# Marcus Reyes, Director of Risk and AI Governance at Centrix Community Bank — read of llm-safety-audit-platform, June 7, 2026

> 13 years in financial compliance, last 18 months trying to put a governance wrapper around the LLM our loan ops team insisted on deploying before I could stop them.

## How I got here

I Googled "LLM compliance audit tool GDPR AI Act" on a Tuesday morning with 20 minutes before a steering committee call. Our legal team told me to "figure out the audit story" before the next board meeting and I needed to know what tools actually exist. This page came up on page two, below a Gartner preview and a bunch of consultancy blogs. I clicked because the title matched exactly what I typed.

## What I clicked first

The hero pulled me in. "Audit Your LLMs for Safety, Bias, and Compliance Risk" is just what I need to solve. I hit "View Demo" immediately. Nothing happened. Not broken -- I think it's a form or scroll anchor? I'm not sure. I scrolled down instead.

The procurement table caught my eye next: "SOC 2 Type II Certified," "SSO / SAML / SCIM Included," "Dedicated CSM." That is the exact checklist our IT security team hands me for any new vendor. I took a screenshot. Then I kept reading.

## Where I paused

Right here: "Honest disclosure: we don't have live customers on this idea yet."

I read that three times. I had been reading this as a real product for maybe 90 seconds. The whole top half of the page is dressed like a Series A SaaS company. There is a procurement readiness table. There is a SOC 2 badge. Then this.

"We shipped the strategy package; you ship the customer conversations."

So the SOC 2 is... for Wishdeal itself? For the idea? I genuinely do not know. The page never explains what is real and what is aspirational. That is a real problem when the buyer is a compliance officer at a bank who has regulators asking him to document his tooling choices.

## What I distrusted

The capability section: "Identify demographic and representational bias in model outputs across protected attributes." Okay. How? What does that look like in practice? Does it test the model with adversarial prompts? Does it analyze outputs statistically over time? Does it require access to my model weights or just the API? I have no idea. Same four bullets, zero mechanics.

"Verify alignment with GDPR, AI Act, SOC 2, and internal governance standards." The AI Act has something like 400 pages of obligations depending on risk tier. Which ones? High-risk system requirements? Transparency obligations? Or just "we checked a box?"

The Fermi math is either admirably honest or a red flag I cannot interpret: "$-55,640 Year-1 take-home" and "1 in 10 Meaningful-success odds." That math is for the person BUILDING this product, not for me. I am not building a product. I needed a vendor.

## What would convince me

A single 4-minute video showing an actual audit run against a real model output. Not a marketing demo with fake data. Show me: upload a prompt log, here is what the tool flagged, here is the compliance report it generated, here is the citation to the AI Act article it mapped to. That is it. That would get me to reply same day.

Alternatively: one reference from someone in financial services or healthcare who actually ran this in production and can say "this is what our auditors accepted." Not a logo wall. A name, a title, a quote with a date on it.

## What I'd ask in an email reply

1. When you say "SOC 2 Type II Certified," is that certification for the audit platform itself or for Wishdeal Studio as the vendor? Because those are very different things when my CISO asks.

2. Does the platform require access to my model weights, training data, or just inference API access? We have a private deployment on Azure and I cannot send model internals to a third party without legal sign-off.

3. The page says "no live customers on this idea yet" but also has a pricing page and a "Start Auditing" CTA. Is there a working product I can trial or is this pre-product? I need to know which meeting this belongs in.

## Verdict: on-the-fence

The problem this claims to solve is 100% real and I would pay for a good solution. But the page does not know if it is selling me a product or selling someone else the idea for a product, and that confusion costs it my trust at exactly the moment I needed to feel confident forwarding a vendor link to our CISO.

---
*Memo by skeptic persona, generated 2026-06-07. Studio breaks own self-grading loop.*
