Aurora: Compliance Evidence Copilot

• 

  Warm-up complete: Aurora shows “System Ready!” so you can start a compliance run without cold-start delays.

• 

  One-click Warm Up System to avoid cold starts before running the SimOps loop (Build→Prove→Attack→Patch→Replay→Export).

• 

  Golden Demo loads a ready-made scenario so judges can see end-to-end evidence generation in seconds.

• 

  Guided workflow: Select Role → Presets → Generate → Export for a clean, judge-friendly end-to-end demo.

• 

  Stakeholder dashboard: pick a role (GRC, Security, MLOps, Legal, Vendor Risk) to generate evidence packs.

• 

  Choose how Aurora runs: Agent mode (tool-using) or Deterministic mode for consistent, repeatable evidence packs.

• 

  Executive Summary with traceable sources—Aurora cites policies, risks, and standards to justify findings for audits.

• 

  Prioritized remediation plan with owners, due dates, and effort—turn audit gaps into an engineering-ready backlog.

• 

  Evidence tab lists concrete artifacts (logs, policies, reports) with paths—what to collect to prove controls work.

• 

  Gaps view flags high/medium risks mapped to controls—see what blocks compliance readiness before release.

• 

  Findings are ranked, plain-English, and actionable—spot LLM gaps like prompt injection monitoring & data provenance.

• 

  Export the audit packet: one click downloads a .zip with JSON, report, and artifacts—ready for tickets or audits.

• 

  SimOps loop drives a replayable workflow (Build→Prove→Attack→Patch→Replay→Export) for governance that keeps up.

Inspiration

Compliance is tedious. We wanted to automate the "hot-seat" experience of an audit or incident.

What it does

Aurora acts as a copilot for GRC and Security teams. You pick a stakeholder (e.g., CISO) and a scenario (e.g., EU AI Act Audit). It retrieves relevant docs from a compliance corpus and generates a structured Evidence Pack with mapped controls, citations, gaps, and remediation plans.

How we built it

We used Elasticsearch for vector retrieval of the corpus. We used Elastic Agent Builder to power the sophisticated reasoning. The backend is FastAPI (Aurora Kernel) running on AWS App Runner. The frontend is Aurora Studio hosted on S3/CloudFront.

Challenges

Tuning the retrieval to get the right compliance context. Ensuring the agent degrades gracefully to deterministic mode if the API is busy.

Accomplishments

A fully working end-to-end demo that generates audit-ready artifacts in seconds.

What we learned

Meaningful RAG requires high-quality, structured data ingestion.

What's next

Integrating live cloud API hooks to gather real-time technical evidence (logs, configs) alongside policy documents.

Built With

• amazon-web-services
• docker
• elastic-agent-builder
• elasticsearch
• fastapi
• python