I make things.
@eisler.bsky.social
@eisler
The wild part of building solo with an AI pair isn't that it writes the code. It's that it frees up the hours for the work that actually needs 20 years of judgment: where the trust boundary goes, what must never leave the box, which edge case is the whole product.
Hot take after 20 years in compliance: most of it is a copy-paste problem pretending to be a governance problem.
Controls live in Word. Evidence lives in screenshots. The mapping between a control and what actually proves it lives in someone's head — and walks out the door when they leave.
We built ours OSCAL-native: machine-readable controls, diffable in git, queryable by an agent. Compliance as code, not as PDF.
Gave our GRC platform an MCP server.
An AI agent now queries it directly: which assets sit behind a risk, which controls are overdue, what's open now. No dashboards, no CSV exports.
What mattered to me as a security person: it's strictly tenant-scoped and permission-based. The agent only sees what the user may, and missing rights return an error, not data. AI access to compliance data without a clean permission model is the shortcut I've spent 20 years fighting.
made a thing: https://web.isidaten.com
compliance-plattform für DACH. ISMS, DSMS, BCM, DMS auf einer objektbasis. OSCAL-nativ. zu dritt gestartet.