For the Director of IT or Head of Security

You'll want: Northbeams Sentinel + Northbeams Evidence

Detect the shadow AI. Contain it. Prove it to your auditor.

The market calls it AIDR. We detect it, then we prove it to your auditor. For the Director of IT or Head of Security prepping for SOC 2, EU AI Act, or a customer security review. Northbeams plugs into the stack you already run. SAML, SCIM, MDM-deployed, SIEM-routed, evidence-pack ready. The MCP Gateway audits every tool your developers' coding agents call, on-device.

Start your 14‑day trial → Book a call

SOC 2 Type II readiness underway · Privacy-first by design · No prompt content leaves the device

01 / The reality

Three questions land on your desk this quarter.

01 / The audit

Your SOC 2 auditor wants the AI control.

CC6.1 logical access. CC7.2 monitoring. CC8.1 change management. The auditor is asking how AI tool usage is governed. You need evidence, not a screenshot. By Friday.

02 / The customer

An enterprise customer just sent their security questionnaire.

Question 47: "Please list all AI sub-processors used in the delivery of services to us." You have 72 hours to answer or the contract slips a quarter.

03 / The board

Your CEO got asked at the last board dinner.

"What's our AI policy?" The board chair is half a regulator now. The answer "we're working on it" buys you exactly one quarter, then a board resolution lands.

02 / What you actually need

The list of things a security-vendor questionnaire asks for.

Identity

SAML SSO + SCIM

Okta or Entra. Single sign-on for admins. SCIM provisioning means joiners covered on day one, leavers off in seconds. Configured as part of your Fleet engagement.

Devices

MDM-deployed

Force-install via Jamf, Intune, or Kandji. One-click in your MDM. Five minutes to full coverage.

Logging

SIEM-routed

Stream every policy event into Splunk or Microsoft Sentinel in real time. Use the searches and dashboards your team already trusts. Turn it on yourself in Settings, no services engagement needed.

Evidence

GRC-pre-mapped

Vanta, Drata, OneTrust. Northbeams is an evidence source. The auditor gets shadow-AI coverage without you screenshotting anything. Configured as part of your Fleet engagement.

Coding agents

MCP Gateway

In-path proxy for the MCP servers your developers wire to Claude Desktop, Cursor, and Claude Code. Per-tool allow / warn / block. Argument values stay on the laptop. MDM-rolled via NBM_MCP_GATEWAY=1.

Active prevention

Real-time prompt redaction

Credentials, PII, source code, and customer data masked on-device before the prompt reaches Claude or ChatGPT. Covers browser-typed prompts, image and PDF pastes, and MCP tool arguments. If redaction fails, you get a metadata-only alert in Slack and SIEM. No unredacted content is ever stored. Pilot live on Sentinel since 2026-05-24.

Threat detection

Jailbreak + prompt-injection

"Ignore previous instructions", DAN-style overrides, prompt-injection inside pasted documents. Flagged in the incident feed as a separate event category. Useful evidence for SOC 2 CC7.2 and EU AI Act Article 15.

03 / Three numbers that close the audit conversation

What you walk into the meeting with.

27

AI tools active in a typical 50 person company. Your number is higher.

Northbeams customer base 2026

143

Sensitive prompts sent to public AI per company per month. Multiply by your headcount ratio.

Northbeams customer base 2026

14 days

From extension install to first evidence pack delivered to your auditor.

Northbeams deployment SLA on Sentinel and Fleet

04 / Plug into the stack you already run

Identity, devices, logging, evidence. We meet your tools where they live.

Identity

SSO + provisioning

Okta SAML SSO and SCIM provisioning. Joiners covered on day one. Leavers off in seconds.
Microsoft Entra SAML SSO and SCIM for Microsoft-first shops. Conditional access supported.

Available on Fleet

Device management

MDM-deployed extension

Jamf Pre-built Library Item. Force-install on every managed Mac. No user action required.
Microsoft Intune Chrome ADMX policy template. One-click force-install across mixed Windows + Mac fleets.
Kandji Pre-built Kandji Library Item. The MDM most fast-growing Mac shops are already on.

Available on Sentinel and Fleet

Logging and observability

SIEM event streaming

Splunk Stream policy events to your Splunk HTTP Event Collector. Set the endpoint and token in Settings, test the connection, and the searches you already run pick them up under the northbeams:governance sourcetype.
Microsoft Sentinel Stream policy events into Microsoft Sentinel via the Log Analytics API. Paste your workspace ID and key, test the connection, and events land in your SOC workspace ready to query.

Available on Fleet · Datadog and other SIEMs on request

Compliance and risk

Evidence automation + TPRM

Vanta AI tool inventory and policy logs feed Vanta as evidence for SOC 2 CC6.1, CC7.2, CC8.1.
Drata Same evidence pipeline as Vanta. Drop-in for Series B/C companies on Drata.
OneTrust AI sub-processor list feeds OneTrust data mapping and TPRM. PIA and DPIA templates pre-populated.

Available on Fleet

Don't see your stack? Talk to us →

05 / How it deploys at your size

From "install" to "auditor copy" in 90 days.

Day 0 - 30

Install and discover.

  • Deploy the extension via Jamf, Intune, or Kandji to the whole fleet.
  • Sign in to the Northbeams dashboard with SAML through Okta or Entra.
  • Receive your first AI Discovery Report inside 24 hours of install.
  • Categorize tools as sanctioned, unknown, or high-risk.

Day 31 - 60

Connect and route.

  • Turn on SCIM provisioning. Joiners auto-covered, leavers auto-revoked.
  • Stream policy events into Splunk or Microsoft Sentinel. Use the dashboards your team already runs.
  • Apply your first round of one-click block, sandbox, allow policies. Roll back any policy that breaks a workflow.

Day 61 - 90

Hand off to the auditor.

  • Connect Vanta, Drata, or OneTrust. Northbeams becomes an evidence source.
  • Generate your first SOC 2, EU AI Act, or HIPAA evidence pack from the dashboard.
  • Send the export to your auditor. Answer the customer questionnaire. Brief the board.

06 / Compliance evidence pre-mapped

The frameworks your auditor and your customers ask about.

Framework Controls Northbeams covers What ships in the evidence pack
SOC 2 + AI CC6.1, CC7.2, CC8.1 Discovered AI tool inventory, prompt classification logs, redaction events, policy enforcement audit trail. Maps cleanly to the SOC 2 Type II report your firm produces.
EU AI Act Articles 9, 10, 12, 13 Risk classification of AI systems in use, data governance log, automatic record-keeping, transparency notice templates.
HIPAA 164.312(a)(1), (b), (c)(1) Access control records, audit log, integrity controls. BAA available on Fleet.
GDPR Art. 30 records, Art. 35 DPIA AI sub-processor inventory, processing records, DPIA template pre-populated with actual usage data.

See how Northbeams deploys at your size.

Free 14 days on Sentinel. No card. No proxy. Install through your MDM. SAML and SIEM routing live on Fleet. Walk into the next audit with the export already in your inbox.

Start your 14‑day trial → Book a call

SOC 2 Type II readiness underway · Privacy-first by design · EU residency on Fleet