We hold ourselves to the same standard we set for clients.

Gridex uses automation and AI inside managed operations, including CMMC evidence work. This page explains where those tools may assist, what remains human-controlled, and the data boundary we establish before client work begins.

Where AI enters the work.

Research and synthesis. We use large language models to accelerate research — scanning regulatory filings, summarizing carrier bulletins, identifying patterns across state legislation. The models find information faster. Humans decide what it means.

Content drafting. Articles, guides, and analysis on this site involve AI in the drafting process. Every piece is reviewed, fact-checked, and edited by a human before publication. AI is never the final author.

Client deliverables. AI may help prepare, classify, summarize, and route work. A named person reviews client-facing outputs. Gridex records evidence facts and operating status; it does not issue audit findings, determine CMMC compliance, or replace an assessor.

Compliance data hub. The regulatory data in our compliance hub is human-entered, not AI-generated. Every data point passes through our trust-gated review system: draft, reviewed, verified. AI doesn't get to mark its own homework.

CUI handling is confirmed before the work starts.

The intended service model keeps evidence artifacts and CUI inside client-controlled systems. Gridex works through approved access and maintains only the metadata required to operate the record, such as objective, source, owner, location, date, status, review cadence, and change trigger.

Prospects must not submit CUI, credentials, controlled evidence, or sensitive security details through the public contact form. The production access model, authorized systems, retention, incident responsibilities, and subcontractor boundary are documented before onboarding.

See the full security and CUI boundary for the current service design.

Four commitments we don't compromise on.

  • 01 Human accountability. A person is responsible for every output. AI assists; humans decide. This applies to our published content, client work, and internal processes.
  • 02 Auditability. We can explain how any piece of content or recommendation was produced. If AI was involved, we can show where and how.
  • 03 No model training on client data. Client information is never used to train, fine-tune, or improve AI models. Full stop. We use API-based services with data processing agreements that prohibit training.
  • 04 Disclosure. If you ask us whether AI was involved in something we produced, we'll tell you honestly. We don't disguise AI-assisted work as purely human output.

How our practices map to emerging standards.

EU AI Act. Our client-facing AI deployments follow risk classification principles from the EU AI Act. We apply proportionate governance based on the risk level of each system.

Colorado SB 26-189. As a company that advises on Colorado's AI governance requirements, we apply the same notice, disclosure, and meaningful-human-review obligations to our own automated decision-making.

NIST AI RMF. Our internal AI governance practices align with the NIST AI Risk Management Framework's core functions: Govern, Map, Measure, Manage.

Want to discuss AI governance? Let's talk.

Discuss the workflow