Security teams are caught between proprietary AI SOC solutions that conceal how their models work and open-source tools that lag behind modern agentic architectures. A newly launched open-source project, Vigil, unveiled at RSA, aims to change that by amplifying, rather than hiding, the advanced reasoning capabilities of models like Anthropicās Claude.
Available immediately under an Apache 2.0 license, Vigil ships with13 specialized AI agents, 30+ integrations, and 7,200+ detection rules spanning Sigma, Splunk, Elastic, and KQL formats. Additionally, Vigil includes four initial production-tested multi-agent workflows that tie together underlying capabilities to address common use cases in the SOC: incident response, investigation, threat hunting, and forensic analysis. Users can easily add additional integrations, custom rules, and agents often as simply as checking in a file to a designated repository.
Vigilās architecture is pluggable and transparent. Teams bring their own enterprise model deployments, their own rule sets, and their own integrations for operational context. As reasoning models improve rapidly, those advances surface directly in analyst-facing workflows rather than remaining buried in proprietary black boxes. As a result, users can apply it to their particular environment quickly, and can leverage their own enterprise deployments of reasoning models, their own rule sets and other systems for detection, and of course their own integrations to provide operational context. Importantly, as models improve, the architecture is structured so those advances surface directly in analyst-facing workflows rather than remaining obscured in proprietary systems.
Vigil is one of a new wave of open source projects built in the agentic era. Contributors are welcome across product direction, module development, governance, and developer relations. Agentic red teaming projects are a natural fit. Vigil initial engineers have hands-on experience with Stanfordās Artemis and other frameworks and are keen to collaborate.
Built by Open-Source Security Veterans
The DeepTempo team built Vigil as a side project initially and saw demand from users and partners, including professional services partners and research collaborators at Stanford and other educational institutions, for an open and simple to extend solution. Larger enterprises and national SOCs and similar scale organizations are already writing their own agentic SOC capabilities, and Vigil is a community in which they can collaborate on relevant components.
āClaude is the real intelligence. It and other models are improving extremely quickly. Speculative investments in proprietary AI SOC companies have lost the thread. Vigil is the first open-source AI SOC that frees enterprises from lock-in while unshackling the intelligence of underlying LLMs,ā said Evan Powell, CEO and Founder of DeepTempo. Powell previously built StackStorm and other Linux Foundation and CNCF projects.
Open by Design
Vigil is vendor-independent. Contributors are welcome from across the security ecosystem, including AI SOC vendors, internal security teams, services organizations, open-source maintainers, and developers building on MCP and agentic frameworks. The Trail of Bits skills repository represents one natural area of collaboration, offering reusable building blocks for cyber-specific reasoning that Vigil is designed to interoperate with via clear Claude skills definitions. Projects like Ciscoās Foundation Sec-8 are candidates for first-class integration, alongside Claude and other advanced reasoning models.
Extending Vigil is simple: multi-agent workflows are defined in a single SKILL.md file, tool integrations use the open MCP standard, and detection rules can be contributed in any major format. Every MCP server in the security ecosystem is a potential Vigil integration.Every skill someone writes makes the platform more capable for everyone.
Availability and Community
Vigil is available now.
Learn more about Vigil and how its open-source AI SOC can enhance your security operations by visiting the website here.
Related News:
Fortinet Updates Security Operations Platform with SOC and Agentic AI
Graylog Brings AI and Automated Investigations to Lean Security Teams
Security practitioners, researchers, and developers interested in contributing, leading, or experimenting with Vigil are encouraged to connect with the maintainers via the GitHub repository or community Discord.
As AI systems grow more capable, security analysts need shared patterns, tools, and workflows to keep pace. DeepTempo released Vigil as open source to accelerate that learning, building a transparent, adaptable foundation for the next generation of security operations.
See Vigil at RSA Conference 2026
The team behind Vigil will be showcasing the project live at RSA Conference 2026 at Moscone North Expo Hall, Cribl Booth #6353. Visit the booth for live demos, contributor onboarding, and conversations with the Vigil maintainers.
