TRA-CE.ai
Request Access
Features Proof Pricing Docs Blog
Request Access

Product Roadmap

Honest about where we are. Transparent about where we're going.

Shipped, v0.1.0 (March 2026)

Live

Causal Intelligence

  • Causal chain engine — 4 inference heuristics (explicit, artifact, MITRE, temporal) with PROVABLE/MIXED/INFERRED confidence grading
  • Real-time security constraints — pattern-based detection enforced as events stream in
  • Pattern algebra — composable Seq, All, Any, Ind, Within pattern matching on live event graphs
  • Behavioral baselining — per-entity profiling with anomaly detection
  • Hawkes process predictor — cross-technique attack forecasting
  • Campaign detection — MITRE stage progression scoring with automatic chain extraction

Detection & Intelligence

  • Sigma rule engine — 64 built-in rules + custom rule support
  • Correlation engine — event grouping with causal bridge to chain formation
  • Threat intelligence feeds — CISA KEV, NVD, GitHub Advisory, CISA Advisories (live sync)
  • MITRE ATT&CK mapping — 44 techniques mapped with coverage visualization

AI Investigation

  • AI triage & investigation agents — autonomous 3-stage investigation pipeline on chain formation
  • Alert narrator — plain-language explanations of security findings
  • Multi-provider AI — Claude, GPT, and Gemini support

Data Collection

  • Docker collector — lightweight container with Avon post-quantum encrypted transport
  • Source integrations — Elastic, Splunk, Sentinel, CrowdStrike, SentinelOne, Okta, Google Workspace, AWS CloudTrail
  • Pipeline orchestration — scheduled ingestion with retries, backfill, and health monitoring

Security & Platform

  • Post-quantum encrypted transport — ML-KEM-768 + X25519 hybrid, ML-DSA-65 signatures, AES-256-GCM, 30-second key rotation
  • Multi-tenant isolation — PostgreSQL row-level security, per-tenant causal graphs
  • Authentication — email + password + mandatory TOTP 2FA, invite-only onboarding
  • AWS deployment — EC2 + RDS PostgreSQL 17, encrypted cache, automated backups

In Progress, Q2 2026

In Progress
  • Dashboard completion — full data wiring across Chains, Investigate, Remediate, and Brief views
  • Demo mode polish — one-click start, guided walkthrough, live attack chain simulation
  • Analyst feedback loop — confirm, dismiss, and modify chain assessments with baseline learning
  • Live data connection — real Sysmon/Elastic data through full causal pipeline
  • Billing integration — self-service subscription management
  • SSO — SAML + OIDC (Azure AD, Okta, Google)

Planned, H2 2026

Planned
  • MSSP multi-tenant console — cross-client dashboard, SOC workflow, white-label branding
  • Compliance reporting — HIPAA, PCI, SOC 2, NIST CSF, CIS Controls templates
  • Ticketing integrations — Jira, ServiceNow, PagerDuty
  • Second source validation — prove SIEM-agnostic claim with cross-source chain formation
  • Executive board reporting — automated PDF briefs from causal findings
  • On-prem / air-gapped installer — for federal and classified environments
  • SOAR integrations — Palo Alto XSOAR, Splunk SOAR
  • FedRAMP authorization path
  • Community detection pattern repository