AI COMPLIANCE
PRODUCTIV | 2026
Senior product designer in charge of end-to-end visual and UX design, research, and prototyping, while collaborating cross-functionally with PM, Engineering, Customer Success, and InfoSec.
MY ROLE
The entire design lifecycle encompassing discovery, information architecture, cross-functional iteration, prototyping, and UI finalization was completed within 1 month.
TIMELINE
LACK OF AI RISK VISIBILITY STIFLED AI REVIEW ADOPTION
Users didn’t know what a “good” vs “bad” configuration looked like based on the pre-filled AI answers. They knew which fields to look at, but they didn’t know how to evaluate them or what steps to take next to remediate a risk, resulting in only 5% of completed reviews containing any data updates.
Customers lacked urgency because risk wasn’t highlighted. It wasn’t clear why they should be conducting reviews immediately, leading to only 3% of active customers saving reviews.
THE PROBLEM
A STRATEGIC, PLATFORM-WIDE COMPLIANCE SYSTEM
To drive urgency and eliminate the manual effort of risk evaluation, the AI review workflow was transformed into a structured, risk-aware review experience. By translating security fields into 1:1 compliance controls, the platform highlights high-risk applications throughout the product, giving customers a clear picture of their portfolio’s vulnerability and a prioritized queue for AI reviews and remediation.
THE SOLUTION
WITHOUT CLEAR COMPLIANCE CONTEXT AND RISK CALLOUTS, USERS LACKED URGENCY AND GUIDANCE NEEDED TO COMPLETE REVIEWS
A structured approach was taken to uncover user friction, align with industry security standards, and deliver a streamlined, high-impact solution.
Analyzed usage metrics and gathered cross-functional feedback to pinpoint the cause of low feature adoption and understand security compliance workflows. To ensure our approach aligned with industry standards, I also researched competitive security applications and collaborated with our Head of InfoSec to ground our workflows in true compliance terminology and mental models.
Translated research insights into initial design concepts aimed at bringing risk visibility directly into the product.
-
Policy Exploration: Explored an initial concept around “AI Policies” to automatically extract security controls from uploaded files.
-
Granular UI Explorations: Tested layout variations for surfacing compliance data at both the application and individual field levels.
-
System Logic: Defined the high-level user flow and established a 1:1 relationship between controls and AI review fields to keep the architecture extensible.
-
Presented concepts to product and engineering stakeholders to evaluate technical feasibility. Product management validated the overall design direction while introducing critical constraints around reducing launch scope and ensuring the review UI remained clean and uncluttered.
Refined the designs based on stakeholder feedback to streamline the initial release.
-
Feature Descoping: Postponed the policy upload concept, focusing strictly on control mapping since surfacing the controls themselves and the associated compliance was the highest priority for the initial launch.
-
UI Streamlining: Highlighted non-compliant fields in a dedicated compliance section in the review and utilized the existing insights panel to display granular details without adding visual clutter.
-
PROCESS
EMBEDDING COMPLIANCE INTO EXISTING WORKFLOWS
I began by translating my research insights into exploratory designs focused on bringing compliance and risk visibility directly into the platform. My early concepts centered on a policy upload feature that automated control extraction from uploaded documents, and I explored various layout iterations to test how we could best surface this data at both the application and individual field levels.
IDEATION
SURFACING RISK AND COMPLIANCE TO PRIORITIZE AI REVIEWS
The final solution transforms the review experience by adding clear compliance callouts and risk indicators directly into the existing platform.
-
Flexible Control Mapping: Compliance controls are mapped 1:1 to the AI review fields and come pre-configured with industry-standard defaults, allowing users to adopt best practices immediately while retraining the flexibility to customize rules to their exact AI policies.
-
Clear Risk Boundaries: Non-compliant fields are isolated within a dedicated section on the review page, visually breaking down high-risk vs low-risk answers without adding noise to the core UI.
-
Contextual Security Insights: Detailed context is tucked into the existing insights panel, allowing active reviewers to quickly understand the exact security risk and remediation steps required.
-
Prioritized Portfolio Pipeline: For the broader portfolio and dashboard view, a clear prioritization framework replaces the flat list of applications, giving inactive users the necessary urgency to recognize portfolio risk and know exactly which reviews to tackle first.
FINAL DESIGNS
SURFACING NON-COMPLIANT FIELDS & HIGH-RISK APPS UNLOCKED CUSTOMER CONFIDENCE, REINFORCING THE IMPORTANCE OF AI REVIEWS
DELIVERED A 19% ACV INCREASE WITHIN ONE MONTH
The new AI compliance experience drove immediate results, contributing to a 19% increase in ACV. Feedback from Sales and CS confirmed that highlighting risk and compliance resonated well with customers, giving them the clarity they needed to prioritize and conduct their AI reviews.
This project demonstrated that no matter how complex the underlying architecture or workflow is, our priority must be simplifying it into an intuitive experience. By absorbing that domain complexity behind the scenes, we can deliver immediate value and allow users to confidently navigate the product without facing a steep learning curve.
Moving forward, our next steps are to monitor usage and iterate directly on user feedback. We plan to look into allowing users to override the compliance status & reasoning, note exceptions, as well as revisiting the policy upload concept to automate control extractions based on a customer’s AI policy.