Skip to content

What is Salient

Salient is Real Risk Management — not checkbox compliance.

The threat is agentic. AI gave every attacker capabilities that previously required years of expertise — autonomous recon, chained exploit generation, MCP supply-chain compromise, agent-level persistence. Your blue team's annual tabletop wasn't built for this.

Salient maps your AI attack surface, runs incident simulations against your actual stack, and extracts what your team can actually do under pressure. The twin learns your organization. The posture scores compound. The evidence is audit-ready.

How real risk management works

Test it. Track it. Prove it.

1. Test — Incident Simulation

Run incidents against your real stack — ransomware, BEC, insider threat, prompt injection, MCP supply-chain attacks. Adaptive scenarios with branching based on your team's decisions. Six depth levels from discussion to live tool verification. Scoring maps to NIST CSF, MITRE ATT&CK, and CIS Controls v8.

  • Ransomware, BEC, insider threat — classic IR scenarios
  • Prompt injection, MCP compromise, RAG poisoning — agentic AI scenarios
  • AI-powered facilitation that probes deeper when answers are vague
  • Scenario generation from threat intelligence or your own gaps

2. Track — Digital Twin

A living model of your actual security posture: stack, people, processes, AI tools, and gaps. The twin is enriched by every exercise, every connector, every uploaded artifact.

  • Exercise answers (AI mines organizational facts from how your team responds)
  • Connector data (Okta, Entra ID, CrowdStrike, Splunk verify posture with real telemetry)
  • Uploaded artifacts (IR plans, security policies, architecture docs)
  • AI Security Posture assessments (see below)
  • External MCP sources (your existing tools feeding security context)

3. Prove — Output Engine

Everything the platform produces feeds back into the loop:

  • AI Security Posture — 34 controls across 7 domains, NIST AI RMF–aligned, with MCP audit
  • Maturity scores — NIST CSF function breakdown with trend tracking
  • Gap analysis — specific, actionable gaps mapped to controls
  • Playbooks — AI-generated incident response runbooks from exercise results
  • Posture reports — board-ready security posture assessments
  • Compliance evidence — NIST CSF 2.0, CIS v8, CMMC 2.0, HIPAA, SOC 2 Type II
  • Compiled Twin (SIF) — token-optimized intelligence format for AI agents

How It Works

Connect → Exercise → Score → Mine → Enrich → Recommend → Repeat
   │          │         │       │        │          │
   │      AI-powered  NIST   Extract  Update    Next scenario
   │      facilitation CSF   org facts  twin    targets gaps
   │                  MITRE                     
   └── Okta, Entra ID,      └── Confidence model:
       artifacts, MCPs          declared → observed → verified

Every cycle makes the twin smarter, the exercises more targeted, and the posture assessments more accurate. This is the compounding intelligence loop.

Who It's For

  • Security teams running incident response exercises
  • vCISOs and consultants managing multiple client postures
  • MSPs providing security assessments as a service
  • Compliance teams generating evidence for audits
  • AI agents consuming security intelligence via MCP

Next Steps

Quick Start — run your first exercise in 5 minutes