Intelligence That Reasons Across Security, Compliance, and Operations. Not Just Your Prompts.

Artificer carries full context about where you are and what you are doing. In Rampart reviewing AC-2 (Account Management), the context includes your current organization, system, environment, the control definition with evidence requirements, your implementation status, and every evidence artifact you have linked. You ask "What evidence should I collect for this control?" and Artificer responds from that specific context, not generic guidance. It sees your evidence profile, understands your system categorization and threat profile, and adapts. The same conversation carries state across page transitions. Navigate from a control narrative to the evidence section to upload IAM policy documents; Artificer remembers the conversation and offers to re-draft incorporating the new evidence.

Context is updated on every page load, every action, every state change. In Vanguard reviewing a DAST finding, the context includes the finding severity, affected endpoint, remediation guidance, and which compliance controls are impacted. In Sentinel reviewing a drift event, the context includes what changed, who changed it, which controls are affected, and what remediation would restore posture. In Garrison viewing your infrastructure inventory, the context includes resource configuration, compliance mapping, and scan history. One intelligence layer. Full platform awareness. No context switching between tools.

Narrative generation is the highest-impact operation. Artificer retrieves the control's evidence profile, linked evidence metadata, organizational context (system categorization, threat profile, data classification), and past narratives. It generates a draft from your actual infrastructure: specific components, specific policies, specific evidence artifacts with timestamps. For an Access Control narrative in a CMMC Level 2 assessment, the draft references your identity provider configuration, your role-based access policies, your account provisioning workflows, and your most recent access review evidence. Every narrative references real infrastructure. Proposed, not auto-saved.

Narratives are generated per control family, per framework. The same underlying evidence produces different narratives for CMMC, NIST 800-53, FedRAMP, SOC 2, and ISO 27001 because each framework requires different emphasis and terminology. Artificer handles the translation. Your team reviews, edits where necessary, confirms accuracy, and attests. No narrative is finalized without human confirmation. The platform handles the mechanical 90%. Humans handle the 10% that requires judgment about organizational context, risk acceptance decisions, and implementation nuance.

Artificer cross-references every control against its evidence requirements continuously. It identifies controls where evidence is insufficient (too few artifacts), aging (approaching freshness threshold), or missing entirely. The gap analysis is not a report you run quarterly. It updates in real time as evidence state changes. When you ask "What is blocking my CMMC Level 2 readiness?", Artificer queries the compliance graph and returns a prioritized list: 3 controls with no evidence, 7 with stale evidence, 12 with partial coverage. Each gap links directly to the control and the specific evidence deficit.

Gap detection spans frameworks simultaneously. A single evidence gap might affect controls in CMMC, NIST 800-53, and FedRAMP at the same time. Artificer surfaces the cross-framework impact: "Refreshing your S3 encryption evidence closes gaps in SC-28 across three active frameworks." This prevents organizations from fixing the same gap three times in three separate assessment workflows. One action. Multiple frameworks satisfied. The intelligence layer connects what other tools leave disconnected.

When a control degrades to AT_RISK, Artificer explains why: "SC-28 confidence dropped from 92% to 67% because the S3 encryption evidence expired 3 days ago and the collection connector could not re-collect (credentials rotated, connection failed). Recommended action: update the connector credentials in Sentinel, then trigger manual re-collection." This is not a status message. It is causal reasoning: what changed, what caused it, what controls are affected, and what specific action resolves it.

Posture reasoning works across capabilities. A finding in Vanguard triggers posture impact analysis in Rampart, resource impact analysis in Garrison, and remediation priority in the Citadel action queue. One event, full-platform reasoning. Artificer traces the chain from a DAST finding to the controls it affects, to the frameworks those controls belong to, to the assessment readiness score for each framework. When you ask "What is the impact of this finding?", the answer spans your entire security and compliance posture. Not just the scan result.

Not all findings are equally important. A critical DAST finding in a development environment that is out of scope for your CMMC assessment is less urgent than a medium-severity finding in production that degrades a control your assessor will review next week. Artificer considers: control weight in the active framework, evidence sufficiency impact, assessment timeline proximity, and operational context. It ranks remediation actions by the posture improvement each action delivers, not just raw severity.

The prioritized remediation queue integrates with the Citadel action queue. Each recommendation includes: the affected control, the finding that triggered it, the estimated posture improvement, and a direct link to the remediation context (the Vanguard finding, the Sentinel drift event, the Garrison resource). Your team sees exactly what to fix, why it matters, and how much it moves the score. No ambiguity. No guessing.

Artificer assembles compliance packages that bundle control narratives, evidence summaries, POA&M status, finding remediation history, and assessment metadata into a single deliverable. OSCAL format for FedRAMP 20X automated assessment pipelines. PDF for C3PAOs and auditors who need human-readable review. HTML for interactive exploration. Every document is generated from live platform data at the moment of assembly. If a control narrative is stale, the platform flags it. If evidence has expired since the last package, the platform blocks assembly until freshness is restored.

Package assembly is framework-aware. A CMMC Level 2 package includes SSP narratives organized by practice families, evidence cross-references per practice, and POA&M status. A FedRAMP package includes control implementation descriptions in OSCAL with evidence links and continuous monitoring status. A SOC 2 package includes trust service criteria narratives with evidence mapping. Same underlying data. Different structure per framework. Artificer handles the transformation. Your assessor receives proof from your running systems, not a binder of screenshots.

Beyond compliance, Artificer reasons about operational health. It tracks scan result trends across all Vanguard scans and Outposts: are vulnerabilities increasing or decreasing? Which repositories are improving? Which container images are degrading? It monitors evidence collection health across Sentinel profiles: which connectors are failing? Which evidence sources have gone stale? Which controls are at risk of losing coverage?

Operational intelligence feeds into proactive recommendations. "Your DAST scan coverage dropped 15% this week because 3 Outposts were deleted. 7 controls in your CMMC assessment relied on those scan results for evidence." Or: "Evidence collection for your AWS production account has failed for 48 hours. 23 controls are approaching their freshness threshold. Recommended: check the IAM role credentials for the Sentinel connector." The intelligence layer does not wait for you to ask. It surfaces operational issues that affect your security and compliance posture before they become assessment gaps.

Artificer exposes three tools. Query retrieves information from your data via hybrid search (semantic and keyword). Act modifies state: generates narratives, creates findings, updates control status. Visualize renders charts, dependency trees, coverage heatmaps. You ask "Show me all SC-family controls with non-compliant status." Artificer queries, then visualizes a table with status, evidence sufficiency, and last assessment date. You ask "Draft the SC-28 narrative." Artificer queries evidence, then proposes the narrative via Act. Tools are proposed, never invoked automatically.

Act operations that modify data require explicit confirmation before saving. The result is streamed to the UI, formatted appropriately (table, chart, prose), and you can interact with it (click a control to drill down, export the table, adjust chart filters). There is no hidden automation. There are no background writes. If Artificer proposes a change, you see the full proposal before anything persists. This transparency is not a limitation. It is the design.

Artificer has no "expert mode" vs "beginner mode" toggle. The intelligence layer adapts to detected role and context. A user identified as a Compliance Analyst receives guidance pitched differently than a DevSecOps Engineer. A conversation initiated from the Assessment landing page (broad, exploratory) receives more foundational explanation than a conversation initiated from a specific control (focused, immediate). If the assessment is in DRAFT state (early stage), Artificer emphasizes onboarding and structure. If the assessment is IN_PROGRESS near completion, Artificer emphasizes closure and sign-off readiness.

The adaptation is invisible. You ask the same question in different contexts and receive contextually appropriate responses. Asking "What is AC-2?" at the start of your assessment yields an explanation of account management, why it matters, and how it appears in multiple frameworks. Asking the same question mid-assessment, with AC-2 already partially implemented, yields specific gaps in your implementation and recommended next actions. No branching logic. The intelligence layer reasons about the context and responds accordingly.

Artificer never modifies your data without approval. Narrative generation returns a draft; you review and click "Accept and Save." Finding creation shows a preview with severity, control mapping, and remediation steps; you confirm before it persists. Queries and visualizations are read-only and require no approval. Long-running operations (assess 110 controls in one pass) show a progress bar and allow cancellation. The confirmation UI scales with operation complexity: a narrative shows an "Approve" button; a multi-control remediation plan shows a detailed review panel with side-by-side diff.

No surprise state changes. No hidden automation. The intelligence layer proposes. You decide. This is not a limitation bolted on after the fact. It is the fundamental architecture. Every Act operation is a transaction proposal with preview. Every transaction is logged in the audit trail with the user who confirmed it. Your assessor can trace every generated artifact to the human who approved it, the evidence it was generated from, and the timestamp of confirmation. Full chain of custody. Full accountability.