GertinAI
Gertin AI Platform

Five AI engines. One API.
Zero data leaving your cloud.

Gertin AI integrates directly into your existing security and compliance toolchain through a unified REST API backed by AWS Bedrock.

Try It Live View Pricing
POST /v1/compliance/iam/analyze

IAM Policy Analyzer

Eliminate overpermissioned identities before attackers exploit them.

Submit any IAM policy document — inline, managed, resource-based, or trust policy — and receive a comprehensive risk assessment in under three seconds. The analyzer evaluates every statement against a rule library covering wildcard permissions, privilege escalation chains, missing MFA conditions, cross-account trust configurations, and resource-level policy gaps.

  • Risk score 0–100 with CRITICAL / HIGH / MEDIUM / LOW classification
  • Per-finding remediation steps mapped to the specific statement
  • Compliance mapping to SOC2 CC6, PCI-DSS 7.1, HIPAA §164.312, CIS 1.16
  • Privilege escalation path detection (PassRole, AssumeRole chains)
  • Multi-policy batch analysis support
Response — iam.json
{
  "request_id": "3f8a2c1d-...",
  "risk_score": 87,
  "risk_level": "CRITICAL",
  "findings": [
    {
      "severity": "CRITICAL",
      "rule_id": "IAM-001",
      "title": "Wildcard action on all resources",
      "description": "Statement grants Action: * on Resource: *",
      "remediation": "Scope to specific actions and ARNs",
      "framework": "SOC2 CC6.3"
    }
  ],
  "summary": "Policy grants unrestricted access...",
  "analyzed_at": "2025-01-15T09:23:41Z"
}
POST /v1/compliance/cloud/scan

Cloud Misconfiguration Scanner

Catch public S3 buckets, open security groups, and unencrypted databases before your next audit.

Submit your cloud resource configuration — exported from AWS Config, Terraform state, or the AWS CLI — and receive a CIS-aligned scan report. The scanner covers the full breadth of AWS resource types most commonly implicated in security incidents and compliance failures.

  • S3: public access block, encryption, versioning, ACL, logging
  • EC2: IMDSv2, encrypted EBS, security group 0.0.0.0/0, public IPs
  • RDS: public accessibility, encryption at rest, automated backups
  • VPC: flow logs, default VPC usage, NACL exposure
  • CloudTrail: multi-region logging, log file validation, S3 access logging
  • KMS: automatic key rotation, key policy scope
Response — cloud.json
{
  "request_id": "9d1b7e4f-...",
  "risk_score": 72,
  "risk_level": "HIGH",
  "passed": 8,
  "failed": 4,
  "findings": [
    {
      "severity": "HIGH",
      "check_id": "CIS-2.1.1",
      "title": "S3 bucket allows public access",
      "impact": "Sensitive data exposed publicly",
      "remediation": "Enable S3 Block Public Access"
    }
  ],
  "summary": "4 critical misconfigurations found...",
  "scanned_at": "2025-01-15T09:25:12Z"
}
POST /v1/compliance/soc2/evidence

SOC2 Evidence Assistant

Turn raw configuration exports and access logs into auditor-ready evidence narratives.

Provide a SOC2 Trust Services Criteria control ID, its description, and the raw evidence. Gertin AI evaluates the evidence against the control requirement and returns a structured assessment your auditor can use directly, reducing manual evidence prep effort by up to 70%.

  • PASS / FAIL / NEEDS_REVIEW verdict with confidence reasoning
  • Auditor-facing narrative in formal compliance language
  • Gap identification — specific missing artifacts listed by name
  • Suggested artifact filenames for your evidence repository
  • Supports all TSC categories: CC1–CC9, A1, C1, PI1, P1–P8
Response — soc2.json
{
  "request_id": "a7c3d5e9-...",
  "control_id": "CC6.1",
  "status": "NEEDS_REVIEW",
  "narrative": "Evidence demonstrates quarterly access reviews...",
  "gaps": [
    "No documentation of terminated user revocation",
    "Missing MFA enforcement evidence"
  ],
  "artifacts": [
    "access_review_2024Q4.pdf",
    "mfa_policy_enforcement.pdf"
  ],
  "generated_at": "2025-01-15T09:26:05Z"
}
POST /v1/compliance/logs/summarize

AI Log Summarizer

Surface what matters across millions of log lines in seconds.

Security teams are inundated with log data. The Log Summarizer accepts CloudTrail, VPC Flow Logs, GuardDuty findings, ALB access logs, and application logs and distills them into structured, actionable summaries — with anomalies, security alerts, and recommendations surfaced automatically.

  • Structured JSON output: summary, key events, anomalies, security alerts
  • Authentication failure and brute-force pattern detection
  • Data exfiltration signal identification (unusual egress, large transfers)
  • Reconnaissance and enumeration behavior flagging
  • Configuration change detection outside maintenance windows
Response — logs.json
{
  "request_id": "b2e8f1a4-...",
  "summary": "47 authentication failures from 3 IPs...",
  "key_events": [
    {
      "timestamp": "2025-01-15T02:14:33Z",
      "level": "CRITICAL",
      "message": "403 root account API call",
      "source": "cloudtrail"
    }
  ],
  "security_alerts": [
    "Root account accessed outside business hours"
  ],
  "anomalies": ["Spike in S3 GetObject calls"],
  "total_logs_analyzed": 14280
}
POST /v1/compliance/threat/explain

Threat Explanation Copilot

Translate CVEs, IOCs, and MITRE techniques into clear, actionable intelligence.

Bridge the communication gap between your SOC analysts and executive stakeholders. The Threat Copilot accepts a CVE ID, IOC, GuardDuty alert, or free-text threat description and returns tailored explanations for three audiences — executive, analyst, and technical — with MITRE ATT&CK mappings and immediate action items.

  • Executive, analyst, and technical audience levels
  • MITRE ATT&CK technique and tactic identification
  • CVE severity, CVSS score, and affected systems
  • Immediate containment actions and long-term mitigations
  • Reference links to NVD, CISA KEV, and vendor advisories
Response — threat.json
{
  "request_id": "c5d9a3b7-...",
  "threat_name": "CVE-2024-21626 (runc container escape)",
  "severity": "HIGH",
  "explanation": "Allows container breakout to host...",
  "attack_vector": "Local container execution",
  "affected_systems": ["Docker", "Kubernetes", "containerd"],
  "immediate_actions": [
    "Update runc to 1.1.12 immediately",
    "Audit running container workloads"
  ],
  "mitigations": ["Enable seccomp profiles"],
  "references": ["CVE-2024-21626", "T1611"]
}

Platform capabilities

Infrastructure-grade reliability built into every deployment.

API Key Management

Per-organization API keys with configurable rate limits and daily quotas. Granular access control per key.

Immutable Audit Logs

Every compliance check is recorded in an append-only audit log — org, action, risk score, latency, and IP.

Zero Egress Architecture

All AI inference via AWS Bedrock. No data crosses VPC boundaries to external AI providers.

Prometheus Metrics

Request counts, latency histograms, cache hit rates, and error rates — ready for Grafana or CloudWatch.

Streaming Responses

SSE streaming support on all chat endpoints. Low time-to-first-token for interactive workflows.

PostgreSQL + Redis

Durable key storage and audit logs in RDS. In-memory rate limiting via ElastiCache for microsecond enforcement.

OpenAI-Compatible API

Drop-in compatible with the OpenAI API spec. Migrate existing integrations without code changes.

Rate Limiting

Per-key RPM and daily request limits enforced at the gateway layer. Configurable per plan.

Ready to deploy Gertin AI?

Deploy in your AWS account in under 15 minutes with the included CDK stack.

Try It Live View Plans