GRC / Compliance Connectors¶
GRC and compliance connectors enable AI agents to query compliance posture, manage evidence collection, administer security awareness programs, and monitor governance controls. These connectors support continuous compliance workflows by automating evidence gathering, tracking control status, and managing risk assessments across regulatory frameworks.
Read operations for compliance status and evidence queries are LOW risk. Operations that modify control mappings, update compliance frameworks, or alter security awareness training configurations carry MEDIUM to HIGH risk.
| Connector | Operations | Risk Levels | Description |
|---|---|---|---|
| Drata | 20 | LOW, MEDIUM, HIGH | Drata operations for compliance monitoring, evidence management, control status queries, personnel tracking, and audit preparation |
| Vanta | 18 | LOW, MEDIUM | Vanta operations for compliance program management, test status queries, evidence collection, and vulnerability tracking across frameworks |
| Secureframe | 17 | LOW, MEDIUM | Secureframe operations for compliance monitoring, control management, test result queries, and policy document administration |
| OneTrust | 23 | LOW, MEDIUM, HIGH | OneTrust operations for privacy management, risk assessment administration, data mapping queries, and regulatory compliance tracking |
| KnowBe4 | 20 | LOW, MEDIUM, HIGH | KnowBe4 operations for security awareness training management, phishing simulation campaigns, user risk scoring, and training completion tracking |
| Atlassian Guard | 17 | LOW, MEDIUM | Atlassian Guard (formerly Access) operations for organization security policies, audit log queries, user provisioning, and authentication policy management |
| Microsoft Governance | 24 | LOW, MEDIUM, HIGH | Microsoft Purview and Compliance Center operations for data classification, retention policies, eDiscovery, and information protection label management |