Labs Support
EN SV
AI in AmpliFlow

Zero AI, writing help, or an AI colleague. You choose.

Some teams want AI to draft text, review risk registers, and work through tasks while they do something else. Other teams cannot use AI at all. AmpliFlow supports both, and everything in between.

Book a demo See the three modes

Three ways to use AI in AmpliFlow

We run without AI

Your security policy does not allow AI, or you simply do not want to use it. AmpliFlow works fully without AI. No data is sent to any AI model.

Read more ↓

Can AI help me write?

You click "Generate" in the form. AI suggests text. You review, edit, and save. Works in ISO controls, risk analysis, competencies, and positions.

Read more ↓

Can AI be my colleague?

You set a goal: "Review the risk register against NIS2." The AI agent plans, reads, creates records, and reports back. You review the result.

Read more ↓

Small or publicly traded. Recruitment or concrete industry. AmpliFlow is for everyone.

1. No AI 2. Writing help 3. AI colleague

"We run without AI"

Your security policy prohibits AI. Your industry demands full control over all data. Or you simply do not want to use it. AmpliFlow works fully without AI. This is not a downgraded version.

Who chooses this

Organizations with strict information security requirements, regulated industries (finance, defense, government), and teams making a deliberate decision not to use AI in their management system.

How it works

Turn off the AI feature with one button press. It disappears everywhere in the interface instantly. No data is sent to any AI model. All features (risks, deviations, controls, projects, goals, checklists) work exactly as normal.

Benefits

  • No data leaves your system to AI providers
  • No dependency on third-party services for core functionality
  • Meets the strictest security policies
  • You can enable AI later without switching systems

Trade-offs

  • Text generation takes longer manually
  • Batch-generating controls (e.g. 93 for ISO 27001) requires manual work per control
1. No AI 2. Writing help 3. AI colleague

"Can AI help me write this?"

You see a "Generate" button in the form. You click. AI suggests text based on context: the control name, the risk title, your company information. You review, edit if needed, and save. Nothing is written to the system without you pressing save.

AI-generated documentation for ISO 27001 control 5.1 in AmpliFlow: requirement explanation and internal description filled by AI.

Who chooses this

Quality managers writing competency descriptions and drafting risk analyses. IT managers who need to map current state, describe implementation, identify tools, and document measures for 93 controls in ISO 27001. Anyone with an empty text field who knows what they want to say but needs help articulating it.

Example: Generate ISO 27001 controls

You open the ISO Controls module. Select "A.8.9 Configuration management". Click "Generate". The AI suggests a requirement explanation, internal implementation description, SoA text, in-depth information, and tool recommendation, all based on the control context and your company information. You edit and save. Or batch-generate all 93 controls in the standard at once.

Examples of modules with AI support

ISO Controls (SoA)

Five fields per control. Batch-generate the entire standard. ISO 27001 and ISO 42001 built in.

Risk Analysis (ORA)

Scenarios, consequences, and risk reduction measures with ISO 9001/14001/45001 context.

Competencies

Generate and improve descriptions. Swedish or English.

Positions

Responsibilities, authorities, and expected behavior. Structured and editable.

Benefits

  • Speeds up writing in text-heavy modules
  • Consistent format and quality across descriptions
  • Batch-generate 93 controls instead of writing one at a time
  • You always review before anything is saved

Trade-offs

  • Data in the current field is sent to the AI provider. You are accepting that some data leaves your system
  • AI can be wrong. Always review output before saving, especially in risk analyses and control descriptions
Book a demo
1. No AI 2. Writing help 3. AI colleague

"Can AI be my colleague?"

You describe a goal. The agent plans the steps, runs them, and reports back. This is not a text suggestion to review - it is work that has been done. You check the result.

3.1 Direct with an agent

You sit at your computer with an AI tool (ChatGPT, Claude or Microsoft Copilot). You give it a task. The tool works through the problem and you see every step. You can redirect at any time.

There are two ways to connect the agent: the MCP server (paste a URL, no installation) or af-cli (install a program on your computer).

Who uses this

Developers and IT professionals already running AI agents daily. Early adopters who want AI agents inside their management system.

Example: NIS2 risk update

You say: "Update our risk register against NIS2 requirements and create risks for what is missing." The agent reads your 5 existing risks and 9 tasks. It identifies 5 gaps against NIS2. It creates 5 new risks with scenarios, consequences, and suggested measures. Everything is marked as AI-generated. You review and decide what to keep.

42 seconds: watch an agent update a risk register against NIS2

More about af-cli →   MCP server (no installation) →

Benefits

  • You see every step and can redirect in real time
  • The agent works across modules in one pass
  • Good for complex, multi-step reasoning tasks

Trade-offs

  • Requires some technical skill. The MCP server is easier to get started with.
  • The agent does what a human can do in AmpliFlow, but without human judgement. It can delete a record as a way to "resolve" it. Watch what it does, especially at first.

3.2 Continuous with af loop

Your IT person starts af loop on a server connected to an AmpliFlow project. The loop monitors the project, picks up ready tasks, spawns an agent per task, and reports back in AmpliFlow when done. Around the clock, with no one needing to monitor it.

Who uses this

Anyone who can write tasks in AmpliFlow and has an IT person who sets up the loop once. You never need to install anything yourself.

Example: Competitor analysis over the weekend

You create 245 tasks, one per competitor: "Analyse [competitor] - website, social media, pricing, positioning. Summarise in a report and add results to the competitor list in AmpliFlow." You start the loop on Friday afternoon. By Monday all 245 reports are done and the competitor list is updated. A team would have taken weeks to do this manually.

Benefits

  • Bulk tasks that would take a team weeks can be done over a weekend
  • Non-technical users can delegate without installing anything
  • The loop handles hundreds of tasks in queue without manual handling

Trade-offs

  • Requires an IT person to set up and maintain the loop
  • You do not see each step in real time, only the result in AmpliFlow
  • Same risk as 3.1: the agent acts without human judgement per step
  • We do not recommend unmonitored agents on company data. Have someone follow up on what the loop has done, at least until you know how it behaves.

Want to know how we govern our own AI usage? Read our AI transparency page →

FAQ

Common questions about AI in AmpliFlow

Honest answers. No promises we cannot keep.

Can we turn off AI completely?

Yes. Turn off the AI feature with one button press and it disappears everywhere instantly. No data is sent to any AI model. It is not a downgraded version. It is the same system, without AI.

Which modules have built-in AI?

Four: ISO Controls (generate five documentation fields per control with batch generation for entire standards), Risk Analysis/ORA (generate scenarios, consequences, and measures), Competencies (generate and improve descriptions), and Positions (generate position descriptions).

What is the difference between built-in AI and AI agents?

Built-in AI helps you write text in a field you are already in. You click, AI suggests, you save. AI agents (via the MCP server or af-cli) work autonomously across modules: they can read risks, identify gaps, create new records, and work through tasks. You set the goal and review the result.

Can the AI read our documents?

The built-in AI generates text based on context in the field you are working in (control name, category, company context). It does not read your existing documents. AI agents can read data in the modules they have access to (risks, tasks, goals) but not files or documents outside AmpliFlow.

Which AI models are used?

Your organization chooses the provider and model. AmpliFlow does not force a specific AI vendor on you.

How do we know what the AI has done?

Everything created by an AI agent is automatically marked as AI-generated, in line with the EU AI Act. With built-in AI, you always click save, nothing is written to the system without your review.

Get started

Find the right AI level for your organization

Book a demo and we will walk through the three modes to find what fits your organization, whether the answer is zero AI, built-in writing help, or an AI colleague.