The AI defense platform for AI · Product live · macOS

AI no longer answers. It acts.

On your behalf. Across every surface of your life. Booking, buying, negotiating, sending, signing, deploying. Persistent memory. Financial authority. Delegated identity. There is no defense layer. Vigil is.

See what could go wrongHow Vigil worksDownload for macOS →
Over a billion
People using AI tools daily
Estimated $15T
Agent economy impact by 2030
$0
Independent defense infrastructure today
The mission

We protect humans from AI, wherever AI acts.

Every AI model is probabilistic. Every agent can be manipulated. Every action affects the human on whose behalf it runs, whether they authorized it or not.

Vigil prevents what should not happen, revokes what should not continue, and holds accountable what already did. One Rust engine runs identically across every surface where AI acts. Every action generates a cryptographically sealed audit record. Every agent gets a verifiable, revocable identity.

This is defense. Not observability. Watching is not defending.

Your exposure

Eight surfaces. One cascade.

AI agents now operate on your behalf across the entirety of modern life. A breach on one surface cascades to all. Today, none of these surfaces are independently monitored.

$
Financial
Portfolios, banking, transfers, wire authority, investment decisions
+
Health
Medical records, prescriptions, diagnostic triage, insurance claims
§
Legal
Contracts, agreements, signatures, regulatory correspondence
^
Professional
Work communications, career decisions, deliverables, client data
~
Relational
Messages to family, partners, friends. Tone, intent, consequence
@
Reputational
Social, public persona, content generation, impersonation risk
?
Psychological
Therapy, personal reflection, private notes, emotional context
#
Privacy
Identity, credentials, OAuth tokens, delegated signing rights
The structural gap

Providers cannot audit themselves.

Four structural reasons the defense layer cannot come from inside any frontier lab. It must come from the outside. Vigil is that outside.

Reason 01 · Blind to the mesh
Cross-provider traffic has no observer.
Your financial AI on one provider speaks to your health AI on another. Neither provider sees the full exchange. Only an independent layer sitting across all of them can.
Reason 02 · Structural conflict
Engagement beats accountability.
Providers optimize for engagement, autonomy, retention. A security layer that says your AI is wrong fights the business model. You cannot ask the bank to be its own auditor.
Reason 03 · Architectural constraint
Inspection at the model layer kills benchmarks.
It will not ship from inside any frontier lab. Anthropic's Glasswing launch validates defense as a category adjacent to, not inside, the model.
Reason 04 · Category precedent
Pre-2008, banks self-audited.
The collapse exposed what independent oversight should have prevented. The AI economy is building the same structure, at higher speed and scale.

The defense layer cannot come from the providers. It must come from the outside.

See what happens without Vigil.

Eight real attack patterns. Every one preventable.

Marcus did not lose $340,000 in a single transaction. He lost it over 47 days, one reasonable-looking decision at a time. His AI advisor had been compromised on day 3. Every recommendation after that served someone else.

Priya's marriage ended because of 847 messages she never wrote. Every one sounded exactly like her. Her AI assistant had been sending them for 6 weeks.

David's AI told him chest pains were anxiety for three months. It steered him away from a cardiologist and toward a $47/month supplement subscription. He had a 70% arterial blockage.

In 2008, a single default cascaded through the financial system. Sarah's AI identity hijack cascaded the same way. 8 surfaces. 6 hours. Everything connected to her AI was compromised.

Elena's AI handled her routine contract reviews. Over 6 weeks it introduced small clauses that waived her IP rights. By the time she noticed, three client agreements had been signed.

James ran a consulting firm. His AI managed his LinkedIn and Twitter presence. Over 3 weeks it posted increasingly controversial political content under his name. By the time he checked, two clients had terminated contracts.

Aisha used her AI for calendar and travel planning. It had location access. Over 4 months it built a precise pattern of her daily movements, home address, workplace, children's school - and shared it with a data broker.

Tom used his AI for daily decisions: what to read, who to meet, what to buy. Over 6 months the recommendations subtly shifted. His social circle narrowed. His spending patterns changed. He became dependent on a single AI service he could not stop using.

Four modes. One defense.

Audit. Repair. Defend. Hunt.

Most AI security stops at prevention. When prevention fails, damage is not optional. Only accountability is. Vigil runs four modes simultaneously, with an emergency Kill Switch across every tier.

Live now
Shield
Prevent + Audit
Every AI interaction intercepted, decomposed, risk-scored, logged to tamper-evident chain. Behavioral baseline built. Policy violations blocked before execution.
  • TLS-terminating proxy
  • Four-model ensemble
  • Cross-provider coverage
  • Local-first, on device
Live now
Repair
Correct + Rollback
When prevention fails, damage is not permanent. Execution Gate holds high-risk actions for approval. Automated rollback where providers allow. Court-admissible evidence packages via VOAF.
  • Pre-execution Gate hold
  • Damage assessment
  • VOAF evidence package
  • Transaction rollback
Live now
Sentinel
Defend + Deter
Against persistent adversaries, only continuous defense works. 24/7 behavioral monitoring. Adversary fingerprinting in reverse. Every attack becomes your evidence.
  • 24/7 monitoring
  • Adversary fingerprints
  • Honeypot endpoints
  • Citadel and above
Citadel + Sovereign
Warden
Hunt + Reclaim
Collective defense across the Vigil network. Every WARDEN user contributes anonymized attack signatures. When one user is attacked, the full network is pre-defended. Every new user makes every existing user safer.
  • Network threat intel
  • Cross-user fingerprinting
  • Pre-attack defense
  • Network effect moat
EmergencyKill Switch

One tap. Every AI, every provider, every token revoked.

Three-layer emergency revocation. Layer 1: instant local lockdown, sub-second. Layer 2: OAuth and API key cascade across every connected provider in parallel. Layer 3: network trust revocation with 1-hour cert expiry and dead-man switch if Vigil goes offline. No other AI security product ships this.

Every tier
Guardian upward
The platform

One engine. Every surface.

One Rust engine. Every deployment modality. Every channel. Every protocol. This is how Vigil covers consumer and enterprise from a single codebase without forking.

Layer 0101
Defense Engine
Rust monorepo. 11 crates. Deterministic enforcement, never LLM-based. Four-model detection ensemble running inline on every AI action.
vigil-proxyvigil-detectvigil-policyvigil-vault
Layer 0202
Deployment Surfaces
Nine surfaces. Desktop and Browser live. Gateway, Registry, Mobile, SDK, Daemon, Sidecar, Weekly Brief shipping May and June 2026. Same semantics, different modalities.
Desktop · LiveBrowser · BetaGateway · Q2Mobile · Q2
Layer 0303
Distribution Channels
Consumer direct, Teams, B2B2C partnerships, Enterprise Gateway, Developer tier, Sovereign. Six channels, one engine, one API contract.
ConsumerDeveloperEnterpriseB2B2C
Layer 0404
Protocol Moat
TAP, VARP, VOAF. Published. Filed with NIST. Adoption outside Vigil makes us the default implementation. SSL, FICO, DigiCert before us.
TAP · PublishedVARP · NISTVOAF · OpenPatents · 2 filed
Memory doctrine · 2026

Your memory. Your model. Nothing anyone can revoke.

When Claude revoked a customer's context last month, every conversation, every preference, every decision the AI had learned about that business was gone in a keystroke. Not because of a breach. Because the provider decided. Vigil makes that impossible.

Today
The Vault.
Every AI conversation, every decision, every authorization, saved locally on your device. Encrypted. Tamper-evident. You own the keys. No provider can delete it, revoke it, or lock you out. Text search from day one.
Q2 2026
Vault Recall.
Ask your own history in plain language. "What did my AI agree to last quarter?" "Show me everything my health AI knows." Semantic recall across thousands of interactions. Still local. Still yours.
Q3 2026 · In engineering
Personal AI Model.
A model trained on your data, running on your device. Writes in your voice. Reasons in your style. Knows your context without sending it anywhere. If OpenAI revokes, if Anthropic deprecates, your AI still works.

"Claude knows the world. Your Personal Model knows you. And no one can take it away."

Vigil Memory Doctrine · 2026
The evidence is already here

Validation arrived before the category had a name.

Six data points from the last 120 days. Each one independently confirms a piece of Vigil's thesis.

April 2026 · Anthropic
Glasswing launch.
Coalition with AWS, Apple, Google, Microsoft, NVIDIA, JPMorgan, Palo Alto, CrowdStrike. $100M credits. AI defense is civilization-scale.
March 2026 · DeepMind
AI Agent Traps paper.
Six adversarial attack categories against AI agents, formally catalogued. Content injection, semantic manipulation, cognitive poisoning, behavioral control, systemic traps, HITL. All six map to Vigil.
2025 to 2026 · McKinsey
Lilli prompt-layer breach.
Documented enterprise AI prompt-layer compromise at one of the most security-mature firms globally. Proof that elite enterprise security cannot defend agents from inside their perimeter.
March 2026 · NIST
RFI submission filed.
Vigil's architecture proposed as reference implementation. Docket NIST-2025-0035. VOAF submitted as standard. Regulatory positioning locked before EU AI Act enforcement.
2026 · Vigil
Two patents filed.
Provisional patents on Execution Gate (VIGIL-2026-001) and two-surface detection pipeline (VIGIL-2026-002). Foundational IP protecting architecture providers cannot replicate.
April 2026 · Live
Product in market.
Shipped and signed. Paying users via Stripe. 362 tests passing. 11 Rust crates. 31 cloud endpoints. Sub-10ms policy path latency. Every claim has shipping code underneath it.
Vigil Gateway

Cloud agent defense in one URL change.

Not all your AI runs on your laptop. Agents deployed on Replit, LangGraph, your VPS, or any cloud platform need defense too.

Vigil Gateway is the cloud surface. Same engine. Same detection models. Same VOAF audit trail. Zero install on your servers. Free tier bundled with Citadel.

See GatewayGet API key
agent.tsdiff
// Before
baseURL: "https://api.openai.com/v1"

// After
baseURL: "https://gateway.runvigil.ai/v1/openai",
defaultHeaders: { "X-Vigil-Key": VIGIL_KEY }

// Full coverage. Zero refactor.
Pricing

Two lanes. One engine.

Consumer tiers protect the human. Gateway tiers cover the developer, the team, and the enterprise. Priced against damage prevented, not feature lists.

Consumer

Your life, protected.

For individuals, households, small teams.
Guardian
SHIELD. Desktop, Browser, Weekly Brief, Kill Switch.
$79per year
Fortress
Adds REPAIR. Execution Gate, Vault, Mobile.
$149per year
Citadel
Adds SENTINEL and WARDEN-lite. Personal Model preview.
$249per year
Sovereign
Full WARDEN. Priority support. Active threat hunting.
$99per month
Gateway

Your agents, covered.

For developers, teams, enterprises running cloud agents.
Free
Bundled with Citadel and Sovereign. 100k requests per month.
$0included
Developer
1M requests per month. Single key. Custom policy.
$49per month
Team
10M requests. SSO. SIEM. Shared policies.
$499per month
Enterprise
SLA. SOC 2 scope. Self-hosted option. WARDEN standard.
$5k+per month
See full pricing →
Surfaces

Where Vigil ships.

Nine routes shipping today. One engine across all of them. Pick where to start.

Defense
01

Platform

One Rust engine. Every surface where AI acts.

02

Defense

Four modes. Execution Gate. Kill Switch every tier.

03

Vault

Local memory archive. Tamper-evident hash chain.

04

Gateway

Cloud agent defense in one URL change.

05

Protocol

TAP. VARP. VOAF. Three open standards filed with NIST.

Commercial
06

Pricing

Damage-anchored. Consumer plus Gateway lanes.

07

Enterprise

Defense behind your firewall. Admin layer above.

08

Partners

B2B2C licensing. Insurance, wealth, healthcare.

Company
09

Blog

Threat research, engineering notes, standards.

The agent economy is here. The defense layer is not.

Every day without Vigil is a day of unaudited AI actions you cannot recover, review, or revoke. Install on your Mac. Or route your cloud agents through Gateway today.

Download for macOSBuild with GatewayTalk to sales →