The audit pilot is how most customers start with Kommit. It's a fixed-scope, fixed-deliverable engagement that gives you a written audit report against your current AI surface — with or without you continuing afterwards.
What we do in 14 days
| Day | Activity |
|---|---|
| 1–2 | Intake call. We walk your team through the audit scope, agree on which agents / surfaces are in scope, and you connect Kommit to the relevant systems. |
| 3–10 | Evidence collection. Kommit ingests logs, configs, agent definitions, and access matrices from your scope. Our team reviews findings as they come in. |
| 11–13 | Drafting. Our team writes the audit report with specific findings, severity ratings, and remediation suggestions. |
| 14 | Read-out. We walk you through the findings with the team(s) responsible for remediation. You keep the report. |
The whole engagement is run by a senior member of our team. There is no automated-only path during the pilot — the value is in the human-grade review on top of what Kommit collects.
What you get at the end
- —A written audit report (PDF) covering every agent / surface in scope.
- —An ordered remediation list — what to fix first, with effort estimates.
- —A control-mapping matrix showing how your current setup compares to the controls you said you needed (SOC 2, GDPR posture, EU AI Act posture, or other frameworks you specified at intake).
- —Read-only access to the Kommit dashboard for 30 days post-pilot so you can show the report and the underlying evidence to your internal stakeholders.
What we ask of you
- —A single point of contact on your side (usually compliance or engineering leadership).
- —Read access to the agent surfaces in scope (logs, configs, repo metadata if applicable).
- —One hour for intake, one hour for read-out, and reasonable responsiveness to follow-up questions during the 14 days.
We do not need write access to anything during the pilot. We do not need access to your production data — only metadata about what the agents do and how they're configured.
What happens after the pilot
You have no obligation to continue. If the report is useful, the natural next step is to move to one of three ongoing engagement shapes — see [#engagement-shapes]. If it isn't, you keep the report and the conversation ends cleanly.
About a third of the pilots we've scoped to date have led to an ongoing engagement. The rest have either declined to continue or have parked the relationship until a later quarter.
How to start
Book a slot at /book-demo, or email hello@getkommit.ai with
"Audit pilot — [company]" in the subject. We'll come back with an
intake call within two business days.