Questions CISOs ask in the first meeting.

Managed AI for security teams is a service - not a product - where one team builds, deploys, and operates AI agents inside a customer's existing security stack. Customers do not buy a platform to administer. They engage a managed provider to run a specific outcome - endpoint lifecycle, identity hygiene, alert triage - end to end. Gradient is the managed AI provider for enterprise security teams.

Self-serve AI platforms hand your team another console, prompts to maintain, and a model to babysit. Gradient takes that work. We manage the model, the prompts, the evals, and the operating cadence. Your team owns the security outcome - and we're accountable for getting you there. Same SLAs as a tool, same flexibility as a team.

We start with one use case - usually whatever workflow is most painful - and scope, build, and ship it together. The platform under each new agent inherits what previous agents learned about your stack, so the second agent ships faster than the first.

Agents are sandboxed and run with tightly scoped tool access - they can only touch the systems and actions you explicitly approved. Beyond the prompt, the platform enforces hard limits at the connector level, so an agent literally cannot read or write outside its scope. Every action lands in an approval queue before it touches a system. When you trust an agent's judgment on a specific class of action, you opt it into auto-execute.

Gradient connects to the tools your team already uses - across endpoint, identity, SIEM, ticketing, code, cloud, vulnerability, and compliance evidence systems. We don't publish a marketplace and we don't make you migrate. If your team uses it, we wire to it.

Yes. SOC 2 by default. The platform is built for the same controls your auditors are already going to ask about - change management, access reviews, audit logging, encryption at rest and in transit.

We run evaluations on your data so each agent performs well in your environment - that stays private to you and is never shared. Training on your data is opt-in; if you'd rather we didn't, we won't. Anything that ever feeds shared model improvement is anonymized first - identities, asset names, and configurations stripped. You own your raw data and the agent configurations built for you, and you can request deletion at any time. You can also bring your own LLM API keys for full visibility into external usage.

We support a spectrum from fully managed - our default and fastest - to fully isolated. Depending on what matters most to you, that can mean a dedicated isolated tenant in our cloud, bring-your-own-key encryption so your data stays under your control, or running inside your own cloud on our infrastructure. No customer data leaves the perimeter you choose unless you explicitly allow it.

Often, yes - and that's the third phase of the engagement. When the agents are doing the operational work, the dashboards bought to look at the work become optional. So do the manual hours, the outsourced services, and the offshore queues. We don't push consolidation; it shows up as a natural consequence of agents doing the work end to end.

No. That's the point of the managed model. Gradient manages the AI work - the prompts, the model selection, the evals, the operating cadence. If you do have an AI/ML team, keep them on what differentiates your security program - detection logic, threat models, custom rules. We take the operational agents.

Pricing is outcome-based - not per-seat, not per-query. Each agent delivers a defined output, so each agent carries a fixed annual price, scoped to the size of the environment it runs on. Managed operation - monitoring, maintenance, and continuous improvement - is included for as long as we run the agent, and there's no upfront build cost: we absorb the work of building and configuring it. You validate results on your own data before you commit.

Yes - try before you buy. We scope your top pain points, pick the initial integrations, and validate an agent on your real data, so you see actual outcomes rather than just a dashboard. We start with a single use case to prove value, and you can contract for more once it's working.