SIEM for AI Agents

The Window Into
Your Agent Stack.

Real-time observability for every agent you run. Log events, track decisions, catch errors, and audit everything, from any framework, with one API call. Your agents work autonomously. VIGIL makes sure you always know what they're doing.

Start Watching Free β†’See How It Works ↓

Join 200+ builders already on VIGIL Β· No credit card required

Up and running in 90 seconds

No SDK required. No configuration. One HTTP call.

STEP 01
πŸ”‘

Create Your Agent

Register at the dashboard. Name your agent, get an API key. Takes 30 seconds.

STEP 02
πŸ“‘

Send One Event

One HTTP POST from your agent. Any language. No SDK, no setup, no install.

STEP 03
πŸ‘οΈ

Watch It Live

Every action streams to your dashboard in real-time. Set alerts. Export logs.

Watch your agent breathe

Live event stream, every decision, trade, and error, as it happens

vigil:live, agent event streamLIVE
Connecting to agent stream…

Everything you need to trust your agents

SIEM-grade security for AI agents. Financial monitoring built-in, not bolted on.

πŸ›‘οΈ

SIEM-Grade Event Logging

Every agent action is captured, normalized to SIEM standards (CRITICAL/HIGH/MEDIUM/LOW/INFO), and stored with a full audit trail. CEF + LEEF export to Splunk, Datadog, QRadar.

πŸ“‘

Real-Time Agent Feed

Live activity timeline, decisions, tool calls, errors, and anomalies stream to your dashboard the moment they happen. Like a SOC console, built for agents.

πŸ“‹

Compliance Auto-Mapping

Events are automatically tagged to SOC 2, PCI DSS, ISO 27001, NIST CSF, and GDPR controls. Generate audit-ready compliance reports in one click.

πŸ””

Smart Alerts & Incidents

Silence detection, error-rate thresholds, spend limits. Related events are auto-grouped into incidents. Email and webhook delivery.

πŸ’°

Financial Agent Support

Unlike generic SIEMs, VIGIL understands crypto, SOL cost per action, P&L tracking, on-chain transaction feed. Financial monitoring built-in, not bolted on.

πŸ”’

Your Data, Your Control

Logs live in your account only. Export everything as JSON or CSV anytime. Zero lock-in. COSTRINITY never accesses, shares, or sells your agent data. Ever.

Ship in minutes

One API call. Works with OpenClaw, Claude, GPT, AutoGPT, ElizaOS, or any custom script.

npm install @costrinity/vigil

πŸ”Œ Any language. REST API works from Python, Go, Rust, bash, anything that can make an HTTP call.

Full API docs β†’ /docs
any-agent.js
// Choose your storage: 'cloud' (your VIGIL account) or 'local' (your machine only)
await fetch('https://vigil.costrinity.xyz/api/ingest', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer vigil_your_key',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    action: 'buy',
    data: { token: 'SOL', amount: 0.5, reason: 'momentum signal' },
    cost_sol: 0.001,
    status: 'success',
    storage_mode: 'local' // 'local' = never touches our DB, stored on your machine
  })
})

Why VIGIL?

VIGIL is the developer-grade SIEM for AI agents. Free, local-first, and built to feed enterprise security stacks via CEF/LEEF export when you need them.

FeatureVIGIL πŸ”±AgentOpsLangSmithLangfuseHelicone
SIEM-standard severity levelsβœ“β€“β€“β€“β€“
CEF / LEEF export (Splunk etc)βœ“β€“β€“β€“β€“
Compliance auto-mappingβœ“β€“β€“β€“β€“
Incident correlation engineβœ“β€“β€“β€“β€“
Real-time event feedβœ“βœ“β€“β€“β€“
Any agent, any frameworkβœ“β€“β€“β€“β€“
Financial / crypto supportβœ“β€“β€“β€“β€“
Persistent audit trailβœ“βœ“βœ“βœ“βœ“
Your data, never sharedβœ“β€“β€“β€“β€“
Local export (JSON/CSV)βœ“β€“β€“β€“β€“
Free tierβœ“βœ“βœ“βœ“βœ“

Different lanes

VIGIL vs commercial AI security platforms

GuardionAI, Silverfort, and SentinelOne are excellent at what they do. They're also enterprise-priced and aimed at CISO-level deployments. VIGIL is the developer-grade layer that sits beneath them, and feeds into them via CEF/LEEF when the time comes.

GuardionAI
Production runtime gateway
Sub-50ms tool-call inspection at scale, SOC 2.
VIGIL: VIGIL logs every tool call with full payload + cost. Pair them, VIGIL on dev, Guardion on prod ingress.
Silverfort
Identity & governance
Treats agents as service accounts, manages auth/lateral movement.
VIGIL: VIGIL doesn't manage identity, it logs what authenticated agents do. Silverfort tells you who, VIGIL tells you what.
SentinelOne
Enterprise SIEM
AI-driven threat hunting across all infrastructure logs.
VIGIL: VIGIL exports CEF/LEEF directly into SentinelOne (or Splunk, Datadog, QRadar). Use VIGIL as the agent-source-of-truth feeding your SOC.

The pitch: if you're building agents, start with VIGIL, it's free, local-first, and gives you SIEM-grade output day one. When you scale to a CISO-grade stack, VIGIL feeds into it. You don't replace one with the other; you compose.

Recent updates

Always improving

What's shipped recently

v1.4
Apr 2026

Activity Graph (force-directed agent network) Β· Local-first by default Β· Desktop app no-login + auto-key Β· Auto-update channel Β· Mobile rewrite

v1.3
Mar 2026

ElizaOS plugin v2 Β· batch ingest Β· webhook retry logic Β· P&L export

v1.2
Feb 2026

P&L dashboard Β· SOL cost tracking per action Β· 7-day profit charts Β· on-chain tx feed

v1.1
Jan 2026

Smart alerts Β· email notifications Β· agent silence detection Β· multi-agent filter

✦ Just shipped

Map every agent action, in real time.

The Activity Graph clusters every agent event as a live force-directed network: agents in the center, threats VIGIL caught around them. Red nodes are blocked: SQL DROP TABLE, shell rm -rf, secret leaks, exfiltration attempts. Orange is high severity (prompt injection, wallet drain). Yellow is anomaly (unusual tool-call rate). Green is fine. Click any node for the full payload, severity, cost, and compliance tags.

  • β€ΊAuto-classifies destructive SQL, dangerous shell, secret leaks, prompt injection
  • β€ΊRedacts API keys / private keys before they ever hit storage
  • β€ΊPulsing rings on blocked threats so they catch your eye fast
  • β€ΊPan + zoom + alpha decay: old events fade, recent ones glow
  • β€ΊUpdates live as your agent runs
See the graph β†’
vigil:graph Β· threats caught Β· last 5m● live
trader-botsupport-botscraper-04DROP TABLErm -rf /WALLET DRAINBUY 0.5 SOLSECRET LEAKPROMPT INJECTIONEXFIL .envANOMALY 340/min
blocked high anomaly ok

Simple, transparent pricing

Start free. Scale when you need to.

Free
$0
forever
For solo builders testing the waters.
  • βœ“1 agent
  • βœ“10k events/month
  • βœ“7-day history
  • βœ“REST API access
  • βœ“ElizaOS plugin
Start Free, No Card
Most Popular
Pro
$29
per month
For serious agent deployments.
  • βœ“Unlimited agents
  • βœ“1M events/month
  • βœ“90-day history
  • βœ“Smart alerts
  • βœ“Email + webhook notifications
  • βœ“Priority support
Go Pro
Team
$79
per month
For teams building agent fleets.
  • βœ“Everything in Pro
  • βœ“5 team members
  • βœ“5M events/month
  • βœ“Shared dashboards
  • βœ“Audit export (CSV/JSON)
  • βœ“Dedicated Slack channel
Go Team
Enterprise
Custom
contact us
Mission-critical deployments.
  • βœ“Everything in Team
  • βœ“Unlimited events
  • βœ“Custom retention
  • βœ“SLA guarantee
  • βœ“On-premise deploy
  • βœ“Dedicated support
Contact Us
πŸ”’ Early adopter pricing, locks in forever when you sign up
πŸ”’

Your data stays yours. Full stop.

COSTRINITY does not store, share, sell, or access your agent event data for any purpose. Your logs are isolated to your account, we can't read them even if we wanted to. Export everything as JSON or CSV and delete your account at any time.

βœ“Your logs, your account only
βœ“Export JSON / CSV anytime
βœ“Delete your data instantly
βœ—We never read your event data
βœ—We never sell your data
βœ—No third-party analytics on your logs
This applies to all COS TRINITY projects, VIGIL, AGNT, SNiPr, and any future products.Read our Privacy Policy β†’

Ready to watch your agents?

Free forever for 1 agent. No credit card. Up and running in 90 seconds.

Free forever for 1 agent Β· No credit card required