autoCISO

The Security Audit
That Runs Itself

AI Access Intelligence + Virtual CISO

The fastest way for an SMB to find ghost accounts on day one — and run the ISO / SOC 2 program all the way to audit day.

7.2 ghost accounts / audit
$3,240 avg. monthly waste
5 min to first finding
No API required
Problem 1 of 2

Access reviews
are broken for
90% of companies

Most SMBs don't have Okta, Entra, or modern IAM — and even those who do still leak access through unfederated, local, and UI-only systems.

Ghost accounts per company
7.2
Wasted licenses per month
$3,240
Hours per quarterly audit cycle
40–80h
Auditor wait for evidence packages
3 wks
GitHub · Organization Members
Showing 18 members
MJ
Marcus Johnson
m.johnson@acme.com
Admin
Terminated Feb 14
SR
Sarah Reynolds
s.reynolds@acme.com
Write
Active
TW
Tyler Webb
t.webb@acme.com
Write
90d inactive
AL
Amara Lee
a.lee@acme.com
Read
Active
KC
Kevin Chen
k.chen@acme.com
Admin
Terminated Jan 3

↑ 2 ghost accounts with Admin access — discovered in seconds

Problem 2 of 2

SMBs still run the program manually.

Even when SMBs have SSO, the compliance program — policies, risks, internal audits, evidence collection, auditor coordination — still runs on Notion pages, spreadsheets, and expensive consultants.

AutoCISO solves both jobs — access reality and compliance execution — for SMBs with SSO and without.
What compliance actually requires
The Work
Scope & SoA
Policy library
Risk register
Treatment plan
Asset & supplier register
Access reviews
Evidence collection
Internal audit
Management review
Corrective actions
Auditor coordination
Continuous monitoring
What API GRC covers
Scope & SoA
Policy library
Risk register
Treatment plan
Asset & supplier register
Access reviews ~
Evidence collection ~
Internal audit
Management review
Corrective actions
Auditor coordination ~
Continuous monitoring ~
8 of 12 compliance jobs are still manual — even after Vanta-class tooling.
Market Gap

Existing tools each cover one slice.
None cover the whole.

Some tools see API-connected apps. Some run the paperwork. None reconcile UI reality, identity sources, and the compliance program in one evidence chain.

Vanta / Drata
Compliance automation built around API/IdP evidence. Strong where connectors exist; weaker on UI-only, local, unfederated, and effectiveness gaps.
Zluri / BetterCloud
SaaS discovery and operations — but no full compliance program, no auditor handoff, and limited evidence chain.
Cynomi / Copla / fractional vCISO
Program guidance and expert leverage — but access evidence still depends on manual exports, screenshots, or customer-side tooling.
Spreadsheets
Manual, error-prone, and already failing. 40–80 hours per quarter. No reconciled identity graph. Auditors hate it.

Enterprise IAM (CrowdStrike / SailPoint) sits a tier above this comparison: months to implement, six-figure budgets, and still not the compliance program-of-record for a 50-person team.

AutoCISO covers both jobs — and verifies any system with a screen.
Pillar 1 · The Verification Layer

If you can see it
on a screen,
AutoCISO can audit it

Vision and the browser agent capture user lists from any system — then reconcile against API, SCIM, CSV, and HRIS into one identity graph and one evidence chain.

01
Capture
Vision + browser agent auto-capture any app's user page — no API or SSO required
02
Extract
Claude Vision identifies every user, role, email, and status
03
Reconcile
Fuzzy identity matching against API, SCIM, CSV, HRIS — one identity graph
04
Act
One-click Jira/Slack tasks + immutable evidence chain for auditor handoff
Starts Vision-first. Graduates to hybrid. Vision · UI truth API + SCIM · system truth CSV / HRIS · people truth Reconciliation · one identity graph + one evidence chain
AutoCISO · AI Vision Extraction
Processing…
Uploaded Screenshot · AWS IAM Users
AI Extracted — 5 identities
👤 m.johnson@acme.com
👤 s.reynolds@acme.com
⚠ t.webb@acme.com
👤 a.lee@acme.com
⚠ k.chen@acme.com
2 Ghost Accounts Detected
m.johnson@acme.com — terminated 2025-02-14, still has Admin access
k.chen@acme.com — terminated 2025-01-03, still has Admin access
Pillar 2 · The Program Layer

One platform. Three jobs.
Zero spreadsheets.

Not a utility. Not a checklist. The full virtual-CISO scope, organized around the work of running a real program.

Access Intelligence

See every account, owner, and ghost — including the ones APIs miss.

  • Ghost Hunter
  • License Waste
  • Zombie Hunter
  • Offboarding Hub
  • Periodic Access Reviews
  • Hybrid Identity Graph

Compliance Program

Run the actual work of compliance, not just the tooling.

  • Scope Wizard
  • AI Policy Generator
  • Risk Register
  • Internal Audit
  • Management Review
  • Evidence Vault

Audit & Certification

Walk into the audit with evidence already mapped to controls.

  • Auditor Portal
  • Readiness Score
  • Continuous Evidence
  • ISO 27001 / SOC 2 / HIPAA mapping

Same workspace. Same evidence chain. From day-one ghost to year-one auditor handoff.

The Expansion Arc

From first audit to audit day, in one workspace.

We land at Day 1 with a free audit. We expand into the workflows that get the customer audit-ready and keep the evidence chain alive.

Day 1
Ghost Hunter audit
Free 5-min audit. Ghosts, zombies, license waste, SOC 2 gaps.
Week 1
Scope & gap analysis
AI wizard maps stack to ISO 27001 / SOC 2.
Week 2
Policies, risks, SoA
Drafted policies. Live risk register. Auto-generated SoA.
Month 1
Access reviews & evidence
Quarterly reviews. Evidence vault with chain-of-custody.
Month 3
Internal audit & mgmt review
Built-in workflows. Auto board packs. Readiness climbs.
Month 4–6
Auditor handoff
Auditor portal. Pre-mapped evidence. Path to certificate.
Tier expansion — same workspace, same evidence chain
Free
Day 1
Seed
Week 1
Growth
Weeks 2 → Mo 3
Scale
Mo 4 → 6+

Every milestone unlocks the next tier. ARPU expands inside the same account — the customer never re-platforms.

Live Product

Security dashboard
that tells you
exactly what to fix

Real-time risk scoring, ghost account alerts, zombie seat detection, and compliance readiness — all in one view.

Security Score 76 / 100 · 3 critical findings
2 Ghost Accounts
5 Zombie Seats
ISO 27001 In Progress
SOC 2 Ready
AutoCISO · Security Dashboard
76
Security Score
2
Ghost accounts
5
Zombie seats
12
Apps audited
$2.1k
Waste found
Recent Findings
Ghost: m.johnson@acme.com — GitHub Admin
2m ago
Zombie: t.webb — GitHub Copilot, 92d inactive
5m ago
Privilege Creep: a.lee — Admin+Write conflict
12m ago
Why We Win

Built different by design

Competitive Comparison
AutoCISO API GRC SaaS Ops vCISO + manual
Coverage outside the IdP ~
UI / API reconciliation ~ ~
Hybrid identity graph ~ ~
Legacy / on-prem apps ~
5-min setup
Automated evidence Partial
ISO 27001 full workflow Partial ~
Full lifecycle (first audit → auditor handoff) Partial ~
SMB pricing $99/mo $$$ $$$ Hours

Vision-native verification

Independent attestation of what the user interface actually shows. Verifies what API and IdP claim — even outside SSO, even on legacy and on-prem.

Agentic Evidence Agent

Playwright-driven browser automation logs into any system autonomously. Captures evidence on cadence, not on prep cycles.

Immutable evidence vault → auditor handoff

Hash-chained, tamper-evident, 7-year retention. The same evidence the customer collects on day one is what the auditor receives at handoff — pre-mapped to controls.

Hybrid evidence graph

Vision, API, SCIM, CSV, HRIS, and auditor artifacts resolve into one identity graph and one chain of evidence. Customers mature their stack without changing systems.

Business Model

Security that pays for itself

Most customers recover the subscription cost in the first audit alone.

Free
$0
forever
Day 1 — find your first ghost. No credit card before the wow moment.
  • 15 connected apps
  • 10 audits / month
  • Ghost Hunter
  • AI assistant (50 req)
  • Access relationship graph
Seed
$99
per month
Week 1 — operational offboarding. Pays for itself month one via license savings.
  • 150 connected apps
  • Browser extension
  • Offboarding workflows
  • Jira + Slack tasks
  • CISO reports (10)
Recommended
Growth
$699
per month
Month 1–3 — audit-season ready. SOC 2 / ISO 27001 program kicks in.
  • Evidence Agent (auto)
  • Zombie Hunter
  • ISO 27001 full suite
  • Toxic combo detection
  • Unlimited audits
Scale
$1,999
per month
Month 4–6+ — auditor handoff, continuously. Full CISO office on tap.
  • Continuous monitoring
  • Auditor portal
  • Immutable evidence vault
  • HIPAA BAA
  • Board reporting
Avg. first audit finds
$3,240
in license waste
Seed ROI month one
32×
return on investment
Lifecycle
Free → Audit day
same workspace, same evidence chain
Go-To-Market

Land with
instant ROI,
expand with compliance

Ghost account audit as the loss leader — everyone finds something on first run. Compliance need drives tier expansion.

1
Free ghost account audit
IT Managers find ghosts. Immediate wow moment. Zero sales friction.
2
Seed tier — offboarding + reports
$99/mo pays back via license savings in week one. Sticky workflow integration.
3
Growth — audit season trigger
SOC 2 / ISO 27001 deadline drives upsell. Evidence Agent makes the sale.
4
Scale — audit-ready company stays
Auditor portal, continuous attestation, board reporting. Recurring reviews keep the evidence chain alive after the first audit.
Ideal Customer Profile
50–200 wedge; 200–500 expansion / partner-led — Too big for trust-everyone, too small for enterprise IAM
IT Manager or Eng. Lead — Owns security, has no dedicated CISO
Pre-SOC 2 or annual review — Compliance pressure imminent
15+ SaaS apps — Enough surface area to generate instant ROI
Auditor relationship in <12 months — The actual buying trigger
Channels
PLG / Freemium
vCISO Partners
MSPs
Compliance Consultants
LinkedIn Outbound
Content SEO
Market Size · initial model
4.3M
Access visibility wedge — US SMB pain
$8.4B
Compliance expansion — ISO/SOC 2 program + evidence
$1.2B
Channel budget — fractional vCISO / MSP-managed
Channel Motion

vCISO Partner Portal —
channel economics for SMB

We do not only sell one SMB at a time. We sell partner leverage to the people already paid to run SMB compliance — lower CAC via trusted-advisor distribution, higher ARPU via portfolio billing.

A
Referral track
Client pays AutoCISO directly. Partner earns 20% cash on every payment — zero billing overhead.
B
Managed discount track
vCISO pays AutoCISO at 20–30% off, resells at their own margin. Portal included from Seed plan.
What partners get
Portfolio Risk Board — All clients ranked by priority — no spreadsheets.
Cross-org Action Queue — Triage findings across every managed org in one view.
AI Board Pack Generator — Draft executive report in seconds. Partner reviews & sends.
Direct email delivery — PDF to client contacts without leaving the portal.
Unit economics (managed track)
20–30%
Partner discount
5–20×
Orgs per partner
1
Deal → portfolio
vCISO partners turn SMB fragmentation into distribution.
Traction

The numbers speak

7.2
Ghost accounts found per audit on average
$3,240
Average monthly license waste identified per customer
5 min
Time from signup to first security finding
40–80h
Quarterly audit hours saved per customer
Audit Activity — Last 6 Months
Oct
Nov
Dec
Jan
Feb
Mar
autoCISO

Every company deserves
enterprise-grade security governance

We're building the AI co-pilot that monitors, alerts, remediates, and proves compliance — 24/7, for companies that can't afford a CISO team.

Now: IAM audits + full compliance program
Next: Continuous attestation across SSO + non-SSO
Future: Agentic CISO — drafts, verifies, drives the program
7.2 ghosts / audit
$3,240 saved month one
5 min to first finding
No API required, ever
Start free → autociso.io · info@autociso.io
1 / 14