PREVIEWCISO360AI is offered as-is while in preview. Features and data may change. Learn more.
AI-native GRC platform

Cybersecurity at the speed of AI

Your AI vCISO and always-on sidekick — protect, prevent, detect and respond, and adapt to the threats of today and tomorrow.

Automate compliance (ISO 27001, SOC 2, NIST CSF), manage risk, and run continuous threat exposure management (CTEM) across your attack surface — all in one platform.

AI-native, not AI-bolted-on — MCP direct integration with Claude, Copilot or Cursor.

Free plan, no credit card — multi-tenant and tenant-isolated by design.

CISO 360° view — with 24/7 AI coverage

AI vCISO, built in

Guidance, drafting and gap-to-risk automation — human-approved.

Continuous exposure (CTEM)

Attack-surface discovery, exposure scoring and prioritisation — feeding your compliance and risk posture.

16 standards

ISO 27001, SOC 2, NIST CSF and more on one mapped spine.

Bring your own agent

Connect Claude, Copilot or Cursor via our native MCP server — every tier.

AI-native, not AI-bolted-on

Bring your own agent

CISO360AI ships a native, standards-based MCP server — so your own AI agent works your GRC programme directly, across every project, with no bridge or plugin. Writes are scope-gated, with higher-risk actions requiring explicit approval — on every tier including Free.

  • Native MCP server
  • Claude · Copilot · Cursor
  • 34 tools — human-in-the-loop
  • OAuth 2.1 or scoped keys
  • Works across your projects
  • Every tier, including Free

Everything for the GRC lifecycle

One AI vCISO across attack surface, risk and compliance — turning live threat signals into continuous threat exposure management (CTEM).

AI Sidekick — your AI vCISO

A built-in AI vCISO that guides, drafts and derives risk from gaps — with a human always in the loop. Or bring your own agent via our native MCP server, on every tier.

  • 5 expert personas (CISO, Compliance, Analyst, IR, Pentester)
  • AI risk derivation from compliance gaps — human-approved
  • Native MCP server — bring Claude, Copilot or Cursor; 34 tools, human-in-the-loop
Compliance & Standards

Get audit-ready across 16 standards, mapped to a common NIST CSF 2.0 spine.

  • ISO 27001, SOC 2, NIST CSF, GDPR, HIPAA, CIS & more
  • Bidirectional control ↔ requirement mapping
  • Cross-framework derivation + SCF crosswalk
Assessments & evidence

Run assessments, track coverage and maturity, and attach evidence with expiry reminders.

  • Onboarding wizard to your first assessment in minutes
  • Coverage / maturity / gap analytics
  • Evidence library with expiry tracking
Risk management

An AI-derived risk register with inherent & residual scoring, heatmaps and treatment plans.

  • 5×5 inherent / residual scoring
  • Risk heatmap + treatment plans linked to controls
  • SCF threat catalogue (41 threats / 39 risk statements)
CTEM — Continuous Threat Exposure Management

Continuous attack-surface discovery with exposure scoring and prioritisation (CTEM), so your posture reflects real risk.

  • Passive, active & deep attack-surface discovery
  • Vulnerability triage with audit events
  • EPSS/KEV enrichment + exposure scoring & prioritisation
Identity exposure & dark-web monitoring

Monitor the dark web and breach data for your verified domains — leaked credentials surface as first-class findings.

  • Dark-web & breach monitoring (cadence by plan)
  • Leaked-credential findings with breach timelines
  • Domain-ownership verification (DNS-TXT)
Dashboards & analytics

Real-data dashboards for compliance posture, risk and attack surface — at a glance.

  • GRC posture dashboard
  • Attack-surface graph view
  • Time-bucketed trend analytics
Reporting & exports

Executive-ready compliance reports with coverage, gaps and risk — exportable.

  • Compliance report with executive summary
  • Findings report with evidence & screenshots
  • CSV + JSON data export
Collaboration

Work as a team — internal and with third parties — with notifications and an activity feed.

  • Project sharing (internal + third-party)
  • Email notifications & activity feed
Gamification & engagement

Keep momentum with maturity badges, path-to-baseline and treated-over-time streaks.

  • Maturity achievement badges
  • Path-to-baseline progress
Identity, access & audit

Single sign-on, built-in roles, MFA and a typed audit log you can export.

  • OIDC single sign-on (Microsoft 365 & email)
  • Built-in roles + MFA
  • Typed audit log
Platform & support

Multi-tenant, scalable and supported — from self-serve to a dedicated CSM.

  • Tenant-isolated by design
  • Configurable retention
  • Email → priority → dedicated support

16 standards supported, mapped to one spine

NIST CSF 2.0 is the core spine every account runs — assess once, see coverage everywhere.

NIST CSF 2.0ISO/IEC 27001:2022SOC 2 (TSC 2017/2022)CIS Controls 8.1GDPRHIPAA Security RuleNIST Privacy Framework 1.0OWASP Top 10:2025NZ Privacy Act 2020NZ HISF 2025NCSC MCSS 2025 (NZ)UK Cyber Essentials 2025UK NCSC CAF 4.0ACSC Essential Eight 2023BSI 200-1 (ISMS)SMB Minimum Baseline

View standards, coverage & licensing

Simple pricing for every stage

Start free, get audit-ready on Essentials, run a full programme on Complete. Yearly billing saves ~17%.

Free

$0/mo

Try the platform

Essentials

$25/mo

Get audit-ready on one framework

Most popular
Complete

$250/mo

Multi-framework GRC + AI vCISO

Enterprise / Custom available — compare every feature

Frequently asked questions

Is there a free plan?

Yes. The Free plan is $0/month — a no-cost way to evaluate the platform, with a read-only NIST CSF 2.0 self-assessment and basic attack-surface scanning.

Who can register? Do you accept personal email addresses?

CISO360AI is a B2B platform for organisations. Registration and team invitations require a corporate (work) email address — personal, free or temporary email addresses are not accepted. This keeps every account tied to a verifiable organisation.

Which compliance standards do you support?

16 seeded standards including ISO/IEC 27001:2022, SOC 2, NIST CSF 2.0, CIS Controls 8.1, GDPR, HIPAA, OWASP Top 10, ACSC Essential Eight, UK Cyber Essentials and more — all mapped to a common NIST CSF 2.0 spine. See the Standards page for licensing and coverage.

Can I bring my own AI agent?

Yes. On every tier you can connect your own agent — Claude, GitHub Copilot, Cursor and other MCP clients — directly to our native MCP server, authenticated with OAuth 2.1 or a scoped API key. All 34 tools keep a human in the loop: writes are scope-gated, and higher-risk actions (destructive changes, risk acceptance) require explicit approval while low-risk triage runs autonomously and is audited. Our hosted AI Sidekick is metered per plan.

Do you monitor for leaked or dark-web credentials?

Yes. Identity-exposure monitoring surfaces leaked and dark-web credentials for your verified domains as first-class findings, with breach timelines. It runs on-demand on Free and on a scheduled cadence on paid plans (monthly on Essentials, weekly on Complete, daily on Enterprise); revealing a leaked credential is an audited, paid-plan action.

Is my data isolated from other customers?

Yes. CISO360AI is multi-tenant by design — every organisation's data is tenant-isolated, and all access is scoped to your org and project.

How much does it cost?

Free is $0/month, Essentials is $25/month (one-framework starter), and Complete is $250/month (full multi-framework GRC + AI vCISO). Enterprise/Custom is available for mid-market and regulated organisations. Yearly billing saves roughly 17%.

Can I change or cancel my plan?

Yes. Start on Free, upgrade when you are ready, and manage your subscription from your account at any time.

Security as a practice — not a tick-box exercise

Spin up a free account in minutes and let your AI vCISO turn live attack-surface, vulnerability and risk signals into a prioritised, continuously-managed exposure plan — not a once-a-year snapshot.