After your scanners. Before your auditors. AI that earns both signatures.
Scanner queues are full. Auditors are sharper than they were two years ago. The work between them — deciding which findings are actually exploitable in your configuration, advising on remediation with fix-class and side-effects, and producing evidence that internal audit and external assessors will accept — is where AI has the most to offer. And the most to prove. Henoyo runs the post-discovery work, governed for audit.
Design-partner programme · Now accepting select regulated enterprises.
Built on the same Henoyo orchestration engine that powers our agentic-AI work for revenue teams. Same governed install pattern, different application. One install model. Two buyers.
Where the cycle breaks today.
Four points of friction in the modern vulnerability-management lifecycle, against an attacker who now operates at AI speed.
Scanner noise.
SAST, DAST, SCA, secret, container, and network scanners flood the queue each quarter. CVSS-only prioritisation does not reflect your environment’s actual exposure. Triagers spend their best hours sorting alerts that compensating controls have already neutralised.
Exploit-validation gap.
“Is this CVE actually exploitable in our configuration, with our compensating controls?” The scanner says yes, no, or unknown. None of them demonstrate it. Confidence ends where the report ends.
Remediation friction.
Finding-to-fix is rarely blocked by missing patches. It is blocked by a missing owner, an unclear fix-class, unknown side-effects, and no validation context. The advisory work that should accompany every finding does not scale with headcount.
Audit defensibility.
Every AI-assisted decision must withstand internal audit, external assessors, sector regulators, and procurement — with tamper-evident evidence. Screenshots and vendor say-so will not survive a serious review.
How the AI is governable.
Three architectural choices, each visible in the audit chain. Not aspirations. Not roadmap. Properties of every action the platform takes.
Policy-gated.
Every action routes through an OPA Rego policy gate before execution. The AI never invokes an executor directly. Sensitive transitions require explicit policy approval; denied actions are logged with the rule that denied them.
Evidence-locked.
An append-only WORM evidence ledger captures every decision with hash chaining. Ledger entries ship in near-real-time to a customer-controlled trusted store, separate from the platform host. Compromise of the platform cannot erase the evidence.
Human authority.
Human-in-the-loop on every AI output. Two-person authorisation on every sensitive transition. No autonomous platform action. AI proposes; humans decide; the ledger records both.
Single-tenant, on-premise.
Deployed inside your environment, behind your IAM, against your scanner exports and your audit store. Egress is restricted to your approved LLM endpoint, with prompt redaction and ledger logging on every call. There is no shared SaaS.
What changes about your quarter.
Three concrete shifts your team should expect once Henoyo is running on a bounded perimeter inside your environment.
Findings are validated before a triager spends an hour on them.
The sandbox harness reproduces, fails to reproduce, or returns inconclusive for each finding under your configuration. Your triagers open a queue that is already sorted by what your environment actually exposes — not by what your scanner thinks is interesting.
Remediation advisory carries fix-class, effort, side-effects, and validation steps.
Each confirmed-exploitable finding lands with a structured advisory package: upgrade, codemod, or custom; estimated effort; the side-effects to expect from the change; the steps that would validate the fix worked. Not a CVE link. Not a paragraph. A package your owners can act on.
Every decision is evidence-locked before the next one happens.
Each AI output, every human approval, every two-person authorisation, every policy denial — hash-chained, WORM-shipped, exportable. Internal audit, external assessors, and procurement get machine- and human-readable evidence packages instead of screenshots and vendor say-so.
Four verbs.
What the platform actually does, end to end. Each verb is a substantive workflow stage with deterministic checkpoints, not a feature label.
Scope → provision → discover → validate. The harness reproduces a finding against a representation of your configuration, in an isolated sandbox, with a reproduced / non-exploitable / inconclusive verdict and the artefact chain that supports it.
Confidence-graded verdict per finding, ledger-locked.
Findings are correlated against public corpora — NVD, OSV, CISA KEV, EPSS, ATT&CK, CAPEC, OWASP, CWE — and against your own similarity index, before any LLM output is surfaced to a human triager. The model is grounded; the rationale is in the ledger.
Triage rank with rationale, anchored in evidence.
Per confirmed-exploitable finding: fix-class (upgrade / codemod / custom), effort estimate, side-effects, validation steps. Optional non-production validation against a test environment. No production write-back. No autonomous remediation.
Structured advisory package, ready for the owner.
Pre-registered methodology, oracles, and rubrics committed to the ledger before each run. Every decision — AI output, human approval, two-person authorisation, policy denial — hash-chained, WORM-shipped to your trusted store, exportable as a machine- and human-readable evidence package.
Exportable evidence pack for audit and procurement.
How Henoyo differs from the named-competitor set.
A scannable look at the structural choices that distinguish Henoyo from Cogent, Lakera, Protect AI, and HiddenLayer. Competitor claims are drawn from each company's own public website and architecture docs; where a posture cannot be publicly verified, the cell reads N/P (not public). The honest claim Henoyo makes against this set is governance and sovereignty, not speed or coverage breadth.
| Dimension | Henoyo | Cogent | Lakera | Protect AI | HiddenLayer |
|---|---|---|---|---|---|
| Deployment model | Single-tenant, on-premise or in a cloud account you own. No shared SaaS. | SaaS, multi-tenant (per cogent.com). | SaaS (lakera.ai); self-hosted on request. | SaaS plus on-premise option (protectai.com). | SaaS (hiddenlayer.com). |
| Workflow scope | Post-discovery validation + remediation advisory. Pre-deploy, not runtime. | Agentic AI for vulnerability management (post-discovery investigation + remediation). | Runtime LLM guardrails — prompt-injection detection, output safety. Different category. | Model scanning + ML supply-chain security. Different category. | Runtime AI/ML attack detection + response. Different category. |
| Action posture | Advisory only. No production write-back, auto-merge, or autonomous remediation. Two-person authorisation on sensitive transitions. | Autonomous remediation framed as a feature ('AI agents that investigate and resolve vulnerabilities at machine speed', per cogent.com). | Inline blocking at runtime; not remediation. | Reporting + integrations; not autonomous remediation. | Detection + alerting; not autonomous remediation. |
| Evidence trail | Append-only WORM ledger, hash-chained, shipped to a customer-controlled trusted store. Pre-registered methodology committed before each run. | N/P — evidence-chain specifics not public. | N/P. | Audit logs available; WORM specifics not public. | N/P. |
| LLM endpoint control | Customer-supplied endpoint (Azure OpenAI India / AWS Bedrock India default). Customer credentials, no-training terms, prompt redaction, ledger logging. | Vendor-managed model selection. | Vendor-managed. | Vendor-managed (model-agnostic for scanning). | Vendor-managed. |
| India sovereignty posture | India residency, India arbitration, India escrow agent, DPDP / CERT-In 2022 alignment. | N/P — no India-specific posture public. | N/P. | N/P. | N/P. |
| Engagement model | Design-partner programme: three two-month rounds, fixed-price per round, acceptance-gated. Not consulting, not seat-based. | SaaS subscription (typical commercial model). | SaaS subscription. | SaaS subscription + on-prem licence option. | SaaS subscription. |
N/P = posture not publicly stated by the vendor as of 2026-05-20. Rows are derived from each vendor's own website and public documentation; if any row misrepresents your product, please email security@henoyo.ai and we will correct or remove the row.
For regulated Indian enterprises.
DPDP, CERT-In, India residency, India arbitration — the constraints regulated Indian buyers are required to meet, mapped to the platform’s actual posture, not retrofitted as marketing.
- DPDP Act — you are the data controller / fiduciary; we act on your documented instructions for any personal-data processing.
- CERT-In Directions 2022 — six-hour incident notification window supported; evidence preserved per CERT-In log-retention guidance.
- Data residency — all platform-internal storage stays within your environment, within India.
- Only egress — your approved LLM endpoint (Azure OpenAI India or AWS Bedrock India by default) with no-training terms, prompt redaction, and ledger logging.
- India arbitration — India residency, India law, India arbitration, neutral India escrow agent for source-code escrow.
Regulated enterprises in the EU, US, and other jurisdictions: the same posture applies; the specific compliance framings (GDPR, FedRAMP, SOC 2) are addressable on the same install. Talk to us.
What this engagement does and does not cover.
Boundary-setting, not apology. The category is full of vendors who imply broad coverage and autonomous action; we would rather draw the lines you can hold us to.
Not a pen-test or red-team.
We do not exploit, red-team, or pen-test live infrastructure. No DoS testing, no fuzzing on production, no exfiltration simulation. Validation is sandbox-only.
Not runtime guardrails.
Inline prompt-injection blocking, agent-traffic firewalls, and runtime input/output sanitisation are a different product category. This is the post-discovery work.
Not autonomous remediation.
No production write-back, no auto-merge, no auto-deploy, no automated ticket closure. Every advisory is exactly that — advisory.
Not a VAPT certificate path.
We do not issue VAPT certificates or compliance attestations. Engage CERT-In empanelled assessors separately where independent certificates are required.
Not SIEM / SOAR / ticketing integration in this phase.
ServiceNow, Jira, and SIEM/SOAR integration are out of scope for the current engagement; evidence exports are file-based and machine-readable so your operators can wire them in on their own cadence.
Common questions.
Where does the platform actually deploy?
Inside your environment, single-tenant. On-premise or in a cloud account you own, with a controlled egress to your approved LLM endpoint and a separate customer-controlled trusted store for the WORM evidence ledger. There is no Henoyo-side data store and no shared SaaS. Deployment is collaborative — your team owns the environment, we own the platform deployment.
What is the engagement model?
A design-partner programme, structured as three two-month rounds (Foundation, Ingestion+Triage, Shadow-mode). Fixed-price per round, acceptance-gated, with round outcomes evidenced through artefacts rather than committed numeric SLAs. This is not a man-day consulting engagement; it is product deployment plus collaborative configuration. Source-code escrow with a neutral agent is part of the standard arrangement.
How does this differ from Cogent and similar agentic-VM products?
Cogent’s product (and most peers) is SaaS multi-tenant, with AI agents that can take action on your behalf at machine speed. Henoyo runs single-tenant on your premise, gates every action through OPA Rego policy, locks every decision into a WORM evidence ledger, and requires two-person authorisation on sensitive transitions. The tradeoff is honest: slower per-finding turnaround, deeper defensibility per decision, and a sovereignty posture that satisfies regulated buyers who cannot use multi-tenant SaaS.
What’s the difference between this and a pen-test or VAPT?
A pen-test or VAPT is an authorised, scoped, often-attestable assessment of a target by a qualified team. We are not that. We are the post-discovery layer that takes existing scanner output, validates exploitability in a sandbox against your configuration, advises remediation, and produces audit-grade evidence. If you need a VAPT certificate, engage CERT-In empanelled assessors separately; we operate alongside that programme, not in its place.
What LLM does it use, and who controls it?
Your LLM. Azure OpenAI India or AWS Bedrock India by default, on enterprise no-training terms; alternative endpoints supported where your jurisdiction requires. Credentials are yours, billing is yours, prompts and responses are logged in your ledger. Prompt redaction sits between the platform and the model endpoint; the platform does not retain prompts outside the ledger.
What if my environment includes telecom-specific protocols (SS7, Diameter, GTP, IMS, RAN, OSS / BSS)?
Explicitly excluded from current scope per the engagement guardrails. The validation harness operates against application and infrastructure findings, not telecom protocol layers. Lawful intercept, SIM / eSIM provisioning, and RAN firmware are out of scope. Regulated telecoms engage protocol-specific assessors for that work.
What evidence do I get out of this?
Per-finding ledger entries (hash-chained, WORM-shipped to your trusted store), an exportable cross-wave audit pack at the end of each round, advisory packages per confirmed-exploitable finding (fix-class, effort, side-effects, validation steps), and a pre-registered methodology document committed to the ledger before each run. Machine-readable for downstream tooling; human-readable for audit and procurement.
Ready to see this against your own findings?
We work with a small number of regulated enterprises at a time, in defined two-month rounds. The conversation starts with your scanner sources, your operator group, and the bounded perimeter you would scope for Round 1.
Design-partner programme conversation, not a CRM demo. Allow a half hour.