ROADMAP

What's shipping next.

The roadmap is shaped by what customers run into. Items move from PLANNED to IN PROGRESS to SHIPPED in roughly that order. Sometimes the order is wrong; we update the page when it is.

Shipped · v0.1.0 (March 2026)

SHIPPED
Causal chain engine
Four inference heuristics (explicit, artifact, MITRE, temporal) with PROVABLE/MIXED/INFERRED confidence grading.
SHIPPED
Real-time security constraints
Pattern-based detection enforced as events stream in.
SHIPPED
Pattern algebra
Composable Seq, All, Any, Ind, Within pattern matching on live event graphs.
SHIPPED
Behavioral baselining
Per-entity profiling with anomaly detection.
SHIPPED
Hawkes process predictor
Cross-technique attack forecasting.
SHIPPED
Campaign detection
MITRE stage progression scoring with automatic chain extraction.
SHIPPED
Sigma rule engine
64 built-in rules + custom rule support.
SHIPPED
Threat intelligence feeds
CISA KEV, NVD, GitHub Advisory, CISA Advisories (live sync).
SHIPPED
MITRE ATT&CK mapping
44 techniques mapped with coverage visualization.
SHIPPED
AI triage & investigation agents
Autonomous 3-stage investigation pipeline on chain formation.
SHIPPED
Multi-provider AI
Claude, GPT, and Gemini support.
SHIPPED
Docker collector
Lightweight container with Avon post-quantum encrypted transport.
SHIPPED
Source integrations
Elastic, Splunk, Sentinel, CrowdStrike, SentinelOne, Okta, Google Workspace, AWS CloudTrail.
SHIPPED
Post-quantum encrypted transport
ML-KEM-768 + X25519 hybrid, ML-DSA-65 signatures, AES-256-GCM, 30-second key rotation.
SHIPPED
Multi-tenant isolation
PostgreSQL row-level security, per-tenant causal graphs.

In Progress · Q2 2026

IN PROGRESS
Dashboard completion
Full data wiring across Chains, Investigate, Remediate, and Brief views.
IN PROGRESS
Demo mode polish
One-click start, guided walkthrough, live attack chain simulation.
IN PROGRESS
Analyst feedback loop
Confirm, dismiss, and modify chain assessments with baseline learning.
IN PROGRESS
Live data connection
Real Sysmon/Elastic data through the full causal pipeline.
IN PROGRESS
Billing integration
Self-service subscription management.
IN PROGRESS
SSO
SAML + OIDC (Azure AD, Okta, Google).

Planned · H2 2026

PLANNED
MSSP multi-tenant console
Cross-client dashboard, SOC workflow, white-label branding.
PLANNED
Compliance reporting
HIPAA, PCI, SOC 2, NIST CSF, CIS Controls templates.
PLANNED
Ticketing integrations
Jira, ServiceNow, PagerDuty.
PLANNED
Second source validation
Prove SIEM-agnostic claim with cross-source chain formation.
PLANNED
Executive board reporting
Automated PDF briefs from causal findings.
PLANNED
On-prem / air-gapped installer
For federal and classified environments.
PLANNED
SOAR integrations
Palo Alto XSOAR, Splunk SOAR.
PLANNED
FedRAMP authorization path
Moderate authorization with ATO artifacts.
PLANNED
Community detection pattern repository
Open library of causal detection patterns contributed by analysts.

How we decide what ships next.

Three inputs, weighted in roughly this order: customer pain that is blocking a deployment; integrations that unlock a new buyer segment; engineering improvements that compound. We are not going to ship novelty for its own sake. The roadmap moves in the direction of usefulness.

What's shipping next.

Causal chain engine

Real-time security constraints

Pattern algebra

Behavioral baselining

Hawkes process predictor

Campaign detection

Sigma rule engine

Threat intelligence feeds

MITRE ATT&CK mapping

AI triage & investigation agents

Multi-provider AI

Docker collector

Source integrations

Post-quantum encrypted transport

Multi-tenant isolation

Dashboard completion

Demo mode polish

Analyst feedback loop

Live data connection

Billing integration

SSO

MSSP multi-tenant console

Compliance reporting

Ticketing integrations

Second source validation

Executive board reporting

On-prem / air-gapped installer

SOAR integrations

FedRAMP authorization path

Community detection pattern repository

How we decide what ships next.