CATAAM Becomes the First GRC and Security Platform to Adopt Google’s Open Knowledge Format

CATAAM today announced the OKF Context Engine, becoming the first governance, risk and compliance (GRC) and security platform to adopt Google Cloud’s Open Knowledge Format (OKF). The add-on exports an organization’s entire compliance program as an open, portable, machine-readable bundle that AI agents and auditors can consume directly — without locking that data inside CATAAM.

OKF, published by Google Cloud in June 2026, is an open, vendor-neutral standard that represents knowledge as graph-linked Markdown files with YAML frontmatter — a format AI agents read natively, with no proprietary SDK or runtime required.

What the OKF Context Engine does

When an asset is discovered, a compliance test runs, or an internal attack-surface (iASM) finding is logged, CATAAM compiles the affected slice of the compliance graph — framework requirements, controls, discovered cloud assets, automated tests and findings — into a signed OKF bundle. Organizations choose how it is delivered: continuously synced to their own private Git repository, or downloaded as a signed, point-in-time export. The format is open and the customer owns the output.

Every export is cryptographically signed, so a third-party auditor can verify a bundle offline — turning audit hand-off from a spreadsheet scramble into a verifiable repository of compliance history.

Built for the age of AI agents

Paired with CATAAM’s Claude connector — built on the Model Context Protocol (MCP) and published as cataam-mcp-server — teams can ask compliance questions in plain English and get answers grounded in their real, current controls and evidence, with far less effort than navigating dashboards.

“Compliance platforms have always locked your data inside their own walls. OKF lets us tear those walls down. Your compliance program becomes portable and AI-native — ready for Claude, for your auditors, for any tool you choose — and that neutralizes the single biggest objection risk-averse CISOs have about SaaS: lock-in.”

Availability

The OKF Context Engine is available now to CATAAM enterprise customers under Settings → AI Context Export (OKF). It operates as a one-way compilation layer with no change to CATAAM’s core platform. Details and a short overview video are available at https://cataam.com/okf.

About CATAAM — CATAAM is an all-in-one GRC and security platform that unifies automated compliance (SOC 2, ISO 27001, HIPAA, PCI-DSS), internal and external attack-surface management (iASM/ASM), and breach-and-attack simulation (BAS) in a single product. Learn more at https://cataam.com.