# Northbeams

> Northbeams is the AI System of Record. The evidence layer your GRC platform plugs into for EU AI Act, ISO 42001, NIST AI RMF, and SOC 2 + AI. Signed Evidence Packs your auditor will accept. One platform. Four surfaces (browser, desktop, CLI, MCP). One dashboard.

Northbeams catches AI activity on four surfaces — browser, desktop apps, CLI tools, and MCP servers — through a Chrome extension and a desktop app for Mac and PC. The classifier runs on-device so prompt content never leaves the user's machine. The platform produces signed, hash-chained, control-mapped Evidence Packs for the frameworks GRC teams and auditors are running in 2026.

## The artifact

- [Evidence Pack](https://northbeams.com/evidence-pack): The signed PDF auditors accept. Seven sections: Cover, Scope, Control mapping, Evidence appendix, Exceptions & gaps, Methodology, Signatures. Pre-mapped to ISO 42001, EU AI Act Article 26, NIST AI RMF, and SOC 2 + AI. Public sample download available.
- [Evidence API](https://northbeams.com/evidence-api): Six REST endpoints. List frameworks, list controls, pull packs, sample events, register webhooks for control-status changes, public verification endpoint.
- [Verify a pack](https://northbeams.com/trust/verify): Public verifier. Paste a SHA-256 hash or upload a PDF; the verifier confirms the signature and signing date. No login required. Built for auditors.

## Compliance frameworks

- [Compliance hub](https://northbeams.com/compliance): Framework landing page. EU AI Act, ISO 42001, NIST AI RMF, SOC 2 + AI in one place. Sample-pack download as the hero CTA.
- [ISO/IEC 42001](https://northbeams.com/iso-42001): The world's first AI management system standard. 38 Annex A controls. Northbeams evidences 14 of 38 AUTO; the rest ATTEST or scoped-out with reason.
- [EU AI Act](https://northbeams.com/eu-ai-act): Article 26 deployer obligations enforceable December 2026. Logging, oversight, monitoring, 6-month minimum retention.
- [NIST AI RMF](https://northbeams.com/nist-ai-rmf): Govern, Map, Measure, Manage. Northbeams covers MEASURE fully and contributes to MAP.
- [SOC 2 + AI](https://northbeams.com/soc2-ai): The addendum auditors started asking for in 2026. CC6.1, CC7.2, and the CSA AI Controls Matrix. Annex to your existing Type II.
- [ISO 27001 to ISO 42001](https://northbeams.com/iso-27001-to-42001): If you have ISO 27001, here's what 42001 adds.
- [ISO 42001 vs NIST AI RMF](https://northbeams.com/iso-42001-vs-nist-ai-rmf): Side-by-side and which to pick.

## Personas

- [For Head of GRC](https://northbeams.com/grc): "Walk into your AI audit with the file, not the shrug." Primary buyer of the Compliance tier.
- [For vCISO firms](https://northbeams.com/vciso): "Carry one AI evidence layer across all your clients." Multi-tenant model, white-label Evidence Packs, recurring rev share.
- [For IT leads](https://northbeams.com/it-lead): "You're already accountable for AI you can't see. Run it instead." Per-seat motion.
- [For CFOs](https://northbeams.com/cfo): "$15K a year. $670K of avoidable surprise." Breach-economics ROI.
- [For Security Directors](https://northbeams.com/security-director): Fleet-tier buyer. Identity, SIEM, GRC integration breadth.

## Product surfaces

- [Why Northbeams](https://northbeams.com/why): The case for the four-surface evidence layer.
- [Pricing](https://northbeams.com/pricing): Two parallel ladders. Per-seat (Beam free / Lighthouse $15 / Sentinel $25 / Fleet custom) for SecOps. Compliance ($12K / $36K / $72K+ annual flat fee) for GRC.
- [MCP Gateway](https://northbeams.com/mcp-gateway): Per-tool allow / warn / block for Claude Desktop, Cursor, Claude Code.
- [Coverage](https://northbeams.com/coverage): Live scorecard, refreshed quarterly.
- [Surface comparison](https://northbeams.com/surface-comparison): Browser, desktop, CLI, MCP — which catches what.
- [On-device classification](https://northbeams.com/on-device-classification): Why the classifier runs locally.

## AI laws and field guides (content)

- [AI laws field guide](https://northbeams.com/ai-laws): Hub for US federal, US state, EU, and standards-based AI rules in 2026.
- [Colorado AI Act](https://northbeams.com/colorado-ai-act), [Texas TRAIGA](https://northbeams.com/texas-traiga), [California AI laws](https://northbeams.com/california-ai-laws), [New York RAISE Act](https://northbeams.com/new-york-raise-act), [Illinois AI interview law](https://northbeams.com/illinois-ai-interview-law), [Federal AI policy](https://northbeams.com/federal-ai-policy). These are deployer-side / state-law explainers. Northbeams sells the consumption-side evidence layer, not deployer obligations.

## Lead magnets

- [Sample Evidence Pack](https://northbeams.com/evidence-pack): The hero magnet. PDF in the real format with synthetic data. Email-gated.
- [EU AI Act readiness PDF](https://northbeams.com/eu-ai-act-readiness): 7-page printable checklist. Article 26 in plain language. Secondary magnet.
- [Calculator](https://northbeams.com/calculator): Shadow-AI exposure calculator. Per-seat motion. CFO/IT lead lead magnet.

## Trust

- [Trust](https://northbeams.com/trust): Architecture, data handling, signing-key fingerprint.
- [Verify a pack](https://northbeams.com/trust/verify): Public verifier.
- [Security](https://northbeams.com/security): Vulnerability disclosure, hardening.
- [Sub-processors](https://northbeams.com/sub-processors): Vendors that touch customer data.
- [Privacy policy](https://northbeams.com/privacy), [Terms of service](https://northbeams.com/terms).

## Comparisons (per-seat / SecOps)

- [Northbeams vs Harmonic Security](https://northbeams.com/vs-harmonic), [vs Nightfall](https://northbeams.com/vs-nightfall), [vs Strac](https://northbeams.com/vs-strac), [vs Teramind](https://northbeams.com/vs-teramind). Note: we do not compare against Scytale, Drata, Vanta, or Secureframe — those are partners.

## Optional

- [Resources](https://northbeams.com/resources), [Perspective](https://northbeams.com/perspective), [In the wild](https://northbeams.com/in-the-wild), [Shadow AI baseline 2026](https://northbeams.com/shadow-ai-baseline-2026).
- [Download](https://northbeams.com/download): Signed .pkg for Mac and signed .msi for PC. MDM-deployable.
- [Contact](https://northbeams.com/contact), [Pricing FAQ](https://northbeams.com/pricing-faq).