Kovr.Ai CEO: Automating Compliancy Can Be Reduced From ‘Two Years To 15 Minutes’

Kovr.ai made its public debut as an AI-powered solution to help midmarket organizations streamline their required government compliance processes.

(Andrew Black, Kovr.ai co-founder and CEO)

Kovr.ai, a startup offering an AI-powered platform to help organizations automate compliance regulations like FedRAMP and CMMC [Cybersecurity Maturity Model Certification], officially launched Wednesday.

Deeming itself a “compliance copilot,” in a news release, Kovr.ai enables “organizations in highly regulated industries to quickly adapt to evolving regulatory frameworks and achieve Authorization to Operate [ATO] readiness in minutes.”

The startup also announced a $3.6 million seed funding round led by IronGate and Xfund with participation from Hack Factory, OODA Ventures, and McLean Capital, the startup said.

The funding will be used to expand the company’s go-to-market, AI engineering, and product development teams, Kovr.ai said.

MES Computing spoke with Kovr.ai CEO Andrew Black on how the company’s compliance automation works. Black is a former lead for emerging tech at Amazon Web Services, in addition to previously holding other tech executive and venture capital positions.

He spoke about the inception of Kovr.ai.

“My co-founder, Sri Ayer and I, we left Amazon back in the fall, decided to start Kovr and what really got us excited was we had been running the emerging tech business at Amazon Web Services focused mostly on the government customers,” Black told MES Computing.

Despite coming from a vast enterprise like AWS, Black said that he and Ayer are “really excited about helping AI technology innovators” and small-to-midsized companies.

“We're really excited about contributing to the government mission to get there faster, to get through the procurement, the funding, but in our case, the cloud and security challenges that they would need in order to get in. And we saw this opportunity emerge, and what went unaddressed. And so we created the company,” he added.

Black also dove deeper into how Kovr.ai automates compliancy.

To build safe software and reduce risk management when seeking compliancy, “you got to do a lot of stuff,” Black said. “In some cases, hundreds and hundreds of controls have to be implemented – everything from authentication to zero trust ... bill of materials, all the way to training employees and making sure that employees are brought into the company and exit the company in the appropriate ways.”

He said the process for doing all the above has mostly been manual. “You have to do the thing and then document that you did it and then have someone audit your work to make sure it was done properly. It’s tedious. It’s two years, two million bucks to get something deployed ... and a lot of that work happens in spreadsheets.”

With Kovr.ai, Black says the company has “reimagined” the process of helping organizations automate compliancy processes.

“We use large language models that can automatically understand your code, your security posture, your training environment, your policies and procedures and then provide the evidentiary basis to your auditors or customers so that they can see that you build everything safely and securely,” he said.

Black said that with Kovr, the process of automating compliancy can be reduced from “two years to 15 minutes,” with AI.

Kovr’s solution is for any industry that uses NIST 853-based controls, Black said, and the company is looking to branch out into covering other standards, including health care and financial compliance regulations.

For midmarket organizations doing business with the federal government or having to deal with CMCC, Black said they typically have to pay for system accreditation.

A benefit of Kovr for midsized organizations is “we can save them hundreds of thousands of dollars,” on compliance programs, Black said.

Ease of use is another advantage Black said that can benefit midmarket organizations.

“We have actually engineered this so that all the complexity of the work with the art of the AI models, it happens in the back end, so the front end, the user, it's literally drag and drop your files into a zone, or connect in your corporate data repositories, and then it's a simple, form-based user interface. So anybody who's ever used software can use our system and use it very effectively,” he said.