Case Study // 04
Lyze
AI-Powered IT Audit Platform
Evidence Categories
28
Agent Rounds
6
Frameworks
6+
The Vision
Architectural fluidity meets engineering precision.
Lyze is a full-stack AI-assisted IT audit platform built on three core AI patterns: RAG (Retrieval-Augmented Generation), RLM (Reasoning Language Model via ReAct agent loops), and recursive tool-calling. Evidence and framework documents are chunked, embedded into pgvector, and retrieved via cosine similarity to ground every LLM response in real audit data.
The AI chat assistant uses a ReAct (Reason + Act) agent loop where the LLM autonomously decides what tools to call — search evidence, search frameworks, list controls, get findings — observes results, and recursively repeats up to 6 rounds deep. This powers evidence classification (28 categories), automated finding drafting with IIA 5-element structure, 5×5 risk scoring, gap analysis, and citation-backed report generation.
The platform is a Turborepo monorepo with a Next.js 15 frontend (shadcn/ui) and a FastAPI + SQLAlchemy 2.0 async backend. PostgreSQL 16 with pgvector handles vector similarity search with Row-Level Security for tenant isolation. LLM backends are switchable between AWS Bedrock, Ollama, vLLM, and OpenAI. PII is redacted via Microsoft Presidio with custom IT entity recognizers before any data reaches the vector store.
Core Stack
Engineered for the edge.
FastAPI + SQLAlchemy 2.0
Async Python backend with Pydantic v2 DTOs and background task pipelines.
pgvector + RLS
1536-dim vector embeddings with cosine similarity search and Row-Level Security tenant isolation.
ReAct Agent Loop
LLM reasons, calls tools, observes results, and recurses up to 6 rounds for grounded answers.
Next.js 15 + shadcn/ui
App Router frontend with streaming SSE chat, phase-aware dashboards, and XLSX/PDF exports.
System Architecture
Key Capabilities
RAG Evidence Pipeline
Upload → Parse (Unstructured.io) → Chunk (512 tokens) → Redact PII (Presidio) → Embed → pgvector. AI classifies into 28 audit categories and auto-links to framework controls — automating hours of manual evidence sorting.
ReAct Agent Chat Assistant
Phase-aware system prompts adapt to Planning, Fieldwork, Reporting, or Published. The agent autonomously chains tool calls with citation-backed responses — giving auditors instant, evidence-grounded answers instead of manual document searches.
Audit Lifecycle Automation
AI-drafted findings with IIA 5-element structure, 5×5 risk scoring with auditor overrides, gap analysis, and PDF/HTML/XLSX report generation — compressing weeks of manual reporting into minutes.