How Hirundo Closes the SR 11-7 Compliance Gap
Financial officials warned this month that the latest AI models are creating new vulnerabilities for the banking sector. For financial services, the pressure is immediate. AI adoption has accelerated faster than governance has been able to keep pace. The consequences are real: security and privacy violations have driven billion-dollar enforcement actions, and institutions without a defensible compliance process are exposed.
Detecting risks is not enough - enterprises need a clear path to mitigate them. Hirundo is an enterprise LLM unlearning platform that removes unwanted model behaviors and sensitive data to ensure safer model development. Hirundo's features and architecture follow directly SR 11-7's three pillars: model development, validation, and governance.
The Current Landscape: Fragmented Tools That Stop Short
Current AI security and governance tooling exists - but it stops short of solving the underlying problem. Across evaluation platforms, red teaming, and guardrails, the common thread is the same: tools that identify or contain risk without removing it.
- Evaluation platforms offer mechanisms to assess model performance - benchmarks and scoring. This is a necessary starting point, but assessment alone is not remediation. Knowing that a model exhibits bias, leaks sensitive data, or is susceptible to prompt injection does not fix it.
- Red Teaming is the act of adversarial testing, not a remediation. It surfaces what the model can be made to do - from prompt injection, jailbreaks, data leakage paths and produces a report. This approach pinpoints vulnerabilities but doesn't fix them.
- Guardrails operate at the perimeter level, not the model itself. They intercept known patterns but the underlying behavior remains in the weights. Guardrails also introduce a maintenance burden: every new attack vector requires a new rule, and the rule set diverges from the model's actual capability over time.
None of these tools provide a holistic view: Evaluate, Remediate, and Govern in one connected workflow.
Hirundo: Evaluation, Remediation, and Governance in One Platform
Hirundo is built specifically for this gap. It is the only platform that combines evaluation, targeted model editing, and a complete compliance record into a single workflow - a full remediation process, from evaluation to unlearned model, takes under an hour.
The process begins with detection. Hirundo's evaluation module assesses the base model against a benchmark suite covering bias, security, with support for custom datasets. Organizations can bring their own custom datasets to ensure the evaluation reflects their specific portfolio and use case - establishing a documented baseline of what needs to be fixed and why.
From there, Hirundo moves directly into remediation. Users initiate an unlearning run - either behavior unlearning, which removes targeted unwanted behaviors such as bias or prompt injection susceptibility, or data unlearning, which removes the influence of specific sensitive or proprietary training data.
Critically, removing unwanted behavior is not sufficient on its own. The goal is to preserve the model's capabilities. Hirundo ensures utility degradation of up to 1%, giving organizations confidence that the remediated model remains accurate, capable of reasoning, and fit for its domain-specific use case. In addition, an aggressiveness knob gives users explicit control over the intensity of the unlearning, governing the tradeoff between behavior removal and utility preservation to ensure the model remains fully intact.
Once unlearning is completed, to verify results, Hirundo generates a before/after benchmark report for every run — across bias, security, and utility — giving teams the evidence needed to assess the impact of each remediation action.
Governance is built into every run. Configuration snapshots are immutable once initiated, capturing the base model, unlearning type, and target behavior. Every action is logged automatically: user, model, configuration, and timestamp. All remediation is delivered exclusively as a LoRA adapter - a separate artifact applied on top of the base model. Users can choose to deploy either the LoRA adapter or the base model at any time. The base model is never modified - it remains fully intact and available for independent re-validation whenever needed.
Hirundo Features Mapped to SR 11-7 Framework
Summary: Hirundo is Built for Regulated Environments
Financial institutions deploying LLMs are required to meet model risk management standards - covering development, validation, and governance. Meeting those requirements demands a remediation process.
Hirundo is the only platform that covers the full lifecycle in one workflow. It detects risks through rigorous evaluation, removes them through targeted unlearning with guaranteed utility preservation, and produces the audit trail, configuration records, and benchmark evidence in a single, auditable workflow.
