Pre-launch — design partner cohort opening

Watch every AI.
Guard every prompt.

Vigil360 is the control plane for AI inside your company. Discover the tools your people already use, redact sensitive data before it leaves your network, enforce policies that match how your business actually works, and produce audit-ready evidence for SOC 2, ISO 42001 and the EU AI Act.

Start free trial See how it works

14-day trial  ·  No credit card  ·  Connect read-only first

Live activity · sample
947 prompts scanned in last 60s
12:48:02 m.chen@ → ChatGPT Enterprise · code review · clean Allow
12:48:00 s.park@ → Claude · contains customer email · redacted Redact
12:47:58 j.ortiz@ → Copilot · meeting summary · clean Allow
12:47:56 eng-svc-acct → ChatGPT (consumer) · contains AWS key · blocked Block
12:47:54 a.khan@ → Notion AI · 3 PII tokens · redacted, logged Redact
12:47:52 d.lopez@ → Perplexity · research query · clean Allow
Detectors 30+
Frameworks 6
Discovery sources 5
Deploy time < 1 day
91%
of AI tools run without IT oversight
8.5%
of prompts contain sensitive data
63%
of enterprises overspend on AI
85%
fewer incidents on governed AI

The problem

Shadow AI is a security and compliance liability — today.

Most companies have no idea how many AI tools their people are actually using. The ones they do know about? Half are governed by an honor system.

01

You can't govern what you can't see

SaaS sprawl, browser extensions, personal accounts, expense-card subscriptions. Most AI inventory is wrong by week two.

02

Honor-system DLP doesn't scale

Telling people "don't paste customer data into ChatGPT" works until someone has a deadline. Then it doesn't.

03

Auditors want evidence, not policy PDFs

EU AI Act, ISO 42001 and SOC 2 require continuous evidence. Annual policy reviews aren't going to pass.

The platform

One control plane for every AI your company touches.

Six modules. One audit trail. Connect read-only, see your inventory in an hour, enforce in a week.

MODULE 01

Discovery

Find every AI tool — sanctioned or not — your people are using.

  • OAuth audit (Google, M365, Okta, Slack)
  • Browser-extension telemetry
  • Firewall & DNS log analysis
  • Expense & finance records
  • SSO event correlation
MODULE 02

Data Shield (DLP)

Prompts and outputs scanned in real time — sensitive data redacted before it leaves your perimeter.

  • 30+ detectors (PII, PHI, secrets, source)
  • Customer-record fingerprinting
  • On-device or proxy enforcement
  • Custom regex & ML classifiers
  • Per-team policy overrides
MODULE 03

Policy engine

Allow, warn, redact or block. Plain-English rules, scoped to teams, roles or data classes.

  • Prebuilt packs (engineering, legal, clinical)
  • Approval workflows with SLAs
  • Real-time enforcement at browser + API
  • Override audit trail
  • SCIM & SSO integration
MODULE 04

Agent oversight

Every AI agent inventoried — its permissions, data access, and the decisions it makes.

  • Copilot, Agentforce, custom builds
  • Permission & scope tracking
  • Decision audit log
  • Kill-switch on demand
  • SOC 2 / ISO 42001 control mapping
MODULE 05

Compliance

Pre-mapped controls for the six frameworks regulated companies actually face.

  • EU AI Act risk classification
  • NIST AI RMF 1.0 evidence
  • ISO 42001 management system
  • SOC 2 + AI overlay
  • Direct export to Vanta, Drata, Secureframe
MODULE 06

Risk & incidents

Score every AI system. Flag drift, bias and anomalies. Route incidents to owners with SLAs.

  • Continuous risk scoring
  • Drift & bias monitoring
  • Incident workflows + SLAs
  • Splunk / Datadog / SIEM streaming
  • Tamper-resistant audit log

How it works

From zero visibility to full governance in three steps.

1

Connect

Read-only OAuth into Google Workspace, M365, Okta and your firewall. No agent install. No code change. ~30 minutes.

2

Discover

Within hours: a full inventory of every AI tool, who's using it, what data it touches, and the risk score. Surfaced as a single timeline.

3

Enforce

Deploy policy packs in days, custom rules in weeks. Real-time enforcement at the browser, API and gateway. Evidence streamed to your GRC tool.

Compliance

Built for the frameworks your auditors actually use.

Controls pre-mapped, evidence collected continuously, reports exported in one click.

EU AI Act
High-risk systems
NIST AI RMF
1.0 playbook
ISO 42001
AI mgmt system
SOC 2
CC + AI overlay
HIPAA
Covered entities
GDPR
+ CCPA, AB-1008

Pricing

Right-sized for every stage.

Per-user pricing on Starter and Business. Custom contracts on Enterprise. 14-day free trial. No credit card.

Starter
Small & mid-sized teams
$6
/ user / month · billed annually
  • SaaS & OAuth discovery
  • Browser extension DLP
  • 6 prebuilt policy packs
  • 30 PII / secret detectors
  • SOC 2 evidence pack
  • Email support
Start free trial
Most popular
Business
For regulated mid-market companies
$14
/ user / month · billed annually
  • Everything in Starter
  • Network & DNS discovery
  • Custom policies + approval flows
  • Agent oversight
  • EU AI Act + ISO 42001 + HIPAA
  • Vanta / Drata / Secureframe export
  • Priority support + Slack channel
Start free trial
Enterprise
Fortune 500 + regulated industries
Custom
Annual contract · volume pricing
  • Everything in Business
  • Customer-managed encryption keys
  • On-prem / private cloud option
  • SCIM, SAML, custom IdP
  • Custom detectors & classifiers
  • Dedicated CSM + named SRE
  • BAA + DPA + custom MSA
Start a pilot

FAQ

Frequently asked questions.

Is there a free trial?

Yes — 14 days, no credit card required. Connect read-only credentials, run a discovery scan, and see your full AI inventory before you decide.

What counts as a "user"?

A user is anyone whose AI activity Vigil360 governs — typically anyone in your SSO directory who could use an AI tool. We count active users monthly, not provisioned ones.

How does Vigil360 discover shadow AI?

Five overlapping signal sources: OAuth audit of Google/M365/Okta/Slack, optional browser extension for prompt telemetry, firewall and DNS log analysis, expense-card and SaaS-procurement data, and SSO event correlation. We correlate all five into one inventory.

Do you actually see the prompts?

Only with explicit policy. The browser extension can inspect prompts on-device without anything leaving the endpoint until a policy decision is made. Server-side, you choose what's logged: redacted-only, full-prompt with consent, or metadata only. Default is metadata + redacted.

Does it integrate with our GRC tool?

Direct export to Vanta, Drata and Secureframe on Business and Enterprise plans. Generic SCIM-style export to any system on all plans.

What about EU AI Act and ISO 42001?

Both are first-class. Vigil360 ships pre-mapped controls for both, plus continuous evidence collection. The EU AI Act module classifies your AI systems by risk tier and tracks the documentation requirements per tier. ISO 42001 covers the management system, objectives, risk treatment and internal audit.

Can we self-host?

On Enterprise plans, yes. Single-tenant private cloud (your AWS/Azure/GCP account) or fully on-prem with hardware appliance. Talk to us about deployment patterns.

What's your security posture?

SOC 2 Type II in progress (target Q3 2026). ISO 27001 + 42001 alignment from day one. Customer-managed encryption keys on Enterprise. All audit logs are append-only and tamper-resistant. BAA available.

See what AI your company
actually uses.

Connect read-only in 30 minutes. See your full inventory in an hour. Decide what to do about it on your own timeline.

Start free trial