Open-Source, Self-Hosted,
AI-Native GRC.
254 tools across 9 MCP servers, a 6-agent AI council, scheduled workflows, and an MCP proxy for Claude Desktop remote connections — all with human-approved mutations.
MCP write actions are proposed into an approval queue before they can modify your data.
The website is the entry point. The original repo remains the source of truth for operations.
Read deployment docsThe problem
Traditional GRC tools collect records. They do not help operators think.
Teams end up with fragmented dashboards, disconnected evidence, and an AI layer that can talk about data but cannot safely act on it. Community users need a full system they can run locally and inspect end to end.
The community answer
RiskReady ships the app, the gateway, the MCP servers, and the approval model together.
You evaluate the actual product shape: web UI, server, gateway orchestration, MCP tools, and the human-in-the-loop mutation workflow. The website points you to the repo, not away from it.
Product proof
Real screenshots, not placeholder marketing art.
Executive dashboard
Risk, compliance, and AI action visibility from a single operational view.
Risk register
Structured scenario tracking, treatments, KRIs, and tolerance-aware workflows.
Human approval queue
Every AI mutation is proposed first, reviewed by a human, and only then executed.
AI/MCP overview
The assistant is an architecture, not a widget.
The gateway routes work to domain MCP servers, gathers tool results, creates approval-gated mutations, and supports autonomous workflows without hiding what is happening.
254 tools across 9 MCP servers
Each domain exposes focused tools instead of hiding everything behind one generic assistant endpoint.
6-agent AI Council
Complex cross-domain questions convene 6 specialist agents (Risk Analyst, Controls Auditor, Compliance Officer, Incident Commander, Evidence Auditor, CISO Strategist) for structured deliberation.
Human-approved mutations
Write actions are proposed into an approval queue before they touch the database. This applies equally to interactive chat, scheduled runs, and autonomous workflows.
MCP Proxy for Claude Desktop
Connect Claude Desktop directly to your GRC data — bring your own AI. Remote MCP proxy with API key auth, zero AI cost to you.
Agentic gateway
The gateway coordinates routing, scheduled runs, cross-domain workflows with approval gates, and council-style analysis. Workflows pause and resume automatically around human decisions.
$0.19 per council (Haiku)
Full security posture assessment with 6 agents, 32 tool calls, 120K tokens. $0.007 per single query. 96% token reduction via tool search.
The empty quadrant
Gartner mapped 16 GRC vendors.
The Visionaries slot is empty.
The Magic Quadrant for Governance, Risk and Compliance Tools (September 2025) evaluates the entire established market. Leaders can execute. Challengers have scale. But none of them reimagined GRC for an AI-native world.
That empty quadrant is where RiskReady lives — built from day one with human-approved AI mutations, domain-specific MCP servers, and self-hosted sovereignty as architectural foundations, not afterthoughts.
AI-native architecture
9 MCP servers and a gateway — not a chatbot bolted onto a dashboard
Human-approved autonomy
Autonomous workflows that pause for human judgment at every mutation
Open-source transparency
Every safety mechanism is auditable — not hidden behind a vendor black box
Source: Gartner, Magic Quadrant for Governance Tools, September 2025
Start from the real project
Explore the repo, then run the stack yourself.
`riskready.dev` is the entry point. GitHub and the community docs are the canonical source for deployment, operations, and contribution.