Vigil: The First Open-Source AI SOC Built with a LLM-native Architecture

SAN FRANCISCO--(BUSINESS WIRE)--Security teams are trapped between proprietary AI SOC vendors that obscure model intelligence and open-source tools that haven’t kept up with agentic architectures. A new open-source project, Vigil, launched at RSA today, changes that. Vigil, built by DeepTempo, enhances rather than obfuscates the transformative intelligence of rapidly advancing reasoning models, including Anthropic’s Claude.

Speculative investments in proprietary AI SOC companies have lost the thread. Vigil is the first open-source AI SOC that frees enterprises from lock-in while unshackling the intelligence of underlying LLMs.

Share

Available immediately under an Apache 2.0 license, Vigil ships with 13 specialized AI agents, 30+ integrations, and 7,200+ detection rules spanning Sigma, Splunk, Elastic, and KQL formats. Additionally, Vigil includes four initial production-tested multi-agent workflows that tie together underlying capabilities to address common use cases in the SOC: incident response, investigation, threat hunting, and forensic analysis. Users can easily add additional integrations, custom rules, and agents often as simply as checking in a file to a designated repository.

Vigil’s architecture is pluggable and transparent. Teams bring their own enterprise model deployments, their own rule sets, and their own integrations for operational context. As reasoning models improve rapidly, those advances surface directly in analyst-facing workflows rather than remaining buried in proprietary black boxes. As a result, users can apply it to their particular environment quickly and can leverage their own enterprise deployments of reasoning models, their own rule sets and other systems for detection, and, of course, their own integrations to provide operational context. Importantly, as models improve, the architecture is structured so those advances surface directly in analyst-facing workflows rather than remaining obscured in proprietary systems.

Vigil is one of a new wave of open-source projects built in the agentic era. Contributors are welcome across product direction, module development, governance, and developer relations. Agentic red teaming projects are a natural fit. Vigil initial engineers have hands-on experience with Stanford’s Artemis and other frameworks and are keen to collaborate.

Built by Open-Source Security Veterans

The DeepTempo team built Vigil as a side project initially and saw demand from users and partners, including professional services partners and research collaborators at Stanford and other educational institutions, for an open and simple to extend solution. Larger enterprises and national SOCs and similar scale organizations are already writing their own agentic SOC capabilities, and Vigil is a community in which they can collaborate on relevant components.

“Claude is the real intelligence. It and other models are improving extremely quickly. Speculative investments in proprietary AI SOC companies have lost the thread. Vigil is the first open-source AI SOC that frees enterprises from lock-in while unshackling the intelligence of underlying LLMs,” said Evan Powell, CEO and Founder of DeepTempo. Powell previously built StackStorm and other Linux Foundation and CNCF projects.

Open by Design

Vigil is vendor-independent. Contributors are welcome from across the security ecosystem, including AI SOC vendors, internal security teams, services organizations, open-source maintainers, and developers building on MCP and agentic frameworks. The Trail of Bits skills repository represents one natural area of collaboration, offering reusable building blocks for cyber-specific reasoning that Vigil is designed to interoperate with via clear Claude skills definitions. Projects like Cisco’s Foundation Sec-8 are candidates for first-class integration, alongside Claude and other advanced reasoning models.

Extending Vigil is simple: multi-agent workflows are defined in a single SKILL.md file, tool integrations use the open MCP standard, and detection rules can be contributed in any major format. Every MCP server in the security ecosystem is a potential Vigil integration. Every skill created on the platform makes it more powerful for everyone.

Availability and Community

Vigil is available now:

git clone --recurse-submodules https://github.com/deeptempo/vigil.git
cd vigil && ./start_web.sh
# Open http://localhost:6988 — your AI SOC is running.

• GitHub repository: https://github.com/deeptempo/vigil
• License: Apache 2.0
• Community Discord: discord.gg/vigil-soc
• Website: www.vigilsoc.org
• Office hours and contributor information: available via the community Discord and GitHub at launch

Security practitioners, researchers, and developers interested in contributing, leading, or experimenting with Vigil are encouraged to connect with the maintainers via the GitHub repository or community Discord.

As AI systems grow more capable, security analysts need shared patterns, tools, and workflows to keep pace. DeepTempo released Vigil as open source to accelerate that learning, building a transparent, adaptable foundation for the next generation of security operations.

See Vigil at RSA Conference 2026

The team behind Vigil will be showcasing the project live at RSA Conference 2026 at Moscone North Expo Hall, Cribl Booth #6353. Visit the booth for live demos, contributor onboarding, and conversations with the Vigil maintainers.

About DeepTempo

DeepTempo builds the AI-native detection intelligence layer for cybersecurity, powered by LogLM - a purpose-built foundation model that identifies attacker intent directly from structured telemetry without relying on signatures or brittle rules. Proven at Deutsche Telekom, BNY, Stanford University, and in OT/ICS environments with the Technology Advancement Center. Available on the Snowflake Native App Marketplace and for deployment across cloud, hybrid, and on-premises environments. DeepTempo is a proud Cribl, AWS, NVIDIA, and Snowflake partner.

Learn more: https://www.deeptempo.ai.
LinkedIn: linkedin.com/company/deeptempo.
YouTube: youtube.com/@DeepTempo-ai.