What is Gamut AI

Gamut AI is an AI governance lifecycle platform. It gives organisations one place to discover the AI they use, understand and classify the risk it carries, assess it against the frameworks that matter, and produce the evidence that boards, buyers, auditors and regulators ask for.

It is built for organisations that need to demonstrate structured governance over their AI systems, banks, financial institutions, regulated enterprises and any organisation whose AI adoption has outgrown spreadsheets and fragmented point tools.

The problem Gamut solves

AI adoption usually runs ahead of governance. Teams buy AI tools, embed models in products, and build agentic workflows faster than risk, compliance and security functions can track them. The result is familiar:

• No reliable inventory of where AI is used, who owns it, or what data it touches.
• Risk decisions made informally and inconsistently, with no traceable rationale.
• Policy that exists on paper but cannot be evidenced when someone asks for proof.
• Evidence scattered across documents, email threads and screenshots, gathered in a panic at audit time.

Gamut replaces that with a single, governed operating layer that takes an AI system from first discovery through to board-level reporting and continuous improvement.

What Gamut gives you

• A standing AI inventory: a register of AI systems, use cases, owners, suppliers, data context and lifecycle status.
• Consistent risk classification: structured risk tiering based on purpose, impact, human oversight, data exposure and operating context.
• Multi-framework assessment: assess a system against GTSAF, the EU AI Act, NIST AI RMF, ISO/IEC 42001 and 42005, NAGF, ACRS, the Agentic Trust Framework (ATF) and MAESTRO.
• Evidence as a first-class object: evidence requests, artefacts, quality tracking, findings and remediation, captured as governance work happens.
• Audit-ready outputs: workpaper-grade exports and board reporting that trace from requirement to evidence to finding.
• Governed agentic AI: Agentic CISO, Gamut Gateway and Gamut Claw extend governance to AI that takes action, not just AI that answers questions.

Design principles

Gamut is built around a small number of deliberate choices:

• Evidence, not just policy. Governance is only credible when it can be proven. Gamut is organised around producing defensible evidence, not generating documents.
• Traceability end to end. Every record connects: AI system → risk decision → control expectation → evidence → finding → remediation.
• Governance is a lifecycle, not an event. Gamut keeps governance current as systems and obligations change, rather than producing a point-in-time snapshot.
• Trust by construction. AI analysis is proxied server-side so model keys are never exposed to the browser, tenants are isolated, and access is controlled by role.

How this documentation is organised

• Getting started: the fastest path from sign-in to your first assessed AI system.
• Platform: the modules that make up Gamut and how they work.
• Governance frameworks: the frameworks Gamut supports and how routing works.
• Agentic stack: Agentic CISO, Gateway and Claw.
• Administration: workspaces, users, SSO, plans and audit.
• API reference: integrate Gamut with the rest of your stack.

New to AI governance?

Start with The governance lifecycle for the mental model, then Core concepts & glossary for the vocabulary used throughout these docs.