Security teams often face a choice between proprietary AI SOC platforms that obscure model intelligence and open-source tools that struggle to keep pace with agentic architectures. A new open-source project, Vigil, launched at RSA today, aims to change that by enhancing the intelligence of advanced reasoning models including Anthropic’s Claude rather than hiding it.
Available immediately under an Apache 2.0 license, Vigil comes with 13 specialized AI agents, more than 30 integrations, and over 7,200 detection rules across Sigma, Splunk, Elastic, and KQL formats. The platform also includes four initial production-tested multi-agent workflows that address common SOC use cases: incident response, investigation, threat hunting, and forensic analysis. Users can add custom rules, agents, and integrations easily, often simply by checking in a file to a designated repository.
Vigil’s pluggable and transparent architecture allows teams to use their own enterprise model deployments, rule sets, and integrations to provide operational context. As reasoning models evolve, the improvements appear directly in analyst-facing workflows rather than remaining hidden in proprietary systems. This design enables rapid adaptation to specific environments and seamless integration with existing enterprise security systems.
The project is part of a new wave of open-source initiatives built for the agentic era. Contributors are invited to participate in product direction, module development, governance, and developer relations. Vigil’s engineers have experience with Stanford’s Artemis and similar frameworks, and collaboration with agentic red teaming projects is encouraged.
Built by Open-Source Security Veterans
Vigil was initially developed as a side project by the DeepTempo team. Demand from users, partners, professional services firms, and research collaborators at Stanford and other institutions prompted its public release. Large enterprises, national SOCs, and similar organizations that are developing their own agentic SOC capabilities can use Vigil as a collaborative community for relevant components.
Evan Powell, CEO and Founder of DeepTempo, said, “Claude is the real intelligence. It and other models are improving extremely quickly. Speculative investments in proprietary AI SOC companies have lost the thread. Vigil is the first open-source AI SOC that frees enterprises from lock-in while unshackling the intelligence of underlying LLMs.” Powell has previously built StackStorm and other Linux Foundation and CNCF projects.
Open by Design
Vigil is vendor-independent and welcomes contributors from across the security ecosystem, including AI SOC vendors, internal security teams, services organizations, open-source maintainers, and developers using MCP and agentic frameworks. The Trail of Bits skills repository is one natural area of collaboration, offering reusable building blocks for cyber-specific reasoning. Projects such as Cisco’s Foundation Sec-8 are potential candidates for first-class integration alongside Claude and other advanced reasoning models.
Extending Vigil is straightforward: multi-agent workflows are defined in a single SKILL.md file, tool integrations use the open MCP standard, and detection rules can be contributed in any major format. Every MCP server in the security ecosystem can potentially integrate with Vigil, and every contributed skill enhances the platform for all users. Vigial is available now.