HAIEC: DIY AI Compliance You Can Prove

I didn’t set out to build another AI product. I built HAIEC because every time AI came up in a serious review, the conversation fell apart. Teams were shipping LLMs into hiring, support, analytics, and internal tools. Everything worked, until someone asked the uncomfortable question: “Can we prove this is compliant?” What followed were policies, PDFs, risk scores, and consultant slides. None of it was defensible. None of it was reproducible. And none of it would survive an audit, a procurement review, or a regulator’s email. I’ve worked in control and governance environments where opinions don’t matter, evidence does. Yet most “AI compliance” tools were doing the opposite: using black-box AI to score other AI systems, producing outputs you couldn’t verify or repeat. So I flipped the problem. What if AI compliance worked like software testing instead of policy consulting? That idea became HAIEC. HAIEC doesn’t ask you to fill out surveys or trust a score. It generates deterministic, audit-grade artifacts mapped directly to real regulations like SOC 2, ISO 27001, NYC LL144, and emerging AI laws. Under the hood, it combines static analysis, runtime testing, and governance signals into one system that runs continuously, not once a year when something goes wrong. Building this meant killing features that looked impressive but didn’t produce proof, and obsessing over one question: would this hold up under scrutiny? HAIEC is for founders, security leaders, and compliance teams who need to answer “are we compliant?” with something they can stand behind; not explain away. Happy to hear what resonates, what doesn’t, and where you think AI compliance still breaks in the real world