For the Director of IT or Head of Security

From "we don't know" to "here's the export." In 14 days.

For the Director of IT or Head of Security prepping for SOC 2, EU AI Act, or a customer security review. Northbeams plugs into the stack you already run. SAML, SCIM, MDM-deployed, SIEM-routed, evidence-pack ready. The MCP Gateway audits every tool your developers' coding agents call, on-device.

Start free. 14 days to a defensible answer → Book a 30 min walkthrough

SOC 2 Type II readiness underway · Privacy-first by design · No prompt content leaves the device

01 / The reality

Three questions land on your desk this quarter.

01 / The audit

Your SOC 2 auditor wants the AI control.

CC6.1 logical access. CC7.2 monitoring. CC8.1 change management. The auditor is asking how AI tool usage is governed. You need evidence, not a screenshot. By Friday.

02 / The customer

An enterprise customer just sent their security questionnaire.

Question 47: "Please list all AI sub-processors used in the delivery of services to us." You have 72 hours to answer or the contract slips a quarter.

03 / The board

Your CEO got asked at the last board dinner.

"What's our AI policy?" The board chair is half a regulator now. The answer "we're working on it" buys you exactly one quarter, then a board resolution lands.

02 / What you actually need

The list of things a security-vendor questionnaire asks for.

Identity

SAML SSO + SCIM

Okta or Entra. Single sign-on for admins. SCIM provisioning means joiners covered on day one, leavers off in seconds. Configured as part of your Fleet engagement.

Devices

MDM-deployed

Force-install via Jamf, Intune, or Kandji. One-click in your MDM. Five minutes to full coverage.

Logging

SIEM-routed

Stream every policy event into Splunk or Datadog in real time. Use the searches and dashboards your team already trusts. Configured as part of your Fleet engagement.

Evidence

GRC-pre-mapped

Vanta, Drata, OneTrust. Northbeams is an evidence source. The auditor gets shadow-AI coverage without you screenshotting anything. Configured as part of your Fleet engagement.

Coding agents

MCP Gateway

In-path proxy for the MCP servers your developers wire to Claude Desktop, Cursor, and Claude Code. Per-tool allow / warn / block. Argument values stay on the laptop. MDM-rolled via NBM_MCP_GATEWAY=1.

03 / Three numbers that close the audit conversation

What you walk into the meeting with.

27

AI tools active in a typical 50 person company. Your number is higher.

Northbeams customer base 2026

143

Sensitive prompts sent to public AI per company per month. Multiply by your headcount ratio.

Northbeams customer base 2026

14 days

From extension install to first evidence pack delivered to your auditor.

Northbeams deployment SLA on Sentinel and Fleet

04 / Plug into the stack you already run

Identity, devices, logging, evidence. We meet your tools where they live.

Identity

SSO + provisioning

Okta SAML SSO and SCIM provisioning. Joiners covered on day one. Leavers off in seconds.
Microsoft Entra SAML SSO and SCIM for Microsoft-first shops. Conditional access supported.

Available on Fleet

Device management

MDM-deployed extension

Jamf Pre-built Library Item. Force-install on every managed Mac. No user action required.
Microsoft Intune Chrome ADMX policy template. One-click force-install across mixed Windows + Mac fleets.
Kandji Pre-built Kandji Library Item. The MDM most fast-growing Mac shops are already on.

Available on Sentinel and Fleet

Logging and observability

SIEM event streaming

Splunk HEC integration. Pre-built Northbeams app on Splunkbase. CIM-compliant events fit the searches you already run.
Datadog Logs ingestion via API key. Pre-built dashboard and Security Signals templates for shadow-AI policy events.

Available on Fleet

Compliance and risk

Evidence automation + TPRM

Vanta AI tool inventory and policy logs feed Vanta as evidence for SOC 2 CC6.1, CC7.2, CC8.1.
Drata Same evidence pipeline as Vanta. Drop-in for Series B/C companies on Drata.
OneTrust AI sub-processor list feeds OneTrust data mapping and TPRM. PIA and DPIA templates pre-populated.

Available on Fleet

Don't see your stack? Talk to us →

05 / How it deploys at your size

From "install" to "auditor copy" in 90 days.

Day 0 - 30

Install and discover.

  • Deploy the extension via Jamf, Intune, or Kandji to the whole fleet.
  • Sign in to the Northbeams dashboard with SAML through Okta or Entra.
  • Receive your first AI Discovery Report inside 24 hours of install.
  • Categorize tools as sanctioned, unknown, or high-risk.

Day 31 - 60

Connect and route.

  • Turn on SCIM provisioning. Joiners auto-covered, leavers auto-revoked.
  • Stream policy events into Splunk or Datadog. Use the dashboards your team already runs.
  • Apply your first round of one-click block, sandbox, allow policies. Roll back any policy that breaks a workflow.

Day 61 - 90

Hand off to the auditor.

  • Connect Vanta, Drata, or OneTrust. Northbeams becomes an evidence source.
  • Generate your first SOC 2, EU AI Act, or HIPAA evidence pack from the dashboard.
  • Send the export to your auditor. Answer the customer questionnaire. Brief the board.

06 / Compliance evidence pre-mapped

The frameworks your auditor and your customers ask about.

Framework Controls Northbeams covers What ships in the evidence pack
SOC 2 Type II CC6.1, CC7.2, CC8.1 Discovered AI tool inventory, prompt classification logs, policy enforcement audit trail.
EU AI Act Articles 9, 10, 12, 13 Risk classification of AI systems in use, data governance log, automatic record-keeping, transparency notice templates.
HIPAA 164.312(a)(1), (b), (c)(1) Access control records, audit log, integrity controls. BAA available on Fleet.
GDPR Art. 30 records, Art. 35 DPIA AI sub-processor inventory, processing records, DPIA template pre-populated with actual usage data.

See how Northbeams deploys at your size.

Free 14 days on Sentinel. No card. No proxy. Install through your MDM. SAML and SIEM routing live on Fleet. Walk into the next audit with the export already in your inbox.

Start free. 14 days to a defensible answer → Book a 30 min walkthrough

SOC 2 Type II readiness underway · Privacy-first by design · EU residency on Fleet