Compare policy drift and authorization regression
Policy Drift answers the question release teams care about most: did this change make authorization risk better or worse? It compares two verification branches and tells you exactly what moved between them.
Run two source/IR/verification branches and connect both to Policy Drift, and it separates the findings into fixed, unchanged, and newly introduced vulnerabilities. The example reports 0 fixed, 9 unchanged, and 0 new vulnerabilities, and summarizes the policy-change recommendations that persist across both versions — making long-standing security debt visible across releases.

Steps and outcomes
| Action | Expected output | Customer value |
|---|---|---|
| Run two source/IR/verification branches | Each version produces its own verification result. | The comparison is version-aware. |
| Connect both branches to Policy Drift | The example reports 0 fixed, 9 unchanged, and 0 new vulnerabilities. | Teams can isolate release-introduced risk. |
| Open authorization regression views | Persistent policy change recommendations are summarized. | Security debt becomes visible across releases. |