How ariada.ai works
One scan emits evidence for every regulator. One score normalizes
across vendors. One CI gate blocks regressions before they merge.
One audit trail satisfies EU AI Act Article 50. One contract,
one platform, nine modules — each a focused capability that
snaps into the engine.
The integrated pipeline
Every ScanEvent emitted by the multi-domain scanner flows
downstream to attribution (who wrote it), canonical scoring, and the
AI artifact audit (EU AI Act compliance). The regression detector trends
violations across deploys; the CI/CD gate blocks non-compliant PRs; the
LLM remediation cascade suggests source patches; the backlog optimizer
schedules the fix queue under sprint capacity; the visualization module
turns the numeric report into stakeholder-comprehensible narrative.
Multi-domain scan ─▶ AI attribution ─▶ Scan visualization
│ │
▼ ▼
Canonical scoring AI artifact audit
(cross-tool score) (HAES / Art. 50)
│ │
▼ ▼
Regression detection CI/CD gate
(trend + cluster) (policy DSL)
│ │
└──────────┬─────────┘
▼
LLM remediation (tiered cascade)
│
▼
Backlog optimizer (MIP + ML)
Investor materials — including module-by-module IP-portfolio
detail — are at /investors/technology.
Nine modules, one stack
Multi-domain scan
Single scan emits conformance evidence across multiple
regulatory domains. Canonical engine: Rust scanner on Hetzner.
Output: locked ScanEvent stream over NATS →
Node SSE → web/CLI consumers.
- Domains: WCAG 2.1 AA, WCAG 2.2 AA (Phase 1.5), EN 301 549, EAA, Section 508, ADA II, DOS-lagen.
- Rules: axe-core 4.11+ + custom Rust rule packs per regulation.
- Targets: <30s/page; <10min for a 500-page property.
LLM remediation cascade
Source-code patches, not runtime overlay. Cheap-to-expensive
cascade with cache + similarity reuse. Framework-aware diffs
(React / Vue / Angular / Svelte / HTML).
| Tier | Engine | Coverage | Unit cost |
| 0 | Deterministic rules (alt-text-from-filename, ARIA defaults) | ~30% | $0 |
| 1 | Cerebras / Gemini Flash (context-light) | ~50% | ~$0.002/fix |
| 2 | Claude Sonnet (form labels with copy, semantic landmarks) | ~15% | ~$0.02/fix |
| 3 | Claude Opus (modal focus traps, custom widget ARIA) | <5% | ~$0.20/fix |
CI/CD gate with policy DSL
GitHub App webhook on PR open/sync (Phase 1); GitLab CI Phase 1.5;
CircleCI / Jenkins via CLI. YAML policy DSL with
differential thresholds for AI-authored code
(CI/CD gate + AI authorship attribution integration).
version: 1
gate:
budget:
critical: 0
serious: 5
moderate: 20
ai_authored_diff: # CI/CD gate + AI authorship
critical: 0
serious: 2
domains: [wcag_2_1_aa, eaa_chap_iii]
Cross-tool canonical scoring
Inputs: axe (canonical), Lighthouse, Pa11y, WAVE, Siteimprove
API import, Deque DevTools manual import. Per-rule severity
normalized to a unified 0-100 score plus WCAG-SC sub-scores.
Signed cert per-domain (JSON+PDF, Ed25519, revocable).
Distinguishes from Siteimprove US 11,995,091 (single-tool
SEO+a11y+QA): canonical scoring normalizes across N≥2 tools.
AI artifact audit (HAES)
Append-only event ledger: every scan, violation, fix, override,
cert issued/revoked. AI artifact registry with provenance
(tool, time, approver). EU AI Act Art. 50 transparency
record per artifact (model, training-data class, output marker).
7-year retention; tamper-evident hash chain; daily Merkle anchor.
Regression detection
Cross-deploy diff engine; clusters root causes; per-component
trend; sprint-level regression summary. Roadmapped to
Phase 2 (Q4 2026).
AI authorship attribution
Multi-signal classifier identifies Copilot, Cursor, Claude Code,
Windsurf, Devin, CodeWhisperer, Tabnine. Methodology validated
against 6.4M code samples / 64 AI models / 13 programming
languages / 9 datasets. Production
fingerprint engine in Phase 3 (Q1 2027).
Backlog optimizer
Mixed-integer programming + ML warm-start over the violation
backlog under sprint capacity, severity, dependency, and budget
constraints. arXiv methodology paper queued. Phase 3 SaaS
endpoint optional (only if OR/ML co-founder lands).
Scan visualization (Dracula)
Character-themed scanner visualization for stakeholder reports.
Same engine as the draculascan.com
viral demo. Embedded in dashboard from Phase 2.
MVP Phase 1 (Q3 2026)
Phase 1 launches with six of nine capabilities. C, K, AIAS
expansion, and GitLab gate roadmapped to Phase 2 (Q4 2026).
G full + F + self-hosted in Phase 3 (Q1 2027).
| # | Component | Marketplace counterpart |
| 1 | Multi-domain scanner | (no standalone) |
| 2 | Tiered LLM remediation | reverter.ai (subset, IDE/MCP) |
| 3 | CI/CD gate with policy DSL | clamper.ai (subset, GH+Vercel) |
| 4 | Cross-tool canonical scoring | (no standalone) |
| 5 | Executive dashboard | (subset reports in standalones) |
| 6 | Audit trail (HAES — tamper-evident ledger + Art. 50 evidence package) | (no standalone) |
See pricing → Trust For investors