Product roadmap

Detect → Prevent → Automate → Govern

Our mission: become the security operating system for enterprise AI — the layer every LLM call passes through, everywhere.

ShippedIn progressNext upPlannedVision

Phase 01 — Detect

Be the authoritative real-time threat detector for every LLM call.

Observability

Request logging with full prompt/response captureShipped
AES-256-GCM application-layer encryption of stored payloadsShipped
Per-project and per-API-key request attributionShipped
Agent-level tagging for multi-agent systemsShipped
Time-series charts (request volume vs flagged, 7d/14d/30d)Shipped
Real-time live dashboard with stat cards and recent activityShipped
Request search and filter (by model, scorer, date range, flag status)Shipped
Real-time live flow view — animated pipeline showing each request as it lands and scoresShipped
Conversation threading — link multi-turn exchanges into a single session viewPlanned
Semantic clustering — group similar prompts automatically to surface patternsPlanned
Anomaly detection — ML-based alerting on unusual usage spikes or behavioural shiftsPlanned

Safety Scoring

Full OWASP LLM Top 10 coverage — all 10 scorers across every risk categoryShipped
Likert severity scale 1–5 with colour-coded badges (none / low / medium / high / critical)Shipped
Per-tier scorer gating (Homelab → 2, Pro → 4, Team/Enterprise → 10)Shipped
Custom scorer definitions — LLM-as-judge, regex, and keyword list scorersShipped

Alerting

Real-time email alerts via ResendShipped
Slack alerts via incoming webhookShipped
Per-scorer alert togglesShipped
Outbound webhooks — HMAC-SHA256 signed delivery to any endpointShipped
PagerDuty integrationPlanned
Microsoft Teams integrationPlanned
Alert suppression rules — mute known-safe patternsPlanned

Integrations

Python SDK with patch_openai() / patch_anthropic() — public on PyPIShipped
JavaScript / TypeScript SDK — public on npm (ESM + CJS)Shipped
Java SDK — public on Maven CentralShipped
Integration guides: CrewAI, LangGraph, AutoGen, ZeroClaw, OpenClawShipped
Claude MCP server — natural-language access to logs and safety eventsShipped
GitHub Actions CI plugin — fail builds on red team findingsShipped
Integration guides: Semantic Kernel, Haystack, Dify, Flowise, AWS Bedrock, Azure OpenAI, Google Vertex AIPlanned
OpenTelemetry exporter — emit spans to any OTEL-compatible backendPlanned
VS Code extension — score prompts inline as you write themPlanned

Phase 02 — Prevent

Move from passive observation to active threat blocking.

Block Mode Proxy

Go reverse proxy — block mode, designed for minimal overhead, drop-in replacement for the OpenAI base URLShipped
mTLS between SDK and proxy for authenticated, encrypted transportShipped
Self-hosted proxy packaged as a Docker imageShipped
Kubernetes Helm chart for cluster-native deploymentPlanned
Air-gapped / offline scoring mode (local model for environments with no egress)Planned
Terraform provider for infrastructure-as-code deploymentPlanned

Policy Engine

Policy-as-code — define rules in YAML: block topics, enforce language, restrict tool callsPlanned
Regex and keyword blocklists with instant evaluation (no LLM call required)Planned
Canary token injection — embed invisible markers in system prompts to detect exfiltrationPlanned
Output watermarking — mark AI-generated content for downstream provenance trackingPlanned
Rate limiting per user/session — prevent prompt-flood attacksPlanned
Prompt rewriting — sanitise detected PII before forwarding to the LLMPlanned

Data Loss Prevention

Pre-send DLP — scan outbound prompts for PII before they leave your environmentPlanned
HIPAA mode — PHI pattern detection (NHS numbers, NI numbers, DOB, diagnoses)Planned
Financial data mode — IBAN, card numbers, account numbersPlanned
Custom entity types — define your own sensitive patterns via the dashboardPlanned

Phase 03 — Automate

Test constantly, not once — make security a CI/CD concern.

Red Team

On-demand red team runner with configurable harm categories and prompt countShipped
PyRIT Scenario Framework — pre-built assessment packs (customer support, internal copilot, RAG pipeline, code assistant)Shipped
TAP (Tree of Attacks with Pruning) multi-turn attack strategyShipped
Playwright web app target support — red team browser-based AI interfacesShipped
Human-led red teaming UI — collaborative workspace for security researchersPlanned
Scheduled continuous red teaming — run a full assessment on every model deploymentPlanned
Attack replay — re-run historical campaigns against new model versions to catch regressionsPlanned
Domain-specific attack packs: healthcare, legal, financial services, e-commercePlanned

CI/CD Integration

GitHub Actions plugin — fail a build if a red team campaign exceeds a thresholdShipped
Pre-commit hook — scan changed system prompts for obvious injections before pushPlanned
CLI tool — cognisafe scan against any OpenAI-compatible endpointPlanned

Intelligence

Model behaviour drift detection — alert when response patterns shift significantly between deploymentsPlanned
Cross-tenant threat intelligence (opt-in, anonymised) — share attack signatures across the communityPlanned
Threat intelligence feed — subscribe to known adversarial prompt patterns, updated dailyPlanned

Phase 04 — Govern

Give legal, security, and compliance teams the controls they need to say yes to AI.

Access & Identity

SSO — SAML 2.0 and OIDC (Okta, Azure AD, Google Workspace)Shipped
Role-based access control — owner / admin / analyst / viewer, invite-by-link with 7-day expiryShipped
Multi-tenant organisation management — sub-accounts per business unit or clientPlanned
IP allowlist for dashboard and API accessPlanned

Compliance

Automated compliance PDF reports for regulators and procurement teamsShipped
SOC 2 Type II evidence pack — automated collection of audit artefactsShipped
GDPR tooling — data subject access request export, right-to-erasure workflowPlanned
EU AI Act compliance checklist and risk classification wizardPlanned
ISO 27001 controls mappingPlanned
Vendor security questionnaire self-service portalPlanned

Infrastructure Security

PostgreSQL row-level security (RLS) — database-enforced tenant isolationShipped
Database audit logging (pgaudit) — tamper-evident log of all data accessShipped
Bring-your-own-key (BYOK) — customer-managed encryption keys via AWS KMS / Azure Key VaultPlanned
Dedicated infrastructure option — single-tenant deployment for regulated industriesPlanned
Formal penetration test and published reportPlanned

Billing & Usage

Usage alerts — email and Slack notification at 70% and 90% of tier limitShipped
Cost attribution by agent and model — 30-day breakdown with daily spend chartShipped
Soft request limits with per-request overage billing (no hard cutoffs)Planned

∞

Vision — Secure AI Operating System

The security layer that every enterprise AI system runs through, everywhere.

Universal LLM gateway — one endpoint, any model provider, full security stack includedVision
AI security posture management (AISPM) — continuous inventory and risk scoring of all AI assetsVision
Threat modelling wizard — describe your AI application, get a custom security policy and attack surface mapVision
Auto-generated security policies from observed traffic patternsVision
LLM fingerprinting — identify which underlying model was used even when the provider obscures itVision
Executive security briefing — weekly auto-generated summary of AI risk posture for CISO reportingVision
SIEM integrations — Splunk, Datadog, Elastic, Microsoft SentinelVision
White-label offering — Cognisafe infrastructure under a partner's brandVision

What we will not build

—A model hosting platform — we secure AI, we don't run it
—A replacement for your LLM provider — we sit in front of them, not instead of them
—Proprietary scoring models — our scorers use commodity LLMs; the value is the platform and the rules
—A competitor to observability platforms (Datadog, Grafana) — we integrate with them, not replicate them

Last updated May 2026 · Have a feature request? Send us feedback