What does Zatanna do?

Zatanna maps human-only software workflows and exposes them as reliable APIs. Instead of building brittle browser automation scripts, you show the task once and Zatanna reconstructs the underlying request flow into a stable endpoint your AI agents and internal tools can call in production.

How is Zatanna different from web scraping or RPA?

Traditional web scraping replays clicks and waits on page elements, which breaks whenever the UI changes. RPA tools automate screen-level interactions but require constant maintenance. Zatanna reconstructs the actual HTTP request behavior behind a workflow, producing a stable API that doesn't depend on the UI layer at all.

How does Zatanna handle anti-bot detection?

Zatanna manages TLS fingerprinting, proxy rotation, and detection-sensitive request behavior below the API layer. Sessions, cookies, retries, re-authentication, and error recovery are all handled automatically so your integration stays reliable.

What types of workflows does Zatanna support?

Zatanna works best for workflows that are important, repetitive, and stuck behind a UI — including back-office systems with no API, document and record workflows involving uploads, claim forms, and status checks, and AI agent actions in external third-party software.

How do I integrate with Zatanna?

Integration is a three-step process: (1) A human runs the workflow once while Zatanna observes the real behavior, (2) Zatanna builds a request model that reconstructs the calls, state transitions, and recovery logic, (3) Your systems call a single stable API endpoint while Zatanna manages the fragile workflow underneath.

← All articles2025-08-02 · 4 min read

Building AI Agents for Compliance: How to Connect Agents to Legacy Systems

AI compliance agents that need to collect documentation, verify records, generate reports, and submit filings to regulatory platforms. Here's how workflow APIs give AI compliance agents the ability to act in systems that have no API.

TL;DR

AI agents for compliance can reason and decide, but they can only act through APIs. Many compliance systems — especially legacy platforms — have no API for the workflows agents need to perform. Workflow APIs bridge this gap by capturing human-operated workflows and exposing them as stable endpoints that agents can call autonomously.

The compliance agent opportunity

AI compliance agents that need to collect documentation, verify records, generate reports, and submit filings to regulatory platforms. The intelligence to handle these tasks already exists in modern AI models. What's missing is the ability to execute actions in the systems where the work actually happens.

Why legacy systems block compliance agents

Most compliance workflows involve interacting with systems that were built for human operators:

Web portals with login screens and multi-step forms
Internal tools that require clicking through specific UI sequences
Third-party platforms that don't expose the needed functionality through their API
Older systems that have no API at all

Without programmatic access to these systems, AI agents can plan and recommend — but they can't act.

The integration pattern

Workflow APIs give compliance agents hands:

AI Agent → decides what action to take → calls workflow API endpoint → workflow API executes in legacy system

→ returns structured result to agent

The agent's tool definition simply includes the workflow API endpoint with its expected inputs and outputs. The agent calls it like any other API tool.

How the workflow API is created

1. A human demonstrates the compliance workflow once in the actual system

2. The platform captures the real HTTP request behavior — authentication, state management, form submissions, and validation logic

3. A stable API endpoint is produced with structured inputs and outputs

The agent never needs to know about the underlying system's UI, authentication flow, or session management. It just makes an API call.

What makes this production-ready

For compliance agents to operate reliably, the workflow API layer handles:

Authentication management — maintaining sessions in target systems without agent involvement
Error recovery — automatic retries and re-authentication when sessions expire
Consistent responses — structured JSON output regardless of the underlying system's behavior
Monitoring — every agent action is logged for debugging and compliance

Getting started

The fastest path to compliance agent automation:

1. Identify the 2-3 most common compliance tasks that are currently manual

2. Determine which systems those tasks happen in

3. Assess whether those systems have adequate API coverage

4. For workflows stuck behind a UI, create workflow API endpoints through observation

Once the endpoints exist, integrating them into your AI agent is standard tool/function calling — the same pattern used for any API integration.