Normos.io
AGENTIC AUDITING

The World's First Lead Auditor
You Don't Have to Talk To.

Autonomous Sleuth Agents that verify, notarise, and prove your ISO 27001 & SOC 2 controls 24/7. Stop taking screenshots. Start generating forensic proof.

"We don't just check your controls; we notarise your truth."

sleuth-log
Apply for Phase 1 PilotView Trust Centre →

FORENSIC PROOF. AUTOMATED.

THE SLEUTH FLEET

5 Domains · 21 Detectors

Each domain runs deterministic Sleuth detectors continuously — collecting forensic evidence and flagging issues before auditors do. No AI inference. Every finding independently verifiable.

Identity

Continuously monitors your user population for dormant accounts, MFA gaps, service account misclassification, and privilege anomalies across every connected system.

Code

Verifies review independence, branch protection rules, commit approval coverage, and collusion risk across every repository — proving your development process is trustworthy.

Machine Identity

Audits your non-human attack surface — deploy keys, OAuth installations, CI/CD workflow permissions, and vulnerable dependencies — automatically and continuously.

Access Control

Detects privilege creep across your GitHub organisation — excessive org owners, ungoverned outside collaborators, over-privileged teams, and repository admin sprawl.

Supply Chain

Monitors your software supply chain for unpinned actions, unverified publishers, and open secret scanning alerts — before they become an audit finding or a breach.

THE TRUST STACK

Security You Can Prove

Built for security managers who need to demonstrate trust, not just claim it.

Deterministic Engine

Zero AI Inference

Every finding is produced by rule-based detection logic — not AI guesswork. Same inputs always produce the same outputs. Every finding is independently verifiable.

Zero-Footprint Evidence Generation

Access Everything. Store Nothing.

Normos connects to your systems, analyses everything, and stores nothing except findings. No source code, no commit history, no user lists — ever. Even if Normos were breached, your data would not be at risk. We never held it in the first place.

Forensic Evidence Chain

Tamper-Evident Output

Every scan generates a SHA-256 hash chain — a cryptographic fingerprint of all findings that detects any tampering. Evidence packages are control-mapped to ISO 27001 and SOC 2 and carry a forensic hash reference auditors can independently verify.

AUDITOR PORTAL

Make Your Next Audit a 15-Minute Meeting

Give your auditor direct, read-only access to verified evidence — cryptographically chained, independently verifiable, generated without storing a single byte of your data.

Auditor Guest ViewDEMO DATA
audit.normos.io

Evidence Package: ISO 27001 + SOC 2

Verified

Auto-cycling · Click any domain or Verify button to explore

Identity Controls

2 findings

Code Controls

4 findings

Non-Human Identity Controls

1 finding

Access Control Controls

Clean

Supply Chain Controls

2 findings

Click Verify on any domain to see its SHA-256 forensic hash

Forensic Hash Reference — SHA-256 Chain

NRM-8B513C2A-V1

8b513c2a41497d42f716159877ba57780ca4f45e72b5b3163a374e34253c4b46

Phase 1: SHA-256 in-database chain · Phase 2: Azure SQL Ledger + ML-DSA post-quantum signing
LIMITED AVAILABILITY

Phase 1 Pilot Programme

We are selecting 5 UK-based SaaS teams for our Phase 1 Pilot Programme. Get full access to all 21 Sleuth Fleet detectors, daily forensic scanning, and ISO 27001 + SOC 2 evidence packages — in exchange for structured product feedback.

5

Pilot Slots

21

Detectors Active

Chain

SHA-256 Forensic

PDF

Assurance Letter

Ideal for teams preparing for ISO 27001 or SOC 2 certification