Your AI vCISO and always-on sidekick — protect, prevent, detect and respond, and adapt to the threats of today and tomorrow.
Automate compliance (ISO 27001, SOC 2, NIST CSF), manage risk, and run continuous threat exposure management (CTEM) across your attack surface — all in one platform.
AI-native, not AI-bolted-on — MCP direct integration with Claude, Copilot or Cursor.
Free plan, no credit card — multi-tenant and tenant-isolated by design.
CISO 360° view — with 24/7 AI coverage
AI vCISO, built in
Guidance, drafting and gap-to-risk automation — human-approved.
Continuous exposure (CTEM)
Attack-surface discovery, exposure scoring and prioritisation — feeding your compliance and risk posture.
16 standards
ISO 27001, SOC 2, NIST CSF and more on one mapped spine.
Bring your own agent
Connect Claude, Copilot or Cursor via our native MCP server — every tier.
CISO360AI ships a native, standards-based MCP server — so your own AI agent works your GRC programme directly, across every project, with no bridge or plugin. Writes are scope-gated, with higher-risk actions requiring explicit approval — on every tier including Free.
One AI vCISO across attack surface, risk and compliance — turning live threat signals into continuous threat exposure management (CTEM).
A built-in AI vCISO that guides, drafts and derives risk from gaps — with a human always in the loop. Or bring your own agent via our native MCP server, on every tier.
Get audit-ready across 16 standards, mapped to a common NIST CSF 2.0 spine.
Run assessments, track coverage and maturity, and attach evidence with expiry reminders.
An AI-derived risk register with inherent & residual scoring, heatmaps and treatment plans.
Continuous attack-surface discovery with exposure scoring and prioritisation (CTEM), so your posture reflects real risk.
Monitor the dark web and breach data for your verified domains — leaked credentials surface as first-class findings.
Real-data dashboards for compliance posture, risk and attack surface — at a glance.
Executive-ready compliance reports with coverage, gaps and risk — exportable.
Work as a team — internal and with third parties — with notifications and an activity feed.
Keep momentum with maturity badges, path-to-baseline and treated-over-time streaks.
Single sign-on, built-in roles, MFA and a typed audit log you can export.
Multi-tenant, scalable and supported — from self-serve to a dedicated CSM.
NIST CSF 2.0 is the core spine every account runs — assess once, see coverage everywhere.
Start free, get audit-ready on Essentials, run a full programme on Complete. Yearly billing saves ~17%.
$0/mo
Try the platform
$25/mo
Get audit-ready on one framework
$250/mo
Multi-framework GRC + AI vCISO
Yes. The Free plan is $0/month — a no-cost way to evaluate the platform, with a read-only NIST CSF 2.0 self-assessment and basic attack-surface scanning.
CISO360AI is a B2B platform for organisations. Registration and team invitations require a corporate (work) email address — personal, free or temporary email addresses are not accepted. This keeps every account tied to a verifiable organisation.
16 seeded standards including ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, CIS Controls 8.1, GDPR, HIPAA, OWASP Top 10, ACSC Essential Eight, UK Cyber Essentials and more — all mapped to a common NIST CSF 2.0 spine. See the Standards page for licensing and coverage.
Yes. On every tier you can connect your own agent — Claude, GitHub Copilot, Cursor and other MCP clients — directly to our native MCP server, authenticated with OAuth 2.1 or a scoped API key. All 34 tools keep a human in the loop: writes are scope-gated, and higher-risk actions (destructive changes, risk acceptance) require explicit approval while low-risk triage runs autonomously and is audited. Our hosted AI Sidekick is metered per plan.
Yes. Identity-exposure monitoring surfaces leaked and dark-web credentials for your verified domains as first-class findings, with breach timelines. It runs on-demand on Free and on a scheduled cadence on paid plans (monthly on Essentials, weekly on Complete, daily on Enterprise); revealing a leaked credential is an audited, paid-plan action.
Yes. CISO360AI is multi-tenant by design — every organisation's data is tenant-isolated, and all access is scoped to your org and project.
Free is $0/month, Essentials is $25/month (one-framework starter), and Complete is $250/month (full multi-framework GRC + AI vCISO). Enterprise/Custom is available for mid-market and regulated organisations. Yearly billing saves roughly 17%.
Yes. Start on Free, upgrade when you are ready, and manage your subscription from your account at any time.
Spin up a free account in minutes and let your AI vCISO turn live attack-surface, vulnerability and risk signals into a prioritised, continuously-managed exposure plan — not a once-a-year snapshot.