VaultFuzionVaultFuzionBY KAPARDYN
Coming next

What's next on the platform.

The themes below are in active build on our near-term roadmap. We sequence, scope, and ship them on a bi-weekly cadence. This is the narrative view — for the same pipeline on a horizon-based timeline, see the roadmap. When any of these themes goes live, it moves to the release notes.

Direction, not a calendar. We may change sequence or scope. When we do, we'll tell you why.

Native SIEM integration for the three most common SIEM platforms

First-class SIEM connectors replace the generic-webhook integration path. Each supports native event shape, per-tenant endpoints, and a durable retry queue with manual replay.

Multi-vendor attachment sandbox + expanded threat-intel integrations + cross-MSP reputation

Multi-vendor attachment detonation goes live, additional commercial threat-intel providers join the detection fan-out, and opt-in cross-MSP vendor reputation launches as a privacy-preserving intelligence network.

Identity × Email — risk-signal bridge, auto-session-revocation, and Google Workspace coverage

The seam between email security and identity security closes. When an identity-provider risk signal fires on a user, our email detection adapts in real time. Auto session revocation deterministically contains consensus-malicious outbound. Google Workspace joins Microsoft Entra as a supported identity source.

Browser isolation as a dedicated verdict tier — commercial and open-source options

A third verdict tier sits between ALLOW and BLOCK: ISOLATE. Suspicious-but-not-definitive URLs open in a sandboxed browser session. Customers choose between a commercial isolation platform and a self-hostable open-source option. Signed single-use redirect URLs, session recording with a 30-day POPIA-compliant purge, and a non-spoofable interstitial.

Elite Threat Detection add-on — backend and data-plane ready, runtime rollout starts

Elite Threat Detection opens as a per-seat add-on for Fortress-tier customers. The detection-pipeline hooks, the session / recording data-plane, the retro-hunt API, and the explainable-verdict API are all live. Customer-visible runtime for the browser-isolation and attachment-detonation backends rolls out region by region as the underlying infrastructure is provisioned.

Cross-feature detection rules — combined signals across identity, DLP, and email intent

Nine named detection rules combine signals across our identity, DLP, breach-intelligence, DMARC, behavioural-BEC, and thread-analysis layers. Combined signals carry more weight than any single engine, because joint false-positive rates are lower. Each rule is individually toggleable per tenant and has its own false-positive tracking.

Platform Operations Overview + default observability dashboards + DLP and SIEM admin views

Every metric that matters, visible to customers in real time. A new Admin Operations Overview aggregates detector health, verdict volume, DLP incidents, cross-feature rule fire rate, and more. Default observability dashboards ship alongside, DLP Incident and SIEM retry-queue admin views land, and a per-tenant sidecar-health widget joins the SOC Dashboard.