Why We Invested in Comp AI
An Open Source, AI-First Rethink of Compliance
By: Nathan Owen
There’s a well-known recipe for early-stage investing: find a team obsessed with a broken process— solving a problem they’ve lived, not one they’ve spec’d from a Gartner slide.
That’s exactly what we found in the team at Comp AI.
Comp AI is going after a painful, high-stakes, and increasingly urgent problem: compliance automation for engineering teams. Think SOC 2, ISO 27001, HIPAA, GDPR — all the frameworks developers love to ignore until it’s too late.
But here’s what grabbed us: they’re not building yet another Vanta or Drata clone. They’re building a developer-first compliance engine, powered by open-source connectors and LLMs. Less “click to attest,” more “compliance as code.”
We co-led the $2.6M Pre-Seed round alongside OSS Capital, along with a number of notable angels. Here’s why we invested:
Compliance Is Broken — But It Doesn’t Have to Suck
Talk to any early-stage founder going through becoming compliant for SOC 2, ISO2 27001, GDPR, HIPAA, <insert your framework> for the first time, and the story’s the same: screenshots, spreadsheets, Slack threads, late nights, and zero clarity. The process is manual, disjointed, and distracts from what actually matters: building a product. Nearly every one of our portfolio companies has gone through the process of becoming compliant in at least one compliance framework, and to a tee, they tell us it’s an unpleasant process, and whoever is assigned to “QB’ing” the process internally is unhappy.
Drata and Vanta brought much-needed structure to the world of compliance; however, they were designed with the assumption that you have time, budget, and someone, typically with a deep security background, who speaks fluent auditor.
Comp AI flips that model. It’s built for lean teams moving fast — founders who can’t afford to waste a quarter figuring out what “evidence mapping” even means.
This isn’t about tracking controls. It’s about interpreting them, leveraging AI to auto-suggest what’s missing, and generating real, audit-ready outputs. With Comp AI, AI isn’t a feature bolted on; it was designed as the core of the product. The end result? It’s like having a compliance engineer in the terminal with you.
As we diligenced Comp AI, we were seeing (and talking to) solo founders and two-person teams shipping to production, closing enterprise deals, and achieving SOC 2 using Comp AI all without ever hiring a GRC lead. That’s something we hadn’t seen before across our 30+ portfolio companies.
What Comp AI is Building
At its core, Comp AI is an open, AI-first compliance automation engine. Here’s what sets it apart:
- Open Source DNA: Comp is built on a modular OSS-first architecture. Think Terraform meets compliance — embeddable, composable, and environment-agnostic.
- AI Native from Day One: No rigid templates. Comp uses fine-tuned LLMs to read your infrastructure, map policies to frameworks, and generate evidence — all in plain English. It doesn’t just flag gaps, it tells you how to fix them.
Comp AI Compliance Status Overview
This isn’t some hypothetical roadmap; Comp AI is already working with design partners in fintech, healthcare, and infrastructure. Sectors where compliance isn’t optional, and speed is survival.
The Founders
Comp AI is led by Lewis Carhart (CEO), Claudio Fuentes, and Mariano Fuentes — a founding team that met while building AI workflow automation at Leap AI.
Comp AI founding team (left to right) Mariano Fuentes, Lewis Carhart, and Claudio Fuentes
They’ve watched engineers spend entire quarters assembling PDFs and chasing screenshots. They knew there had to be a better way, one where infrastructure could speak for itself, and AI could do the boring stuff.
They’re builders. They’re fast. And they’re deeply focused on giving time back to founding teams.
Why Comp AI is a fit for Grand
At Grand Ventures, we invest in open source, devOps, developer tooling, and infrastructure at the Pre-Seed and Seed stage. We’ve backed commercial open source (COSS) companies like Traceloop, Payload CMS (recently exited to Figma), Tembo, and Astronomer.
Comp AI fits that thesis:
- Open-source native
- Design with AI at its core, not a bolt-on
- Early traction through bottom-up adoption
- Potential to reshape a massive, high-stakes market
Just like Traceloop is rethinking observability with AI-native tools, Comp is rethinking compliance: What if AI could actually do the work?
Not just track it. Not just present it. But handle it so founders / developers can keep shipping.
If you’re a founder navigating compliance (or dreading your first SOC 2, ISO 27001, or GDPR), take a look at Comp AI.
