Magpie is the AI governance and observability platform built for regulated financial institutions. Self-hosted. Audit-ready.
DIFC Regulation 10 compliant from day one.
Trusted by DIFC-licensed fintechs and financial institutions in the UAE
DIFC Regulation 10 is in force. CBUAE model risk guidance is binding. The DFSA is actively examining how firms govern their AI systems.
Most financial institutions are deploying AI in credit, fraud, compliance, and customer service — and managing governance in spreadsheets, shared drives, and email threads. That is not a sustainable position when an examiner arrives.
You cannot produce a list of every AI system in production, the decisions it makes, or who approved it.
Models went live without a structured risk assessment. There is no documented evidence that someone reviewed the risks before the model touched customers.
You cannot reconstruct what data a model received, what decision it made, or whether a human reviewed it — for any given customer, on any given date.
Magpie solves all three. On-premises, within your infrastructure, with no customer data leaving your environment.
Eight modules — built specifically for regulated AI in DIFC and UAE financial services. Not just observability after something goes wrong; control before and during the decision.
Every AI model your firm runs — in one place. Credit scoring, fraud, KYC, customer service, compliance. Risk tier, version history, ownership, and approval status. Answer the DFSA in thirty seconds.
Templated assessment workflow every model completes before it goes live. Multi-party signed off, exported as a tamper-evident PDF.
Lightweight in-process SDK that enforces governance policies in the hot path. PII redaction, confidence routing, residency assertions — under 10ms.
A self-hosted small language model evaluates outputs against your declared policies — at scale, without a single record leaving your environment.
Cryptographically chained record of every model decision. Hash-anchored, RFC 3161 timestamped, exportable in one click.
Every reviewer, decision, rationale, and time-to-decide. Override rates surface automatically — before your regulator finds them.
Plain-language feature views for compliance officers, not data scientists. See which features drove a decision and by how much.
One-click board report pack: inventory, assessment status, overrides, incidents, upcoming reviews. The artifact your CRO needs.
Not a SaaS platform that ingests your customer data. One pip install. One docker pull. Full governance in production within a day.
Inference runs where it always has — inside your stack.
Enforcement agent runs in-process. Wraps inference calls, enforces policy in the hot path.
Single Docker container in your environment. Stores events in your database with object-lock enabled.
Raw decision data, feature vectors, audit chain — all in your infrastructure, permanently.
Compliance team works on metadata, aggregates, and schemas only. No raw data ever traverses.
Passive observability is necessary. It is not sufficient. Knowing that a model sent a customer's Emirates ID to an external API is useful — knowing it before it happens is better.
Magpie's enforcement agent evaluates every input before your model sees it and every output before your application acts on it. PII detection, confidence thresholds, output consistency, volume anomaly, residency — in real time, sub-10ms, in your infrastructure.
{
"model": "kyc-classifier-v3.0",
"input": {
"emirates_id": "784-1991-3340721-2",
"iban": "AE070331…"
}
}{
"model": "kyc-classifier-v3.0",
"input": {
"emirates_id": "[PII:EID]",
"iban": "[PII:IBAN]"
},
"_magpie": {
"policy": "uae_pii_v2",
"logged": "sha256:9f4a…b21c",
"latency": "4.2ms"
}
}You define the policies. Magpie enforces them. Every action is logged, timestamped, and auditable.
Magpie's audit log is cryptographically chained. Every event is hashed with the hash of the event before it. If any record is modified or deleted — by anyone, including your infrastructure team — verification fails and your compliance officer is alerted.
When a DFSA examiner asks you to produce decision history for a specific customer on a specific date, you produce it. And you can prove it has not been touched.
Your credit and fraud data cannot go there. Magpie runs inside your infrastructure.
Generic tools have no concept of templated workflows, multi-party attestation, or regulatory audit export.
They do not know what DIFC Regulation 10 requires. They do not know what a UAE IBAN looks like.
All plans are self-hosted. Annual contracts. Implementation support included. Your data never leaves your infrastructure.
For teams validating Magpie against a single model in a staging environment.
For firms with multiple production models and active compliance obligations.
For institutions with complex model estates, custom policy or multi-entity deployments.
Magpie can be deployed in your staging environment within a day. Your first model inventory takes an hour. Your first risk assessment takes an afternoon. The firms that will be ready are the ones who start before the examination is announced.