drel
The platform, in depth

Every AI system reviewed.
Every decision on record.

Drel is the platform where security architects, AI governance leads, and CISOs produce the clearance record that lets an AI system reach production — and survive an audit.

Request early accessRead a sample dossier →
The output

This is what
you get.

A structured dossier with named blockers, required controls, evidence states, and a clearance decision — specific to your AI system, defensible in front of your AI Committee.

Named go-live blockers with owners
Required controls per lifecycle gate
Evidence state on every claim
Five-state clearance decision
Versioned, timestamped, exportable
Internal RAG Assistant
AI Security Assessment Pack · Generated in 4s
Go with conditions
Go-live blockers
Indirect prompt injection via SharePoint documents
Validation: Inject adversarial instructions into a SharePoint document and verify the RAG system does not execute them
Threat register
Indirect Prompt Injection
OWASP LLM01
Critical
Retrieval ACL Bypass
MITRE AML.T0054
High
Identity Propagation Failure
MAESTRO L3
High
Excessive LLM Agency
OWASP LLM08
Medium
Recommended controls
prevInput sanitization pipeline before retrieval
prevACL enforcement at chunk retrieval layer
detePrompt injection detection classifier
Security questionnaire
Is prompt injection mitigated?Pending
Are retrieval ACLs enforced?Pending
Is PII redacted before LLM?Confirmed
Is output logged and auditable?Confirmed
Evidence grading

Every claim graded.
Nothing assumed without a label.

Most security tools produce findings. Drel grades the evidence behind every finding — so your AI Committee knows exactly what is proven, what is assumed, and what is missing before they sign.

StateDefinition
Explicit

Stated directly in a source artifact or confirmed by a reviewer.

Inferred

Derived from context with stated reasoning. Traceable but not direct.

Assumed

Plausible default applied because the source is silent.

Unknown

Question raised but not yet answered. Needs investigation.

Missing

Claim depends on evidence that has not been provided. Blocks clearance.

Verified

Evidence attached and accepted by an authorized reviewer.

Review lifecycle

From intake
to production.

Drel tracks an AI system through its full review lifecycle — from initial intake through restricted pilot, production readiness, and ongoing governance. Every gate is documented.

1
Intake

System description, owners, scope, regulatory context.

2
Design review

Architecture model, components, trust boundaries.

3
Threat model

Threat register, attack paths, framework mappings.

4
Control plan

Required controls, owners, deadlines, evidence required.

5
Restricted pilotGate

Pilot-gate controls verified. Scope limited.

6
Prod readinessGate

Production-gate controls verified. Evidence complete.

7
OperatingOngoing

System live. Re-review triggers active.

8
MonitoringOngoing

Ongoing governance controls tracked.

9
Re-reviewOngoing

Triggered by model change, tool addition, scope expansion.

Threat model

Threats mapped.
Controls assigned.

Every assessed system gets a structured threat register — AI-specific attack patterns mapped to required controls, with priority and ownership.

60%
Overall Coverage
10 threats · 12 controls · 18 mappings
T-001Indirect Prompt InjectionT-002Retrieval ACL BypassT-003Identity Propagation FailureT-004Excessive LLM AgencyT-005Data Exfiltration via OutputT-006Tool Call InjectionT-007Memory PoisoningT-008Scope Boundary ViolationT-009Audit Trail GapsT-010Tenant Isolation FailurePC-01Input sanitization pipelin…PC-02ACL enforcement at retriev…DC-03Prompt injection classifie…PC-04Identity propagation middl…PC-05Human approval gateDC-06Output content filterPC-07Memory access controlsPC-08Scope enforcement policyDC-09Immutable audit loggingPC-10Tenant isolation layerDC-11Rate limiting + abuse dete…CC-12Incident response playbookTHREATS (10)CONTROLS (12)
Full mitigation
Partial mitigation
Critical
High
Medium
P PreventiveD DetectiveC Corrective
Framework coverage

OWASP. MITRE. NIST.
Mapped automatically.

Drel maps every threat to the frameworks your AI Committee and auditors expect — without manual cross-referencing.

Framework Coverage

Threat mapping across security frameworks

65%
OWASP LLM Top 1080%
8/10 threats
MITRE ATLAS60%
6/10 threats
MAESTRO70%
7/10 threats
NIST AI RMF50%
5/10 threats

Ready to clear your first AI system?

Start a free evaluation or talk to the team about your governance requirements.

Request early accessRead a sample dossier →