Govern the AI workforce.

Meridian is the system of record for your AI workforce: identity, policy, signed evidence, and lifecycle. It governs agents across your Microsoft and Google estates, plus the custom agents your teams bring or build. Launching soon.

Get early access Join the founding customers

AI agents are multiplying across Microsoft, Google, Salesforce, ServiceNow, AWS, and your own custom builds. No independent, vendor-neutral system of record governs them all.

The gap above

No independent system of record

Microsoft
24 agents
Siloed
Google
18 agents
Siloed
Salesforce
12 agents
Siloed
ServiceNow
9 agents
Siloed
AWS
21 agents
Siloed
Custom / BYOA
58 agents
Siloed

Meridian is the layer above.

01Discover
Continuously inventory every agent across vendors, clouds, and BYOA, sanctioned and shadow.
02Onboard
Issue passports, assign owners, and bind agents to your policy envelope before they run.
03Manage
A single roster across Microsoft, Google, and the custom agents your teams bring or build. More ecosystems are on the roadmap.
04Govern
Enforce in the request path with scoped permissions, approvals, and reversible actions. Verify with signed evidence everywhere else.
05Operate
Stream signed evidence to audit, risk, and compliance systems automatically.
06Optimize
Attribute cost, performance, and outcomes per agent, model, owner, and project.

Five building blocks. One system of record.

Identity

Agent Passport

Every agent gets a signed, vendor-neutral identity record: credentials, scopes, owner, tier, and lifecycle state. The same passport works on Microsoft, Google, custom Python, or BYOA.

Boundaries

Policy Envelope

Declarative boundaries travel with the agent: approval routing, data scopes, blast-radius caps, and dual-control for high-risk actions. Enforced where Meridian sits in the request path; verified and evidenced everywhere else.

Evidence

Audit Replay

Every decision an agent makes is recorded as a signed trace: inputs, prompts, tools, outputs, and approvals. Replay any run, export to your evidence system, and support AI Act Article 12 record-keeping.

Accountability

Cost Attribution

Spend rolled up by agent, model, owner, project, and business unit. Token, compute, and tool cost in one ledger. No more reconciling vendor invoices by hand.

Portability

Cross-cloud Runtime

Meridian is designed for Google Cloud first, with single-tenant or shared-tenant deployment and US/EU residency. Azure and AWS are on the roadmap; the architecture decouples control plane from runtime so the same passport, envelope, and evidence pipeline can travel as new clouds come online.

Continuous assurance · CVAS

The workforce that governs the workforce.

Governance can’t be a quarterly spot-check. The Continuous Validation Agent Suite is five specialized agents that watch the AI workforce continuously and hand a human the evidence to act. They surface findings; people decide. No CVAS agent changes governance state on its own.

Sentinel

Continuous validation

Runs scheduled and event-triggered campaigns that check what each connector claims it can enforce against what the telemetry actually shows. It is the automated backbone of our enforce-where-we-sit discipline.

Bounded to: Produces signed findings and remediation recommendations. It does not remediate on its own.

Forensics

Incident reconstruction

On demand, rebuilds exactly what an agent did from the signed audit chain. The output is an investigator-grade narrative of a single incident, input to outcome.

Bounded to: Read-only and reactive. It reconstructs from evidence that is already signed; it never acts on the agent.

Drift

Policy drift detection

Compares each agent’s declared policy envelope against its observed behavior, daily, and flags where the two have diverged before the gap becomes an incident.

Bounded to: Detects and reports, per agent. It never amends a policy or updates the envelope itself.

Red Team

Adversarial testing

Probes your agents with ClearPoint-maintained attack patterns on a quarterly cadence, so a weakness surfaces in a drill instead of in production.

Bounded to: Opt-in and off by default. Synthetic data only, observation mode only. It never patches, remediates, or touches production data.

Regulatory Watch

Regulatory monitoring

Ingests from a ClearPoint-curated source allowlist across financial services, healthcare, and professional services, starting in the US, and issues plain-language advisories when something relevant moves.

Bounded to: Advisory only. It informs your team; it never auto-applies a change to your policies.

We describe each agent by what it does and what it deliberately doesn’t. A weaker honest capability beats a stronger false one. Broader coverage is on the roadmap; every expansion ships the same way.

Mapped to the frameworks your auditors check.

Meridian’s controls are mapped to the frameworks regulated buyers care about. Certifications that require a formal audit are marked audit underway, not yet attested, and regulatory regimes ship as Readiness Packs (control crosswalks), not compliance claims. The Trust Center is the single source of truth.

Financial Services
- SOC 2 Type IIAudit underway
- ISO 27001Controls mapped
- FFIEC guidanceReadiness Pack
- EU AI Act high-riskReadiness Pack
- SR 11-7 model riskReadiness Pack
Healthcare
- HIPAA · BAA availableControls mapped
- HITRUST CSF r2Roadmap
- SOC 2 Type IIAudit underway
- EU AI Act high-riskReadiness Pack
- GxPReadiness Pack
Professional Services
- SOC 2 Type IIAudit underway
- ISO 27001Controls mapped
- ABA Model Rule 1.6Controls mapped
- EU AI ActReadiness Pack
- Client matter scopingBuilt in

Status reflects today’s posture, not a certification we don’t yet hold. See the Trust Center for live status and the current control map.

Founding Customer Program

Deploy early. Shape the roadmap.

Meridian is launching soon. Founding customers get direct access to the team building it and real influence on what ships next, while they bring their first AI agents under governance. Limited spots.

Join the founding customers Get early access

No live pricing yet. Tell us about your environment and we’ll scope it with you.

Questions buyers actually ask.

How is Meridian different from Microsoft Agent 365?

Agent 365 governs Microsoft's ecosystem only. Meridian sits above the boundary, across Microsoft and Google estates plus the custom agents your teams bring or build, with one passport, one envelope, and one evidence layer. We integrate with Agent 365 rather than replace it inside Microsoft tenants.

How is it different from compliance vendors like Vanta?

Compliance vendors automate evidence for SOC 2 / ISO controls about your company. Meridian governs the AI agents themselves at runtime: what they can access, who approved it, and what they did, with signed traces per run. A different layer of the stack, complementary rather than overlapping.

Does Meridian support BYOK?

Yes. BYOK is available for enterprise deployments: customer-managed keys via GCP KMS or HashiCorp Vault, with passports, policy envelopes, and audit traces encrypted under your keys. CPL holds no decryption material. Platform-managed encryption is the default everywhere else.

What clouds does it run on?

Meridian runs on Google Cloud today, single-tenant or shared-tenant, with regional residency options in US and EU. Azure and AWS are on the roadmap, and on-prem deployment is available under a separate engagement.

What's the typical implementation timeline?

Discover and inventory: 5–10 days. First production policy envelope: 2–3 weeks. Full audit-replay coverage on top 20 agents: 30 days. Most early customers reach production governance within 30 days end-to-end.

Is Meridian SOC 2 / ISO 27001 certified?

Not yet. Meridian's controls are mapped to SOC 2 Type II and ISO 27001 today, and the Type II audit is underway (target Q4 2026). Mapped and audit-underway, not yet attested. We share the current control map under NDA during evaluation; the Trust Center is the single source of truth for status.

What about HIPAA / HITRUST?

Meridian supports HIPAA-aligned deployment patterns with controls mapped and a BAA available for enterprise engagements. HITRUST CSF r2 is a tracked roadmap item, and we're happy to walk through the control map and gap status during evaluation.

Govern your AI workforce.

Bring every agent across Microsoft, Google, and your custom estate into one passport, one envelope, one signed evidence trail. Be first in line.