ObLiQ

Inspiration

Obliq was inspired by a recurring problem I observed in modern compliance workflows: audits rely heavily on screenshots, manual attestations, and human explanations of system behavior. While tools like Drata and Vanta help teams organize compliance tasks, the final evidence often remains fragile, subjective, and difficult to verify cryptographically. As systems become more automated and distributed, the gap between what actually happened in a system and what is presented to an auditor continues to grow. I wanted to explore whether compliance evidence could be generated directly from system behavior itself — in a way that is structured, explainable, and tamper-evident by design.

What it does

Obliq turns raw system activity into auditor-ready compliance evidence. It ingests structured JSON system logs, evaluates them against SOC 2 and ISO 27001 requirements using an AI auditor reasoning engine, and generates a timestamped, tamper-evident PDF artifact. Each artifact includes a compliance summary, auditor rationale, normalized evidence logs, and a cryptographic hash chain that allows anyone to verify the integrity of the evidence with a single click.

How we built it

ObLiQ was built as an automated evidence pipeline that ingests structured JSON system logs, evaluates them against compliance frameworks like SOC 2 and ISO 27001 using an AI auditor reasoning engine, and generates timestamped, auditor-ready PDF artifacts. The system normalizes raw activity into structured facts, produces a clear compliance analysis and rationale, and secures each artifact with cryptographic hashing and hash chaining so integrity can be independently verified.

Challenges we ran into

-Handling API rate limits and quota constraints during live demonstrations -Designing a system that enforces strict input formats without harming usability -Balancing AI reasoning power with deterministic, auditable outputs -Deploying a mixed frontend and serverless backend under tight time constraints -Ensuring the cryptographic chain remains verifiable and explainable to non-cryptographers

Accomplishments that we're proud of

We built a working end-to-end system that turns system logs into auditor-ready, tamper-evident evidence, including AI-generated audit reasoning, structured compliance summaries, and cryptographic hash chaining for integrity verification.

What we learned

We learned how real audits prioritize verifiable artifacts over dashboards, how fragile evidence integrity can be without cryptographic guarantees, and how AI can assist auditors by reasoning over logs without replacing human judgment.

What's next for ObLiQ

Next, ObLiQ will support more log sources, additional compliance frameworks, scalable artifact generation outside AI Studio(real world deployment), and deeper integrity verification tools for auditors and regulators.

Built With

• gemini3
• github
• javascript
• react
• sha-256
• tailwindcss
• typescript
• vercel
• vite