What's new in Drel

Sign-off workflow, workspace activity, and cross-domain navigation.

• NewSign-off workflow — formally request sign-off from named stakeholders: CISO, DPO, AI Governance Officer, Internal Audit, Business Owner. Each role receives a notification and can respond with a comment.
• NewWorkspace activity — full-portfolio event log across all cases. Useful for CISO-level oversight of what is in review and what is pending sign-off.
• NewCross-domain navigation — Findings, Attack Paths, Library, Frameworks, Systems, and Policies cross-link with context preserved. Every inspector surface connects to related objects across the workspace.
• NewFramework mapping peek — click any MITRE, OWASP, or EU AI Act mapping to see the full item description without leaving the current view.
• ImprovedLibrary inspector — full rich views for all object types: risk pattern, control pattern, evidence question, system type, and standard.

Self-serve plans, public demo dossier, and reference content.

• NewSelf-serve plans — Evaluation, Plus, Pro, and Enterprise tiers. Annual plans available.
• NewPublic demo dossier — a complete AI Risk Disposition for a RAG-based procurement agent, ungated. Includes threat register, control plan, evidence ledger, governance mapping, and a signed disposition memo.
• NewComparison pages — Drel vs spreadsheets, threat modeling tools, AI posture management, runtime AI firewalls, and GRC platforms.
• NewResource library — downloadable templates and frameworks: AI Risk Register, AI Committee Charter, AI Go-Live Security Checklist, and more.

Repository ingestion, versioned clearance decisions, and audit pack export.

• NewRepository ingestion — connect a codebase and Drel extracts implementation signals to populate the evidence layer alongside design artifacts.
• NewVersioned clearance decisions — each published version captures an immutable snapshot of the disposition, control posture, framework coverage, and reconciliation findings.
• NewRe-review detection — Drel detects material changes after publishing and surfaces a re-review signal with a diff of what changed.
• NewAudit pack export — download a complete bundle with disposition, threats, controls, and evidence. Suitable for AI Committee records and regulatory submissions.
• NewAI Risk Disposition memo PDF — generate a regulator-facing PDF of the disposition memo directly from the workspace.
• NewGraph provenance overlay — see which nodes and edges in the system model came from the baseline spec vs implementation evidence.

Reconciliation engine and the baseline-to-clearance pipeline.

• NewReconciliation engine — compares the intended baseline against implementation evidence and surfaces typed findings: spec-only components, changed components, missing controls, stale assumptions, and evidence conflicts.
• NewImplementation evidence flow — per-finding status controls with evidence notes. Every status change is logged to the audit trail.
• NewAssessment source modes — design artifacts, repository ingestion, or hybrid. The source mode determines which reconciliation rules apply.
• NewReconciliation tab — dedicated section in the dossier showing the delta between intended design and implementation evidence.
• ImprovedVersion timeline — full decision history with disposition badge, control posture, framework coverage, and blocking findings per version.

AI Risk Disposition memo, governance mapping, and the full dossier workspace.

• NewAI Risk Disposition memo — five-state decision (Proceed / Conditional / Restricted Pilot / Hold / Decline) with required controls, residual risk owner, evidence gaps, re-review triggers, and a multi-role sign-off block.
• NewGovernance mapping — per-finding and per-control mapping to EU AI Act, ISO/IEC 42001, NIST AI RMF, OWASP Agentic Top 10, OWASP LLM Top 10, MAESTRO, and AIUC-1. Language is precise: 'supports evidence for', 'requires validation', 'not yet evidenced'.
• NewMulti-role sign-off — CISO, AI Governance Officer, Security Architect, DPO, Internal Audit, and Business Owner sign-off slots with per-role status and comments.
• NewEvidence and assumptions ledger — every claim carries an explicit evidence state. Filters surface all unknowns or all assumptions at once.
• NewDossier workspace — structured workspace with dedicated sections for Overview, Clearance Decision, Design, Threats & Attacks, Controls, Evidence, Reconciliation, Governance, and Dossier Record.

Agentic threat modeling, attack path library, and the security graph.

• NewAgentic ontology — components typed as agent, planner, tool, MCP server, MCP client, RAG source, vector database, memory store, model gateway, delegation chain, approval boundary, policy enforcement point, and audit sink.
• NewDelegation analysis — principal chains, blast radius per node, scope minimization candidates, and composition warnings.
• NewAttack path library — playbooks covering Input Manipulation, Retrieval Attacks, Tool & Action Abuse, Identity & Authorization, Persistence & Supply Chain, and Governance & Oversight. Each playbook includes an exploit chain, control breakpoints, detection signals, and framework mappings.
• NewSecurity graph — navigable graph of risk patterns, control patterns, evidence questions, system types, and standards.
• NewAI-powered system reconstruction — paste a system description, HLD, vendor proposal, RAG config, or agent spec. Drel extracts components, data flows, trust boundaries, and identities with explicit evidence states.
• NewThreat generation — system-specific threats applying OWASP LLM Top 10, OWASP Agentic Top 10, MAESTRO, and MCP-specific patterns. Every threat has an attack path and affected components.