Where we're headed
Public roadmap for product direction, enterprise features, and compliance certification milestones. Building in public.
- Q1 2026· ShippedAlpha
Platform Foundation
Core triage engine, 11 scanner parsers, 5 connectors, 13 compliance framework mapping, AI-powered triage with 7 tools, POAM generation, Stripe billing, and full deployment pipeline.
- Q1 2026· ShippedAlpha
Revenue Infrastructure
RBAC enforcement on all API routes, billing gates on AI endpoints, case approval workflow, session revocation, pricing page, onboarding flow, GitHub OAuth.
- Q1 2026· ShippedEnterprise
Vault Protocol
Ed25519 cryptographic signing and Merkle tree integrity verification on every audit event. Enterprise-grade evidence trail for FedRAMP, CMMC, and SOC 2 audits.
- Q1 2026· ShippedEnterprise
Cortex Analytics
AI compliance intelligence engine. Scan-over-scan trend analysis, natural language queries, and AI-generated executive summaries for compliance posture.
- Q1 2026· ShippedPro
Horizon API & Developer Portal
Interactive API documentation, TypeScript SDK, API playground, webhook catalog, and developer onboarding experience.
- Q1 2026· ShippedEnterprise
Signal Engine
Continuous ingestion via Cloud Pub/Sub. Real-time finding feed, scanner push mode, and SSE dashboard updates for live security monitoring.
- Q1 2026· ShippedPro
Flux Pipelines
Visual automation rules engine. IF/THEN builder UI for routing findings, assigning ownership, triggering notifications, and enforcing SLA policies automatically.
- Q1 2026· ShippedAlpha
Triage Model v1 Baseline
First purpose-built vulnerability triage baseline trained on curated security examples. Retained as an internal evaluation artifact, not a production-serving endpoint.
- Q2 2026· In ProgressAlpha
Triage Model v2
Expanded dataset and benchmark-gated runtime work for higher-confidence vulnerability decisions. Production wording waits for live serving infrastructure.
- Q2 2026· In ProgressPro
Hybrid AI Routing
External AI paths are live behind spend guards. Corvus routine-triage routing activates only when the private runtime is enabled, healthy, and benchmark-gated.
- Q3 2026· PlannedEnterprise
Sector-Specific Models
Planned industry vertical fine-tuning for healthcare, defense, and financial services. Compliance-weighted triage tailored to HIPAA, CMMC, FedRAMP, and PCI DSS requirements.
- Q2 2026· In ProgressEnterprise
Auditor Agent
AI agent for POAM generation, audit justifications, evidence language, and "not exploitable because..." risk statements. The compliance intelligence engine for auditor handoff.
- Q2 2026· In ProgressPro
GitHub & GitLab Integration
Auto-create pull requests to bump vulnerable dependencies. Connect findings directly to repos. CI/CD pipeline integration for shift-left security.
- Q2 2026· In ProgressInternal
Conversion Funnel Analytics
Track signup to upload to paid conversion with observability events. A/B testing on pricing page and CTAs. Source attribution across all channels.
- Q3 2026· PlannedEnterprise
SCIM Provisioning
Automated user provisioning and deprovisioning via SCIM 2.0. Required for enterprise customers with identity governance requirements.
- Q3 2026· PlannedPro
Continuous Monitoring Mode
Schedule recurring scans and get alerted when new KEV entries match your environment. Drift detection for compliance posture changes.
- Q4 2026· PlannedEnterprise
SOC 2 Type II Certification
Complete SOC 2 Type II audit with independent auditor attestation. Evidence collection system already built. Audit period begins Q3 2026.
- 2027· PlannedEnterprise
FedRAMP Authorization
Begin FedRAMP authorization process for government cloud deployment. Infrastructure already includes WAF and network isolation controls.
Want to influence the roadmap?
Early users still shape prioritization. Create a workspace, use the platform, and send product feedback from a real implementation path.