rae-jax/cie-auditor-final

Overview

rae-jax/cie-auditor-final is a specialized 7B parameter language model, fine-tuned from Mistral 7B Instruct, designed to function as a Senior IT Compliance Auditor. Unlike general-purpose chatbots, its weights have been modified through two distinct training phases to enforce auditor-grade behavior and structured output. It processes security incidents or corporate scenarios and generates comprehensive, board-ready 9-part audit reports.

Key Capabilities

• Specialized Compliance Auditing: Trained on real compliance frameworks including ISO 27001, SOC 2 Type II, GDPR, PCI-DSS, HIPAA, and NIST CSF, enabling it to map security scenarios to relevant regulatory controls.
• Structured Reporting: Always produces a strict 9-part audit report format, including Executive Summary, Controls Violated, Remediation Steps, and Risk Assessment.
• Auditor Persona Enforcement: Utilizes Direct Preference Optimization (DPO) to ensure it flags INSUFFICIENT EVIDENCE when data is missing, escalates critical findings, refuses conversational responses, and maintains a formal tone.
• Real-world Scenario Testing: Demonstrated ability to correctly identify root causes, violated controls, and remediation steps when tested against historical breaches like Capital One (2019), Equifax (2017), and Uber (2022).

Intended Use Cases

• Educational & Research: Ideal for academic purposes, portfolio demonstrations, and research into Constitutional AI and compliance automation.
• GRC Tooling Prototyping: Suitable for developing prototypes of Governance, Risk, and Compliance (GRC) tools and compliance assistants.

Limitations

• This model is not a substitute for certified compliance professionals (CISA, CISSP, CPA). All findings should be reviewed by qualified auditors.