HawkClaw is the AI Governance & Compliance Copilot — a system of record for how your organization's AI, especially third-party and vendor AI, is discovered, risk-classified, approved, and mapped against regulation. Drafted by agents, decided by your people, evidenced in one audit trail.
HawkClaw correlates signals you already collect — SSO and OAuth grant logs, expense and SaaS-spend exports — against a maintained catalog of known AI tools. Anything in use that isn't in the approved registry becomes a finding.
Each vendor, system, and use case gets a drafted risk assessment and a tier: minimal, limited, high, or prohibited. A compliance officer reviews, then approves, rejects, or conditions it. No decision is ever made by the machine.
Every step lands in one append-only audit trail, mapped to the exact regulatory clauses that apply. When a vendor changes a model or its data-handling terms, the assessment reopens — not next year's attestation.
Vendors, AI systems, and business use cases in one inventory — risk classified at both the system and the use-case level, with the full approval history attached.
Request → drafted assessment → human decision. Approve, reject, or approve with conditions — every step written to the audit log the moment it happens.
A correlator over your existing identity and finance signals — no network sensor, no proxy, no agent on devices. Unregistered AI use surfaces as findings for triage.
New model version, changed terms, new sub-processor — vendor changes reopen the assessment automatically, replacing point-in-time annual attestation.
Use cases and controls mapped to the exact regulatory clauses that apply — drafted with citations for a compliance officer to review and sign off. The citation is the deliverable.
Your own AI policies live in the same graph as the regulation. Assessments cite both — "PDPL Art. 5–6; Internal AI Acceptable Use Policy v3, §4" — so gaps are actionable.
Global governance tools ship US and EU policy packs and stop there. HawkClaw's library is built for this region — and for many GCC instruments, the legally binding text is the Arabic text, so that is the text we work from.
UAE first: the AI Charter, federal PDPL, DIFC Data Protection Law, CBUAE guidance, and the wider UAE regime — with EU AI Act and ISO 42001 coverage for entities with that exposure.
Where the binding language is Arabic, HawkClaw maps against the authoritative Arabic text — not a lagging unofficial translation. Every document records its language and binding status.
Coverage starts audit-grade with UAE and financial services, expanding jurisdiction by jurisdiction — because a shallow library is worse than none in front of a regulator.
Governance software that oversells is a liability. HawkClaw states exactly what it does — and what nothing on the market can do.
HawkClaw drafts assessments and maps clauses with citations. Whether you are compliant is a legal determination — made by your officers and counsel, never asserted by the system.
Discovery sees that a connection to an AI tool exists — from signals you already collect — never what anyone typed. And AI use on personal devices over personal networks is undetectable by any product; we say so rather than sell around it.
Tenant isolation enforced in the database, one canonical audit log, and deployment in your cloud, on-premises, or fully air-gapped — with the single LLM egress point swappable for a locally hosted model.
Live demonstrations available in person across the GCC or online — a populated registry, real findings, and a cited assessment, not slides.
Request a demo — [email protected]