April 3, 2026
Risky biz, riskier comments
RiskReady-open-source GRC platform with MCP gateway and human-approved mutations
Open-source risk app touts safe AI — first commenter calls it 'vibe coded' and doubts the security
TLDR: RiskReady launched a free, open-source compliance tool that lets AI draft changes but requires human approval. The debut drew fire fast: an early commenter called it “vibe coded” and mocked its security scores, while others eyed the “password123” demo login and debated trusting AI anywhere near compliance data.
RiskReady just dropped an open‑source platform that lets an AI help run your compliance chores — but only with human approval for every change. It connects 254 tools to your company’s risk and policy data, convenes a six‑member “AI Council” to draft reports, and claims penny‑level costs. The repo even ships a demo company and a very meme‑able login. And the community? They immediately went for the jugular.
One early voice set the tone, branding the code “vibe coded in a bad way,” side‑eyeing the decision to use an AI gateway in a risk‑averse field, and calling the readme’s security scores “hilariously wrong.” That single comment lit the fuse for the classic internet split: believers vs. skeptics. Supporters point to the big selling point — nothing changes in the database until a human presses yes — plus no outgoing web calls and strict tool validation. Skeptics counter that slapping scores like “8.9/10 security” on a doc is asking for roasting, and the “Direct” mode’s own 2.3/10 rating doesn’t exactly scream confidence.
Meanwhile, the jokes write themselves. The demo login’s “password123” got the side‑eye emoji treatment, and the “AI Council” quickly earned comparisons to a committee that writes reports about reports. It’s open source, it’s ambitious, and the comments came to play.
Key Points
- •RiskReady Community Edition is an open-source GRC platform integrating 9 MCP servers that expose 254 tools to connect Claude with compliance data.
- •All AI-driven database changes require human approval; no auto-execution for chat, scheduled runs, or autonomous workflows.
- •Three connection modes are offered: Web App, MCP Proxy (recommended for teams), and Direct, each with stated security scores and cost implications.
- •The platform includes GRC modules for risk, controls, policies, incidents, audits, evidence, ITSM, and organisation, plus an AI Agents Council for multi-expert analysis.
- •Security measures include an eight-point audit covering identity/auth, memory, tool trust, blast radius, human checkpoints, output validation, cost controls, and observability; demo data seeds a fictional fintech regulated under DORA and NIS2.