Autopilot AI Tech LLC has released Vigil v1.1, an open-source security operations platform that ships 28 autonomous AI agents alongside a local knowledge engine capable of returning structured answers from 356 pre-built security entries in under one millisecond — without any LLM round-trip. The knowledge base covers 85 MITRE ATT&CK techniques spanning all 14 tactics, 48 NIST controls across CSF 2.0 and 800-53 Rev 5, the full OWASP Top 10 Web and OWASP LLM Top 10, 17 CVE patterns, and 30 cross-framework compliance maps including PCI DSS 4.0, HIPAA, SOC 2, ISO 27001, and CIS v8. When the local engine cannot resolve a query, it enriches the prompt with user security profile context, recalled memories, and relevant knowledge base hits before routing to the configured AI provider.
The v1.1 update adds eight agents to the platform's original roster, now covering pentesting, forensics, red team operations, compliance auditing, OSINT, and adversarial analysis. A new DAG workflow automation engine enables chaining of agents, conditional logic, and HTTP calls into security pipelines. Smart AI provider routing supports Ollama for fully air-gapped deployments, Claude API, and OpenAI Codex, with per-agent selection and configurable fallback chains. A new Kali Linux bridge container brings 11 specialist tools — including nmap, nuclei, nikto, and sqlmap — into the Docker Compose stack, eliminating the need for a separate penetration testing environment alongside the platform. The MCP server now exposes 37 tools, 7 resources, and 8 prompts over Streamable HTTP transport, making Vigil callable security infrastructure for Claude Desktop, Claude Code, and Cursor.
Architecturally, Vigil is deliberately minimal: a single Express.js process with only six npm dependencies, a vanilla JavaScript frontend with 37 dashboard views, and optional PostgreSQL that falls back to JSON file storage. Security hardening includes PBKDF2 password hashing, AES-256-GCM encrypted credential vault, TOTP two-factor authentication, and RBAC with Admin, Analyst, and Viewer roles. The BYOK model — users supply their own Claude CLI or Codex CLI credentials — means zero AI inference costs are embedded in the product itself, a structural contrast with SaaS-wrapped LLM security tools that pass inference costs through to customers.
Enterprise SOAR platforms from Palo Alto, Splunk, and IBM carry six-figure annual licenses. Mid-market options like Torq and Tines are SaaS-first. On the open-source side, Wazuh, TheHive, and Security Onion don't treat autonomous agent orchestration or MCP integration as first-class primitives — though none of those projects was built with that goal. Vigil occupies a different design point: AGPL-3.0, air-gapped via Ollama, with DAG-driven agent orchestration as the core abstraction rather than a bolt-on. How much traction a platform run by a small LLC can gain in a market dominated by well-funded incumbents and a growing field of AI-native security startups is unclear. The project is available at github.com/vigil-agency/vigil.