Solutions · Vendor & model risk
Treat every model and API like a vendor.
External models and AI APIs are the new fourth party. We're designing Hootleash around a single register, a continuous due-diligence pipeline, and inline policy enforcement - built for the way regulators actually inspect.
Capabilities
Six controls your CISO has been asked for.
Third-party AI register
Continuous inventory of every external model, API, and AI vendor - including shadow usage your TPRM team doesn't see.
Tiered model risk
T1–T5 risk tiering inherited from SR 11-7, with continuous validation evidence and challenger comparisons.
Continuous due diligence
Automated SOC 2 / ISO 27001 / ISO 42001 attestation collection, expiry monitoring, and exception workflows.
DORA-ready CTPP register
Maintain a Critical Third-Party Provider register with concentration risk and exit playbooks.
Inline policy enforcement
Throttle, reroute, or block vendor calls when SLA, residency, or sanctions policy is violated - at runtime.
Vendor-aware exposure
Roll up agent risk to vendor concentration, geography, and regulatory regime. CISO-ready dashboards.
Ready when you are
Help us design what every external AI call should answer to.
We're building Hootleash in private design partnership with a small number of regulated enterprises. If you run autonomous AI in production, get in touch.
Pre-launch · design partner program open · early access 2026