episki, rebuilt around agents
This is the largest release in episki's history: a ground-up rewrite around a single idea — the platform should run the compliance lifecycle, and humans should gate the decisions that matter.
Every workflow now runs on an agent runtime. Ask an agent to do something and it proposes a plan, executes it as discrete, observable step-runs, and stops for your approval on anything sensitive. Evidence pulls run as deterministic recipes — plain, inspectable code, not model output — so auditors can read exactly how each artifact was gathered. Bring your own tools over MCP, and set runtime safety floors that the agent cannot exceed.
On top of that runtime, the Compliance Platform unifies frameworks, controls, evidence, policies, programs, assessments, and reporting in one workspace — and four modules extend it: Risk, Third-Party Risk, Trust, and AI Governance.
- Agents plan, run step-runs, and request approval — with deterministic recipes, MCP support, and safety floors
- SCF framework import, evidence lineage, versioned policies, scopes, obligations, and live auditor-ready reports
- Full risk register with qualitative and quantitative scoring, acceptance decisions, threats, and treatments
- Unlimited-vendor TPRM, a branded Trust Center on your domain, and AI Governance for the AI your org uses
- Native AWS / Google / Microsoft / Jira / Slack integrations, semantic search, a unified inbox, and an immutable audit trail
For the thinking behind the rewrite, read Autonomous GRC and the new shape of the compliance program.
When Is It Time for a GRC Tool?
Spreadsheets can only take your compliance program so far. Here's how to know when manual processes are holding you back — and what to look for when you're ready to make the move.
Agent-first GRC: what changes when AI runs the program
Most GRC tools added AI as a feature. Agent-first GRC treats agents as the operator — drafting policies, answering questionnaires, and running the program with humans approving the work that matters.