Windows endpoint agent for detecting unauthorized local AI model usage (Shadow AI) and, in later phases, data exfiltration to cloud AI services.
Current phase: Design — Architecture and design specification complete (v3.0). Concept phase complete. Implementation planning in progress.
| Milestone | Status |
|---|---|
| Concept | Complete |
| Architecture & Design (ADD/ATAM) | Complete — docs/specs/2026-04-04-vigil-ai-design.md |
| Implementation Planning | In Progress |
| Implementation | Not Started |
- vigil-agent/ — C++ Windows Service (KrabsETW, RxCpp, Asio, AppContainer)
- vigil-sidecar/ — Python inference sidecar (Phi-4 Mini 3.8B Q4, llama-cpp-python, AppContainer)
See docs/specs/2026-04-04-vigil-ai-design.md for the full ADD-compliant architecture and design spec, including ATAM analysis, tactics catalogue, and phase roadmap.
| Phase | Scope | Status |
|---|---|---|
| 1 | Shadow AI detection (monitor only) | Design complete |
| 2 | Network + process enforcement (WFP + PsNotify) | Future |
| 3 | File access enforcement (minifilter) | Future |
| 4 | Cloud AI exfiltration detection — non-browser SDK only | Future |