drel
Pre-production AI Security Review

AI Security Clearance.
Before AI ships.

Drel turns AI system designs into clearance decisions, evidence records, and audit-ready review dossiers — so your security, AI, and governance teams can decide what reaches production.

View demo
Microsoft
ServiceNow
OpenAI
Internal RAG Assistant
SharePoint · ServiceNow · Azure OpenAI
RAGMCPSSO
Identified threats
Prompt injection via documents
ACL bypass at retrieval layer
100+ threats scanned12 frameworks
Clearance
Conditional
Evidence
Output filteringPending
ACL enforcementPending
Approval boundaryPending
Sign-off
CISO
AI Gov
DPO
System Intake
AI Security Review
Security Clearance

Works with the stack you already use.

Drel helps security and product teams review AI, RAG and agentic systems built with the model providers, cloud platforms and engineering tools they already use.

OpenAIGitHubAWS BedrockAnthropicDatadogAzure OpenAILangChainMistral AIOktaGoogle GeminiSupabasexAISalesforceGoogle CloudClerkQwenSnowflakeNVIDIAHugging FaceAuth0ElevenLabsJiraDatabricksStripeConfluenceServiceNowHashiCorpVercel
The problem

AI teams ship faster than security can assess.

AppSec and security architecture teams are not staffed to manually threat-model every AI, RAG, or agentic system. Traditional threat modeling tools were not designed for LLM trust boundaries, retrieval authorization, or agentic tool use. Assessments pile up. Systems go live without proper security sign-off.

The solution

Structured clearance, not a generated report.

Describe your AI system. Review the agentic architecture. Get a structured clearance decision backed by evidence grading, required controls, and a sign-off chain — defensible enough for an AI Committee, regulator, or board.

Purpose-built

Built for AI, not generic AppSec.

Built specifically for RAG pipelines, agentic workflows, and LLM-powered features. Purpose-built for AI security clearance, not generic AppSec workflows or one-off generated reports.

What you get

A clearance decision, not a generated report.

Every output is specific to your AI system — named blockers before production, required controls with owners and deadlines, evidence gaps that must close before go-live, and a sign-off chain that creates an audit trail.

Clearance decision — proceed, conditional, restricted pilot, hold, or decline
Evidence on every claim — explicit, inferred, assumed, unknown, missing, or verified
Production blockers with required controls, owners, and deadlines
Re-assessment triggers that fire when AI systems change
Multi-stakeholder sign-off chain — CISO, AI Governance, DPO, Business Owner
Audit-ready record: versioned, timestamped, framework-mapped
Internal RAG Assistant
AI Security Assessment Pack · Generated in 4s
Go with conditions
Go-live blockers
Indirect prompt injection via SharePoint documents
Validation: Inject adversarial instructions into a SharePoint document and verify the RAG system does not execute them
Threat register
Indirect Prompt Injection
OWASP LLM01
Critical
Retrieval ACL Bypass
MITRE AML.T0054
High
Identity Propagation Failure
MAESTRO L3
High
Excessive LLM Agency
OWASP LLM08
Medium
Recommended controls
prevInput sanitization pipeline before retrieval
prevACL enforcement at chunk retrieval layer
detePrompt injection detection classifier
Security questionnaire
Is prompt injection mitigated?Pending
Are retrieval ACLs enforced?Pending
Is PII redacted before LLM?Confirmed
Is output logged and auditable?Confirmed
5
Clearance states
Proceed, conditional, restricted pilot, hold, or decline — every review ends with a decision.
12
Frameworks mapped
OWASP LLM Top 10, NIST AI RMF, EU AI Act, ISO 42001, and more — linked to every clearance.
6
Evidence grades
Explicit, inferred, assumed, unknown, missing, or verified — on every claim in the review.
9
Lifecycle stages
From intake and threat modeling through sign-off, go-live, and re-review triggers.
Differentiation

Security reviews that end with a decision.

Drel turns AI system reviews into defensible go-live decisions, linking blockers, evidence, ownership, sign-offs, and review triggers into one audit-ready record.

Clearance

Clear what can ship

Move from review inputs to a go-live state: proceed, conditional, restricted pilot, hold, or decline.

Blockers

Expose what blocks release

Separate advisory findings from production blockers, missing gates, and unresolved assumptions.

Evidence

Grade the evidence

Track whether each claim is explicit, inferred, assumed, missing, or verified.

Audit Record

Leave the audit trail

Capture rationale, owners, sign-offs, versions, and re-review triggers in one defensible record.

Coverage

Built for every AI system type.

RAG assistants, tool-using agents, customer-facing AI features — each architecture pattern carries distinct trust boundaries, retrieval risks, and control requirements. Drel maps all of them to the blockers, evidence states, and clearance decision they require.

Assistants & RAG
  • Internal RAG assistant
  • Customer-facing chatbot
  • LLM gateway
Agents & automation
  • Agent with tools
  • Agentic automation
  • Multi-agent workflow
Product & vendor AI
  • B2B SaaS AI feature
  • Vendor AI assessment
  • Embedded AI capability

Reviewed through one clearance model: blockers, evidence states, control ownership, sign-offs, and re-review triggers.

System types

Every architecture, its own threat model.

Each system type has its own threat model, risk patterns, and control library — built from the specific trust boundaries of that architecture.

Internal RAG Assistant

Retrieval-Augmented Generation over enterprise knowledge

Employee-facing assistants over SharePoint, Confluence, and ServiceNow introduce unique trust boundaries — retrieval authorization, prompt injection via documents, and identity propagation across the retrieval chain.

OWASP LLM01Indirect prompt injection via indexed documents
MITRE AML.T0054Retrieval ACL bypass — chunks returned without permission check
MAESTRO L3Identity not propagated from user session to retrieval layer
See a real assessment example
Internal RAG Assistant — Architecture
UserRAG AppOrchestratorAI SearchVector DBSharePointDocumentsServiceNowKnowledgeConfluenceWikiAzureOpenAIquery + tokenembed queryindexindexindexchunksprompt + ctxresponsePrompt injectionACL bypass
Agent with Tools

Agentic systems with write access and tool execution

LLM agents with API access to GitHub, Slack, Jira, and PagerDuty require explicit policy gates, approval boundaries, and action authorization. Without them, a single injected instruction can trigger cascading write actions.

OWASP LLM08Excessive agency — write actions without human approval gate
MITRE AML.T0051Tool call injection via adversarial user input
MAESTRO L5Privilege escalation through chained tool invocations
See a real assessment example
Agent with Tools — Architecture
UserClaudeAgentPolicyGateGitHubCode writeSlackNotifyJiraTicketsPagerDutyIncidentstaskaction reqwritepostcreatealertExcessive agencyNo approval gate
B2B SaaS AI Feature

Customer-facing AI in multi-tenant SaaS products

AI features embedded in B2B SaaS products must enforce strict tenant isolation, prevent cross-tenant data leakage, and produce go-live evidence for enterprise security questionnaires.

OWASP LLM06Tenant data isolation failure — context bleeds across sessions
MITRE AML.T0048PII exfiltration via LLM output in shared inference
NIST AI RMFMissing go-live evidence for enterprise security assessment
See a real assessment example
B2B SaaS AI Feature — Architecture
TENANT AUserTENANT BUserOktaTenant ctxAzureOpenAISalesforceCRM dataStripeBillingPostgreSQLCustomer DBsessionsessiontenant ctxqueryreadqueryTenant isolationPII leakage
Framework coverage

The standards your team already uses.

Every threat, control, and remediation item maps directly — so the output lands in your assessment without translation.

OWASP LLM Top 10
OWASP Agentic Top 10
MITRE ATLAS
MAESTRO
NIST AI RMF
ISO/IEC 42001
AIUC-1
ENISA AI Threat Landscape
EU AI Act

Ready to clear your first AI system?

No signup required for the demo. See what a clearance decision looks like for a real enterprise AI agent.