FIND-20260323-025 · 2026-03-23 · Innovation Veille

Vigil — Open-Source AI-Native SOC Platform (12 Specialized Agents + MCP)

adhoc HIGH
Vigil is a fully open-source Security Operations Center platform built on autonomous AI agents powered by Claude (Anthropic). It deploys 12 specialized security agents — triage, investigation, threat hunting, MITRE ATT&CK mapping, forensics, malware analysis, network traffic, compliance — that chain into end-to-end playbooks (incident response, full investigation, threat hunt, forensic analysis). The platform integrates with 30+ external tools via Model Context Protocol (Splunk, CrowdStrike, VirusTotal, Shodan, Jira, Slack, Timesketch) and ships 7,200+ detection rules covering Sigma, Splunk, Elastic, and KQL formats. Confidence-based auto-approval (score >= 0.90 auto-executes, < 0.85 requires human review) enables autonomous 24/7 operation. Created March 13, 2026 and already active with commits as of March 23, 2026. FastAPI + PostgreSQL + Redis backend, React frontend, Docker deployment.

Source

https://github.com/Vigil-SOC/vigil

ODS Impact

Directly relevant to ODS for three reasons. First, the multi-agent orchestration pattern — specialized agents chained into workflows with confidence scoring and human-in-the-loop fallback — mirrors the ADLC pipeline architecture (ba, architect, security, devops agents in sequence). Vigil proves this pattern at production scale for a complex domain and provides concrete implementation reference for improving agent handoff, circuit-breaker logic, and confidence thresholds in ADLC. Second, the MCP integration layer (30+ tools via Model Context Protocol) is immediately applicable to the ADLC security agent: rather than manually implementing CVE scanners, Vigil's approach of composing external tools via MCP offers a lower-effort path to richer security analysis in the pipeline. Third, the confidence-based approval gate (>0.90 auto-approve, <0.85 human escalation) is a mature pattern that could be adopted to reduce unnecessary human-review DMs in ADLC while maintaining safety guarantees for high-risk operations.

Security Review

License: Apache-2.0 | Maintenance: ACTIVE | Risk: MEDIUM | Recommendation: USE_WITH_CAUTION

Tags

security soc ai-agents mcp multi-agent claude python fastapi open-source threat-hunting incident-response
Generated by ODS Innovation Veille · 2026-03-23T21:15:05+00:00