Vigil: First Open-Source AI SOC With LLM-Native Architecture

A new open-source project launched at RSA Conference 2026 aims to free security teams from proprietary AI security vendors. Vigil is the first 100% open-source AI Security Operations Center built with a LLM-native agent architecture.

What Is Vigil?

Vigil, built by DeepTempo, addresses a problem that many security teams are facing right now:

• Proprietary AI SOC vendors lock you in and hide how their AI actually works
• Existing open-source tools haven’t caught up with the latest agentic architectures
• Security teams want to use their own existing LLMs and model deployments

Vigil solves this by providing a completely open, pluggable framework that lets security teams leverage modern large language models without vendor lock-in.

Key Features

Vigil comes with impressive out-of-the-box capabilities:

• 13 specialized AI agents for different security tasks
• 30+ integrations with existing security tools
• 7,200+ detection rules spanning Sigma, Splunk, Elastic, and KQL formats
• Four production-tested multi-agent workflows for incident response, investigation, threat hunting, and forensic analysis
• Completely open architecture under Apache 2.0 license
• Bring your own model: Use whatever enterprise LLM your organization already runs
• MCP-compatible: Works with the Model Context Protocol standard for tool integration

Why This Architecture Matters

The LLM-native agent architecture is a big deal for security operations:

1. Transparency: Everything is out in the open — no black boxes hiding how decisions are made
2. Flexibility: Security teams can customize every part of the workflow to match their environment
3. Future-proof: As LLMs get better, those improvements automatically benefit your SOC without needing to replace the whole system
4. Extensibility: Adding new integrations and custom agents is as simple as checking a file into a repository

This is a fundamentally different approach from proprietary vendors who keep everything locked down and force you to use their model regardless of what you already have.

Getting Started

Running Vigil locally is surprisingly straightforward:

“`bash
git clone –recurse-submodules https://github.com/deeptempo/vigil.git
cd vigil && ./start_web.sh

Open http://localhost:6988 — your AI SOC is running.

“`

Because it’s open source and completely self-hosted, you can:
– Try it out without any enterprise license commitment
– Customize it to match your existing toolchain
– Contribute improvements back to the community
– Use it with whatever models you already have licenses for

Who Should Use Vigil?

Vigil is particularly valuable for:

• Larger enterprises that already have their own LLM deployments and want to avoid vendor lock-in
• National SOCs that need full control over their security infrastructure
• Security teams frustrated with black-box proprietary AI solutions
• Open-source security communities that want to collaborate on better AI-powered detection

The project is already attracting interest from organizations that have been building their own internal agentic SOC capabilities but want a shared foundation to build on.

The Future of Open-Source Security

This launch reflects a broader trend: AI is transforming security operations, and the open-source community is stepping up to provide alternatives to proprietary solutions. Just like we saw with SIEM and SOAR, the future of AI-powered security will likely have a strong open-source component.

If you’re working in security operations and tired of opaque proprietary AI tools, Vigil is definitely worth checking out. It’s available right now on GitHub under the Apache 2.0 license.

Source: Vigil: The First Open-Source AI SOC Built with a LLM-native Architecture | Published: March 24, 2026