded just now

Cortex

CARDHOLDER_DATA-INVENTORY.docx

18 KB · Cortex analysis runs automatically

Security scanClamAV · clean

Extracting contentOCR + parse

Summarizing & taggingCortex

Matching to requirements277 reqs

Relevant. Inventories where cardholder data is stored, processed & transmitted — supports scoping and Requirement 3 (Protect Stored Account Data).

Suggested requirements · you confirm

Req 3 Protect Stored Account Data 91%

Req 9 Restrict Physical Access to CHD 64%

Analyzed in 3.1s·grounded in your tenant·human confirms the match

Every sentence

Cited to source

Per engagement

−1 week of work

ROC output

Your template

Isolation

Per-tenant

§01GROUNDING

Every answer traces back
to a source you own.

Retrieval is scoped to your tenant. Cortex reads your prior ROCs, your evidence library, the framework text, and interview notes — and nothing else. The open internet and other firms’ data are structurally out of reach.

Cortex retrieves from YOUR TENANT

Past ROCs

1,240 testing procedures

Evidence library

94 verified artifacts

Framework text

PCI DSS v4.0.1 · 277 reqs

Interview notes

18 walkthroughs

Cortex never touches OUT OF REACH

Open web & public LLM training

no scraped or generic sources

Other tenants’ data

isolation enforced at the database

Unverified evidence

draft blocks until a source is attached

Per-tenant encryption · zero cross-customer learning

§02CITATIONS

A citation on every sentence.
Click it, see the evidence.

No claim ships ungrounded. Each clause carries a source chip that resolves to the exact artifact and excerpt behind it — so your QA reviews defensibility, not prose.

TP 10.2.1.1Drafted responseIN PLACE

Audit logging is enabled across all in-scope Linux hosts via auditd and forwarded to Splunk under a 12-month retention policySRC·01. Cardholder-data access on the card_vault schema is captured through Postgres pgauditSRC·02. The IT Director confirmed retention and review cadence during the walkthroughSRC·03.

Linked sources · 3

SRC·01auditd.conf — host CDE-01EV-014

log_format = ENRICHED; retention 365d

SRC·02splunk-retention.pngEV-021

Index cde_audit · 12-month policy

SRC·03Interview — P. Shah, IT Dir.NOTE-08

“Logs reviewed daily, kept a year.”

3 of 3 sentences cited · 0 ungrounded claims

§03CAPABILITIES

Four jobs, done in the
flow of the assessment.

Cortex works where you already work — inside the requirement, the evidence row, the queue.

DRAFTING

Drafts TP responses

Generates a testing-procedure response from linked evidence — in your firm’s voice, ready for review.

INTAKE

Classifies evidence on upload

The moment a file lands, Cortex scans it, reads the content, and maps it to the requirement it satisfies.

ANALYSIS

Flags gaps & contradictions

Surfaces missing evidence and conflicting statements across artifacts before they reach your QA.

TRIAGE

Suggests the next action

Ranks the queue so the highest-leverage review is always the one in front of you.

§04CONTROL

Cortex drafts.
You sign off.

Nothing reaches the ROC without an assessor’s decision. Every draft is yours to accept, refine, or reject — and the audit trail records who signed off on what, and when.

Accept — Locks the response and stamps it In Place.

Refine — Send notes back to Cortex for a revised draft.

Reject — Discard and write the procedure yourself.

TP 8.3.4.bCortex draft

MFA is enforced for all non-console administrative access to the CDE via Okta with a hardware-token second factorSRC·01, covering the 14 bastion hosts reconciled against the access exportSRC·02.

awaiting: P. Shah · Lead QSA

§05ISOLATION

Your data trains nothing
outside your tenant.

The first question every QSA asks, answered plainly.

Per-tenant isolation

Every firm’s ROCs, evidence, and prompts live in a logically isolated store. Cortex can only retrieve within the boundary of your engagement.

No cross-customer learning

Your work is never used to train shared models or improve any other tenant’s results. Retrieval, not training.

Encrypted & attested

Encryption in transit and at rest, SOC 2 Type II controls, and a full audit trail of every Cortex action.

§06MEASURED IMPACT

Defensible, and faster.

Acceptance rate

92%

of Cortex drafts accepted or lightly refined

Per engagement

−1 week

of manual ROC assembly removed

Grounding

100%

of sentences carry a source citation

Ungrounded claims

draft blocks until evidence is attached

§07GET STARTED

Ship your next ROC
on Kliper.

A 25-minute walkthrough with one of our engineers. Bring your ugliest past engagement.

Book a demo Start free trial

No credit card · Full product · 14 days

Grounded in yourfirm’s own work.

Every answer traces backto a source you own.

A citation on every sentence.Click it, see the evidence.

Four jobs, done in theflow of the assessment.