The AI that names its sources and says no when data or read permission is missing. Every question is logged for audit.
The vCISO assistant is part of the Cybervize platform and answers questions about your security and compliance posture from your real data. It is available and runs by default on a language model operated locally in Germany. AI agents that act under supervision are in preparation.
Book a demoThe assistant does not query the database freely. It works with a fixed toolkit of around 25 vetted, server-side defined queries that cover the platform's central subject areas: risks, vulnerabilities and incidents, assessments, compliance status and gaps per standard, measures, KPIs, supplier risk, business continuity and the EU AI Act registry. Every answer names its source and metric. If a question is ambiguous, the assistant asks back instead of guessing. For general questions without company context it provides general knowledge, clearly labelled as such.
The assistant only reads. It changes nothing: no creating risks, no closing incidents, no moving tasks. That is a deliberate boundary.
In Cybervize, an AI agent is managed like an employee: its own account, roles, organizational permissions, visibly labelled as an AI agent everywhere. Suggesting is the default: the agent delivers an assessment with reasoning and confidence, a human decides. Acting applies only to narrowly defined, technical fields; switching to it requires a second person, switching back is immediate. The first use case is initial triage of security incidents: severity, category, reasoning, confidence and, where relevant, an indicative hint on possible reporting deadlines, for example under NIS-2.
These locks are hard-wired in the system. They hold even if something goes wrong in the configuration.
The AI agents are in preparation. We are happy to show the current state in a conversation.
The AI layer runs by default on a locally hosted language model operated exclusively in Germany. No customer data flows to external model providers, and answers stay strictly within your own tenant's data. If you have your own AI infrastructure, you connect your own model (bring your own LLM); the operating modes Sovereign, BYOK and Managed can be chosen per tenant. The same principle is built into the AI agents (in preparation): every agent auto-registers in the company's AI system registry following EU AI Act logic and is classified and confirmed by a human before activation. More on the four levers of sovereignty: Digital sovereignty.
The platform does not just help with AI, it also helps you govern your own use of AI. ISO/IEC 42001, the management system for artificial intelligence, can be activated as a standard as soon as AI systems are in use. Through the integrated standards core it is mapped onto the shared control structure: one implementation, multiple standards. ISO 27001 is the common language; among the activatable frameworks are ISO 22301, IEC 62443, NIST SP 800-53, BSI IT-Grundschutz and DIN SPEC 27076. On the regulatory side the platform addresses NIS-2, GDPR and KRITIS; DORA and TISAX are carried as sector and reporting evidence. Together with the AI system registry this creates AI governance you can put in front of an auditor. For the advisory side: AI Security Governance.
We show the assistant live, on real demo data. And answer the question everything starts with: where do we stand?
Book a demoAutomated risk management and real-time compliance monitoring.
Learn moreOutsourced CISO (vCISO): strategic security leadership at C-level, flexible and cost-effective.
Learn moreSecure AI usage with governance frameworks and risk assessment.
Learn more