Getting the Most Out of Ask AI

What Ask AI Is

Ask AI is ClearPath's built-in compliance assistant. It's not a general-purpose chatbot -- it has two things a generic AI doesn't:

  1. Your compliance program context -- It knows your active frameworks, your accepted controls, your policy language, your vendors, your team size, and where you are in your Journey.
  2. Authoritative source material -- It references actual framework documentation (AICPA TSC, ISO 27001 Annex A, NIST CSF, PCI DSS), not approximations.

This combination lets it answer questions that no generic AI tool can.

How to Open Ask AI

Click the sparkle icon at the bottom of the left sidebar. The Ask AI panel slides open on the right side of the screen (380px wide) and stays visible as you navigate between pages.

Ask AI panel showing GRC Policies context chip, a user question about policy prioritization, and AI response recommending Information Security Policy and Access Control Policy

What It Opens With

Ask AI greets you with context-aware suggested questions based on where you are in the app. The greeting message adapts to each page:

  • Control detail page: "I can help you understand this control, what evidence you'll need, and how to implement it for your team."
  • Policies page: "I can help with policy language, explain what auditors look for, or suggest how to approach specific sections."
  • Risk Register: "I can help assess risk ratings, suggest mitigating controls, or explain how risks map to your framework requirements."
  • Vendors: "I can help evaluate vendor risk, explain what due diligence auditors expect, or guide you through vendor assessments."

Click any suggestion to send it instantly, or type your own question.

Example Questions to Ask

On a specific control:

  • "What evidence does an auditor expect for CC6.1?"
  • "We use AWS IAM -- how do I satisfy access provisioning requirements?"
  • "Is this control applicable to a fully remote team?"

On your program overall:

  • "Are we ready for a SOC 2 Type I audit?"
  • "What are the most common audit failures for companies our size?"
  • "We just hired our first employee -- what do I need to update?"

On policies:

  • "What should our Incident Response Policy say about notification timelines?"
  • "Give me example language for our data retention section."

What Ask AI Won't Do

  • It won't pull evidence from your systems automatically
  • It won't make compliance decisions for you
  • It won't guarantee audit outcomes

This is intentional. Evidence you collect yourself is evidence auditors trust. Ask AI tells you exactly what to get and where to find it -- the collection stays with you.

Conversation History

Your conversation persists within a session as you navigate between pages. The context updates automatically -- if you move from the Risk Register to a control page, Ask AI knows where you are.