AgentGuard

AI compliance monitoring system that autonomously checks hiring decisions against EU AI Act, NYC LL144 & Colorado AI Act with tamper-proof audit trails and human oversight.

Comment

Inspiration

AI systems are increasingly making high-stakes decisions about people's lives — hiring, promotions, terminations. Regulations like the EU AI Act, NYC Local Law 144, and the Colorado AI Act now mandate transparency, bias auditing, and human oversight for these systems. But most organizations lack the tools to comply in real-time.

We asked: What if compliance monitoring was autonomous, continuous, and tamper-proof?

What it does

AgentGuard is a multi-agent system that autonomously monitors AI hiring decisions for regulatory compliance across 3 major regulations with 14 automated compliance checks. It:

  • 🔍 Analyzes every AI decision for bias, PII leaks, and anomalies in real-time
  • ⚖️ Checks 14 compliance rules across EU AI Act, NYC LL144, and Colorado AI Act
  • 🔐 Generates tamper-proof audit trails using SHA-256 hash chains
  • 👁️ Escalates high-risk decisions to human reviewers with priority routing
  • 📊 Visualizes compliance health through a real-time dashboard

How we built it

We designed a 4-agent pipeline architecture:

  1. Monitor Agent — Classifies risk levels, detects bias in protected attributes, flags PII exposure
  2. Compliance Analyst Agent — Runs 14 regulation-specific checks and calculates compliance scores
  3. Audit Agent — Generates SHA-256 hash-chain audit trails and automated risk assessments
  4. Supervisor Agent — Determines escalation priority and routes decisions for human review

The backend is built with FastAPI + SQLAlchemy (6 ORM models), serving 4 REST API routers. The frontend is a React + TypeScript dashboard with dark-mode glassmorphism design, interactive charts, and real-time polling.

The system ships with a realistic demo scenario — HireSmart AI, a hiring ADMT with 12 pre-seeded decisions spanning compliant, warning, and non-compliant cases.

Challenges we faced

  • Encoding 3 different regulatory frameworks into structured, automatable rule sets — each regulation has different requirements, thresholds, and jurisdictions
  • Designing the hash-chain audit trail to be genuinely tamper-proof while remaining queryable
  • Balancing agent autonomy with human oversight — the system needs to auto-approve low-risk decisions while reliably escalating high-risk ones
  • Making it work with zero configuration — no API keys, no cloud database, just docker-compose up

What we learned

  • Regulatory compliance is surprisingly automatable when you decompose regulations into discrete, testable rules
  • Hash-chain audit trails provide strong integrity guarantees with minimal overhead
  • Multi-agent architectures shine when each agent has a clear, bounded responsibility

What's next

  • Adding more regulations (GDPR Article 22, CCPA, EEOC guidelines)
  • LLM-powered natural language compliance reports
  • Real-time webhook integrations for production AI systems
  • Automated remediation suggestions powered by regulation knowledge graphs

Built With

Share this project:

Updates