Pick your plan
Annual plans.
For the buyer who's just exploring.
14-day full Sentinel trial, then read-only Discovery mode for teams up to 5 users. No cliff. No credit card. Stays indefinitely until you upgrade.
- Browser, desktop, and CLI coverage
- 24-hour AI Discovery Report
- Aggregate tool inventory + risk classification
- Severity totals (workspace-level)
- Sensitive-prompt classifier + redaction (on device)
- Last 7 days of history
Real-time AI governance across all four surfaces. Compliance Evidence Pack bundled in.
Saves $5,280/yr vs monthly billing. Typical Sentinel customer: 150 seats. Scales to 500 seats before Fleet.
- Browser, desktop, CLI, and MCP - all four surfaces, one policy layer
- Per-user attribution: see who ran which tool, which prompt category, when
- Block / sandbox / allow - enforcement by user, team, or surface
- Compliance Evidence Pack (SOC 2, EU AI Act, HIPAA, ISO 42001, NIST AI RMF)
- AI Spend & Savings: live LLM cost by user and model, read-only model right-sizing that quantifies avoidable spend. The AI-cost insight a standalone FinOps tool charges for, included.
- MCP Gateway: 50K calls/month, per-tool allow/deny rules
For companies under audit who need SSO, SIEM, GRC automation, and a custom DPA.
500,000 MCP calls/mo included. Typical Fleet deployment: 500-2,000 seats, $150-300K/yr. Larger Fleet customers include dedicated CSM and named security partner.
- Everything in Sentinel, plus:
- SAML SSO + SCIM (Okta, Entra)
- SIEM streaming (Splunk HEC, Microsoft Sentinel)
- GRC evidence automation (Vanta, Drata, OneTrust, Scytale)
- Custom DPA + DPIA support + BAA (HIPAA)
- Founder-led onboarding (dedicated CSM available. Ask.)
Multi-year prepay: 20% off year 2, 25% off year 3, 30% off year 4+. Ask for a multi-year quote →
Identity, SIEM, and GRC integrations delivered as part of your engagement.
Book a call →Want a paid pilot first? From $5K (25 seats, 4 weeks). 100% credited back on a 2-year conversion (50% on a 1-year). $10K / $15K tiers for larger or longer pilots.
For GRC and compliance
Buying for compliance and audit, not SecOps?
Same Sentinel platform, framed for your auditor. The Compliance Evidence Pack is bundled in: signed, dated, control-mapped evidence for the EU AI Act, ISO 42001, NIST AI RMF, and SOC 2. AIDR detects. We prove it to your auditor.
Add-ons (attach to any paid tier)
Not ready to sign up? See the live demo →
Bundled, not an upsell
Compliance Evidence Pack is included in Sentinel and Fleet.
SOC 2, EU AI Act, HIPAA, ISO 42001, NIST AI RMF. Signed logs your auditor already accepts. The kind of evidence library that runs $50K+/yr standalone in Big-4 GRC consulting.
What's in each tier.
The highlights, grouped. ✓ included, - not in this tier. Expand the full table below for every row.
01 / Visibility
Discovery & visibility
02 / Control
Governance & enforcement
03 / Agents
MCP Gateway (coding agents)
04 / Audit
Compliance Evidence Pack
05 / Pipes
Integrations
06 / Enterprise
Enterprise & data terms
07 / Support
Support & SLA
Show all features (full comparison)
| Feature | Discovery$0 | Sentinel$9.6K + $15/seat | FleetFrom $80K |
|---|---|---|---|
| Discovery & visibility | |||
| 24-hour AI Discovery Report | ✓ | ✓ | ✓ |
| Sensitive-prompt classifier (on device) | ✓ | ✓ | ✓ |
| Tool risk scoring & classification | ✓ | ✓ | ✓ |
| Severity totals & aggregate counts | ✓ | ✓ | ✓ |
| Per-user attribution (who did what) | - | ✓ | ✓ |
| Event history | Last 7 days | Unlimited | Unlimited |
| CSV export of incidents | - | ✓ | ✓ |
| Active-user limit | Up to 5 | Unlimited | Unlimited |
| How long does it last? | Indefinitely (read-only) | As long as you're subscribed | As long as you're subscribed |
| Governance & enforcement | |||
| One-click block / sandbox / allow | - | ✓ | ✓ |
| Soft-block educational redirects | - | ✓ | ✓ |
| Multi-user invites & RBAC | - | ✓ | ✓ |
| Per-tool policy library | - | ✓ | ✓ |
| Real-time prompt redaction (browser + MCP) | - | ✓ | ✓ |
| Model governance (allow / warn / block by LLM model) | - | ✓ | ✓ |
| Network Control (DNS-layer AI discovery) | - | ✓ | ✓ |
| Jailbreak + prompt-injection detection | - | ✓ | ✓ |
| Image + PDF OCR (on device) | - | ✓ | ✓ |
| Multi-language classification (10 languages) | - | ✓ | ✓ |
| Slack alerts (bypass, high-risk, redaction failures) | - | ✓ | ✓ |
| MCP Gateway (coding agents) | |||
| MCP Gateway (in-path proxy for Claude Desktop, Cursor, Claude Code) | - | ✓ | ✓ |
| Per-tool allow / warn / block on MCP servers | - | ✓ | ✓ |
| Catalogued MCP servers with recommended policies | - | ✓ | ✓ |
| On-device argument classifier (credentials, PII, source, legal, customer data) | - | ✓ | ✓ |
| MCP calls / month included | - | 50,000 | 500,000 |
| MDM rollout via NBM_MCP_GATEWAY=1 | - | ✓ | ✓ |
| Compliance Evidence Pack (bundled) | |||
| Audit-ready immutable signed logs | - | ✓ | ✓ |
| SOC 2 + AI evidence pack (one-click export) | - | ✓ | ✓ |
| EU AI Act Article 4 evidence | - | ✓ | ✓ |
| HIPAA technical-safeguards evidence | - | ✓ | ✓ |
| ISO 42001 + NIST AI RMF mappings | - | ✓ | ✓ |
| Quarterly executive risk-audit report | - | ✓ | ✓ |
| MDM deployment (Intune / JAMF / Kandji) | - | ✓ | ✓ |
| API access | - | ✓ | ✓ |
| Integrations | |||
| Identity (Okta, Entra). SAML SSO + SCIM | - | - | ✓ |
| SIEM streaming (Splunk HEC, Microsoft Sentinel)† | - | Add-on (+$5K/yr) | ✓ included |
| GRC evidence automation (Vanta, Drata, OneTrust, Scytale) | - | - | ✓ |
| Enterprise | |||
| SSO / SAML | - | - | ✓ |
| Custom DPA + DPIA support | - | Add-on (+$3K/yr) | ✓ included |
| BAA (HIPAA) | - | - | ✓ |
| Audit log retention | 7 days | Unlimited | 7-year guarantee |
| Annual SOC 2 evidence pack to your auditor | - | - | ✓ |
| Data residency (US or EU) | US | US | US or EU |
| Founder-led / dedicated CSM | - | - | ✓ |
| 99.9% uptime SLA + QBR | - | - | ✓ |
| On-prem classifier option | - | - | ✓ |
| Cost (60-seat reference team, annual billing) | |||
| 1-year annual prepay | $0 | $20,400 / yr | From $80,400 / yr |
| 2-year prepay (save 25%) | $0 | $19,080 / yr | From $75,375 / yr |
| 3-year prepay (save 30%) | $0 | $17,760 / yr | From $70,350 / yr |
| Support | |||
| Community support | ✓ | ✓ | ✓ |
| Email support | - | ✓ | ✓ |
| Priority support | - | ✓ | ✓ |
† Fleet integrations delivered as part of your engagement, configured to your existing identity, SIEM, and GRC stack. Sentinel add-ons are itemised SKUs you can attach at any time.
The math gets better as your team grows.
Shadow-AI-involved breaches cost $670,000 more than equivalent breaches without (IBM 2024). At $160 per leaked record and a 60% incident probability across the cohort, the expected annual loss scales with headcount. Northbeams pricing scales below it.
Shadow data breaches take 26.2% longer to identify and contain. Northbeams cuts that detection window to under 24 hours.
Common questions
How does the 30-day Paid POC work?
You pick a slice (25 or 50 seats) and a window (4 or 8 weeks), we deploy the full Sentinel stack across browser, desktop, CLI, and MCP Gateway, with weekly check-ins from Joe and a signed Compliance Evidence Pack (SOC 2 + AI, EU AI Act Article 4, HIPAA, ISO 42001, NIST AI RMF) at the end. 100% of the POC fee credits toward a 2-year annual conversion within 60 days (50% on a 1-year); a $10K POC against a 50-seat Sentinel annual at $18,600 nets an $8,600 Year-1 ACV on a 2-year.
Why a Paid POC and not a free pilot?
Free pilots fail more often on both sides because nobody has skin in the game; a small paid commitment ($5K-$15K, well under a real enterprise floor) signals the evaluation matters. If you go annual, half comes back. If you don't, you still keep the signed evidence pack and the inventory.
Why publish prices instead of routing through sales?
Security and engineering leaders read the pricing page before the homepage, and hiding numbers wastes everyone's time. You should be able to do the math from this page: platform + per-seat times seats, minus multi-year discount, minus 50% of any POC fee, equals Year-1 ACV.
Why platform fee + per-seat? Why not just per-seat?
AI governance is an org-level outcome, not a per-employee one: the platform fee covers the org-wide layer (Evidence Pack, MCP Gateway, audit log retention, integrations) and the per-seat covers the people using AI tools. It's the same shape SOC 2 platforms use, and it stops a 200-employee company from paying 10x a 20-employee company for the same org-level outcome.
What happened to standalone Evidence?
Northbeams Evidence is now bundled into every paid Sentinel and Fleet plan: SOC 2 + AI, EU AI Act Article 4, HIPAA, ISO 42001, NIST AI RMF, all included. Existing standalone customers honour their current contract through term and migrate to Sentinel or Fleet at renewal, typically at a comparable or lower price.
How does the 14-day free trial work (if I'm not ready for a POC)?
Sign up and you're on full Sentinel from minute one, no card required: per-user view, block, sandbox, audit logs, exports, MCP Gateway, and the bundled Evidence Pack. On day 14 the workspace drops to Discovery mode (aggregate counts only, 7 days, no per-user attribution, capped at 5 active users) and runs indefinitely with no 60-day cliff.
What's the deal with multi-year prepay?
Compliance budgets and EU AI Act enforcement both run multi-year, so we offer 20% off 1-year prepay, 25% off 2-year, 30% off 3-year on both platform fee and per-seat, with seat count true-up at each anniversary. Refunds are pro-rata for unused months minus a 5% admin fee. Get a multi-year quote →
What's the MCP usage limit, and what happens if we exceed it?
Sentinel includes 50,000 MCP gateway calls/month, Fleet includes 500,000; a 60-person engineering team with heavy Claude Code / Cursor usage typically lands around 10-30K. Overage is advertised at $0.005/call, but metering and billing ship in a future release. No charge before then.
What is the MCP Gateway?
A local stdio proxy between your team's coding agents (Claude Desktop, Cursor, Claude Code) and the MCP servers they call (filesystem, GitHub, Postgres, Stripe, Slack, etc.). It classifies every tool argument on-device, ships only categorical labels plus a hash to the dashboard, and lets you set per-tool allow / warn / block rules. Bundled in the desktop app, reversible in one command.
Do you store the actual prompts our team sends?
No. Classification runs entirely in the user's browser; only category labels (e.g., "credentials detected"), per-pattern match counts, and a redacted snippet with secrets masked are sent to your dashboard. See our privacy policy for details.
What is Fleet, and when do I need it?
Fleet is the enterprise tier for companies under audit: SAML SSO + SCIM, MDM force-install (Jamf, Intune, Kandji), SIEM streaming (Splunk, Microsoft Sentinel), and GRC evidence automation (Vanta, Drata, OneTrust, Scytale), all configured to the stack you already run. Custom DPA, BAA, US or EU data residency, 7-year audit log retention, and a 99.9% uptime SLA come with it. From $80K annually ($42K platform + $16/user/mo, 200-seat minimum). Contact sales →
Can we cancel?
Anytime, from the in-app billing portal. You keep paid features through the end of the current period, then drop to Discovery (free, read-only, 5 users max); workspace data is deleted within 30 days of full cancellation, and multi-year prepay refunds are pro-rata for unused full months minus a 5% admin fee.
Book a call
Walk out of your next audit with the file, not the shrug.
For teams scoping a Paid POC. You walk out of 30 days with a signed evidence pack. Fully credited to a 2-year annual (50% on a 1-year). Joe takes the call personally.
Or start free
Start your 14‑day trial →No card · No commitment · Cancel any time
← Home Calculator Support Resources Contact Privacy Terms What's new