How ariada.ai works

One scan emits evidence for every regulator. One score normalizes across vendors. One CI gate blocks regressions before they merge. One audit trail satisfies EU AI Act Article 50. One contract, one platform, nine modules — each a focused capability that snaps into the engine.

The integrated pipeline

Every ScanEvent emitted by the multi-domain scanner flows downstream to attribution (who wrote it), canonical scoring, and the AI artifact audit (EU AI Act compliance). The regression detector trends violations across deploys; the CI/CD gate blocks non-compliant PRs; the LLM remediation cascade suggests source patches; the backlog optimizer schedules the fix queue under sprint capacity; the visualization module turns the numeric report into stakeholder-comprehensible narrative.

Multi-domain scan ─▶ AI attribution ─▶ Scan visualization
        │                   │
        ▼                   ▼
Canonical scoring    AI artifact audit
(cross-tool score)   (HAES / Art. 50)
        │                   │
        ▼                   ▼
Regression detection   CI/CD gate
(trend + cluster)      (policy DSL)
        │                   │
        └──────────┬─────────┘
                   ▼
        LLM remediation (tiered cascade)
                   │
                   ▼
        Backlog optimizer (MIP + ML)
    

Investor materials — including module-by-module IP-portfolio detail — are at /investors/technology.

Nine modules, one stack

Multi-domain scan

Single scan emits conformance evidence across multiple regulatory domains. Canonical engine: Rust scanner on Hetzner. Output: locked ScanEvent stream over NATS → Node SSE → web/CLI consumers.

  • Domains: WCAG 2.1 AA, WCAG 2.2 AA (Phase 1.5), EN 301 549, EAA, Section 508, ADA II, DOS-lagen.
  • Rules: axe-core 4.11+ + custom Rust rule packs per regulation.
  • Targets: <30s/page; <10min for a 500-page property.

LLM remediation cascade

Source-code patches, not runtime overlay. Cheap-to-expensive cascade with cache + similarity reuse. Framework-aware diffs (React / Vue / Angular / Svelte / HTML).

Tier Engine Coverage Unit cost
0Deterministic rules (alt-text-from-filename, ARIA defaults)~30%$0
1Cerebras / Gemini Flash (context-light)~50%~$0.002/fix
2Claude Sonnet (form labels with copy, semantic landmarks)~15%~$0.02/fix
3Claude Opus (modal focus traps, custom widget ARIA)<5%~$0.20/fix

CI/CD gate with policy DSL

GitHub App webhook on PR open/sync (Phase 1); GitLab CI Phase 1.5; CircleCI / Jenkins via CLI. YAML policy DSL with differential thresholds for AI-authored code (CI/CD gate + AI authorship attribution integration).

version: 1
gate:
  budget:
    critical: 0
    serious: 5
    moderate: 20
  ai_authored_diff:                 # CI/CD gate + AI authorship
    critical: 0
    serious: 2
  domains: [wcag_2_1_aa, eaa_chap_iii]

Cross-tool canonical scoring

Inputs: axe (canonical), Lighthouse, Pa11y, WAVE, Siteimprove API import, Deque DevTools manual import. Per-rule severity normalized to a unified 0-100 score plus WCAG-SC sub-scores. Signed cert per-domain (JSON+PDF, Ed25519, revocable).

Distinguishes from Siteimprove US 11,995,091 (single-tool SEO+a11y+QA): canonical scoring normalizes across N≥2 tools.

AI artifact audit (HAES)

Append-only event ledger: every scan, violation, fix, override, cert issued/revoked. AI artifact registry with provenance (tool, time, approver). EU AI Act Art. 50 transparency record per artifact (model, training-data class, output marker). 7-year retention; tamper-evident hash chain; daily Merkle anchor.

Regression detection

Cross-deploy diff engine; clusters root causes; per-component trend; sprint-level regression summary. Roadmapped to Phase 2 (Q4 2026).

AI authorship attribution

Multi-signal classifier identifies Copilot, Cursor, Claude Code, Windsurf, Devin, CodeWhisperer, Tabnine. Methodology validated against 6.4M code samples / 64 AI models / 13 programming languages / 9 datasets. Production fingerprint engine in Phase 3 (Q1 2027).

Backlog optimizer

Mixed-integer programming + ML warm-start over the violation backlog under sprint capacity, severity, dependency, and budget constraints. arXiv methodology paper queued. Phase 3 SaaS endpoint optional (only if OR/ML co-founder lands).

Scan visualization (Dracula)

Character-themed scanner visualization for stakeholder reports. Same engine as the draculascan.com viral demo. Embedded in dashboard from Phase 2.

MVP Phase 1 (Q3 2026)

Phase 1 launches with six of nine capabilities. C, K, AIAS expansion, and GitLab gate roadmapped to Phase 2 (Q4 2026). G full + F + self-hosted in Phase 3 (Q1 2027).

# Component Marketplace counterpart
1Multi-domain scanner(no standalone)
2Tiered LLM remediationreverter.ai (subset, IDE/MCP)
3CI/CD gate with policy DSLclamper.ai (subset, GH+Vercel)
4Cross-tool canonical scoring(no standalone)
5Executive dashboard(subset reports in standalones)
6Audit trail (HAES — tamper-evident ledger + Art. 50 evidence package)(no standalone)

See pricing → Trust For investors