Articles on: Artificial intelligence (AI)
This article is also available in:

Confidential AI in Brainframe

Brainframe’s AI co-pilots help you work faster on assets, risks, controls, policies, and compliance mapping — without sending sensitive material to a public AI service that could read or retain it.

Why your data stays private

Brainframe’s AI features are built on Trusted Execution Environment (TEE) confidential computing, powered by Tresor AI — a European confidential-AI provider designed for governance, risk, and compliance work.


Unlike pasting content into ChatGPT, Copilot, or similar tools, your asset descriptions, risk registers, control documentation, and policy text are handled with a zero-access architecture:

  • Encrypted end to end — Content is encrypted on the way in, processed only inside a sealed environment by the supplier, that they are unable to access. Readable text exists only in your Brainframe workspace.
  • Processed where no one can look — AI runs inside hardware-sealed enclaves. Neither the AI provider, nor the underlying cloud operator can read these prompts or responses. This is enforced by hardware, not by policy alone.
  • Proven on every answer — Each AI response carries a cryptographic verification receipt showing that your request was handled inside attested, sealed hardware. That turns “we use a secure provider” into evidence you can use in audits, due diligence, and regulatory reviews.

In one line: You get modern AI productivity on your most confidential GRC work — with a hardware-backed guarantee that our providers can not read it, and proof that supports your compliance posture.

Brainframe AI is powered by Tresor AI confidential compute. Learn more at the Tresor AI trust and documentation pages.


Before you start: Workspace settings

Workspace administrators control whether AI is available at all.

Where to find it: Workspace Configuration → Integrations → Artificial intelligence.




What you can do:

Setting

What it means

Enable AI features

Turns AI on or off for the entire workspace. When disabled, AI buttons are hidden or unavailable for all users.

Default Brainframe AI

Uses Brainframe’s managed confidential AI (Tresor AI). Recommended for most workspaces.

Custom provider

Optional: connect your organisation’s own AI endpoint if you have a specific requirement to use a different provider.

Only workspace administrators can change these settings. When AI is disabled, users see a message that an administrator must enable it first on AI buttons.


Asset onboarding wizard

The asset wizard walks you through company context, asset details, controls, risks, mitigation planning, and a summary before the asset is created.

AI is optional throughout. Every step can be completed manually — linking controls, adding risks, and writing descriptions yourself. AI simply speeds up the work when it is enabled.


Asset details

  • Expand with AI — Turn a short asset name and brief notes into a fuller, structured description.


  • Identify supporting assets — Suggest supporting assets from your workspace catalogue and propose new ones where gaps exist.


Existing controls

  • Identify controls — Review your workspace control catalogue and compliance frameworks, then suggest used controls that apply to this new asset. You choose what to keep, adjust implementation levels, and link or remove items.



Risk assessment

  • Identify risks — Analyse linked controls and their level of implementation to identify compliance risks, link to already existing workspace risks, and your risk register to surface new risks. Suggestions are grouped so compliance-related gaps are easy to spot first.



Missing controls and mitigation

  • Identify missing controls — Find controls from your catalogue that should be in place but are not yet linked.


  • Suggest additional controls — After the first pass, ask for further suggestions beyond the initial set.


  • Autocomplete mitigation plan — Draft or refine the mitigation plan from your risk treatment template, linked controls, identified risks, and missing controls.

After AI has run on a step, you can still edit everything manually before creation/linking.

You can also skip risk evaluation on the first screen when it is not needed for a given asset.


On documents

Document content

While editing a document in the simple editor or Markdown editor, use Edit with AI to quickly improve/fill in the content of the document.




You can write custom action, and we provide some shortcut examples such as:

  • Translate (for example, into French)
  • Improve clarity and tone
  • Expand with more detail
  • Summarize
  • Fix grammar and spelling
  • Make shorter

You describe what you want, preview the result, and apply it only when you are satisfied. Nothing is saved until you choose to save the change.

The AI uses the document title, properties, linked tasks, and linked documents as context so rewrites stay relevant to the record you are editing.


Document governance tab

On documents classified as assets, risks, or controls, the Governance tab offers AI-assisted identification of related governance records to facilitate the otherwise manual actions.



Available actions depend on the document type:

Document type

AI can help you identify

Control

Applicable assets · Related risks

Risk

Applicable assets · Missing controls

Asset

Missing controls · Related risks

When you run an identify action, Brainframe proposes matches in a review dialog. You select the items you want, then link existing documents or create new ones. You stay in control — AI suggests; you decide.


In frameworks

Control multi-framework overview (Framework Mapping)

On the multi-framework mapping view, each framework column has an Auto map action.

Use it to suggest links between your existing control documents and that framework’s requirements. Suggestions are grouped by framework category. Review each proposed link, remove any you disagree with, then apply the ones you accept in one step.




This is useful when you manage several standards side by side and want a fast first pass across all of them.


Individual framework page

On a single compliance framework, use the Identify control mappings button in the framework header.

This does the same kind of work for that framework: suggest links between your control documents and that framework’s requirements, lets you review by category, then apply your choices.

Existing links are shown alongside new suggestions so you can see what is already mapped and what AI is proposing to add.


How to work with AI responsibly

  1. Enable AI in workspace settings (administrators only).
  2. Use AI where it saves time — wizards, document editing, governance linking, and framework mapping all work without AI if you prefer full manual control.
  3. Always review before applying — Suggestions are starting points. Check names, rationale, and links before you save, link, or apply mappings.
  4. Keep sensitive work inside Brainframe — Use these built-in co-pilots instead of copying asset, risk, or control text into public AI tools.


Summary

Area

What AI helps with

Workspace settings

Enable/disable AI; choose default confidential AI or a custom provider

Asset wizard

Expand descriptions, supporting assets, controls, risks, missing controls, mitigation plan

Document content

Rewrite, translate, summarize, and improve document body text

Governance tab

Identify and link related assets, risks, and controls

Framework mapping (overview)

Auto-map controls to requirements per framework column

Individual framework

Identify control mappings for one framework

Across all of these, the same principle applies: your GRC data is processed confidentially, you review every suggestion before it becomes part of your workspace, and each interaction is designed to strengthen — not undermine — your compliance posture.

Updated on: 11/06/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!