GPN-AI Active · APP 1.7 · APRA CPS 230/234 · FAR
Your IT & AI Compliance solution

Your organisation is using AI tools you don't know about.

Sentinel finds them, assesses the sovereignty risk, maps the attack chains, and proves your compliance — automatically, with zero data leaving your premises. Every finding is deterministic. Nothing is invented by AI.

Book a live demo See how it works →
$50M
APP 1.7 max penalty
227d
To APP 1.7 deadline
72h
APRA CPS 234 window
0
Data leaves premises
Compliance coverage
GPN-AI · 16 Apr 2026
APP 1.7 · 10 Dec 2026
APRA CPS 234
APRA CPS 230
FAR
AI6 Framework
NDB Scheme
MITRE ATT&CK
The problem

Shadow AI is your biggest compliance gap right now

Employees across every department are uploading sensitive documents to AI tools. You don't know which tools, which users, or what data left the building. Regulators don't care that you didn't know.

PRC sovereignty risk is active
DeepSeek's National Intelligence Law (Art. 7, 2017) means any data uploaded is potentially accessible to Chinese state intelligence on demand. No Australian legal protection exists.
APP 1.7 is 227 days away
From 10 December 2026, you must disclose automated AI decision-making in your privacy policy. Organisations using undisclosed AI tools face penalties up to AUD $50 million.
Executive accountability is personal
Under FAR, the accountable executive for information security faces personal liability for AI oversight failures. DeepSeek usage or an undetected exfiltration event can trigger FAR personally.
87%
of Australian knowledge workers use AI tools their employer doesn't know about
6+
unsanctioned AI tools found in the average Sentinel audit of a 200-person organisation
$1.4M
average estimated financial exposure per audit (AUD) when critical events are detected
0
direct competitors offer on-premises AI governance audit with deterministic findings
Architecture

Three stages. Only one uses AI — and only to write prose.

Every finding in a Sentinel report is produced by Sentinel's deterministic engine. AI cannot hallucinate a risk score, invent a MITRE technique, or fabricate a data volume. The numbers are mathematics. The narrative is AI. The audit is defensible.

Stage 01 — Sentinel Forensic Engine

Sentinel reads every row

Deterministic analysis of every event in your network security log. No sampling. No inference. Pure enumeration.

Zero AI
  • AI tool detection by signature
  • DeepSeek / PRC vendor identification
  • Data volumes per user, per tool
  • Exfiltration event detection
  • Malware and pentest tool flags
  • Temporal spike analysis
Stage 02 — Sentinel Correlation Engine

Sentinel connects the patterns

Cross-event correlation maps multi-step attack sequences, calculates risk scores, and computes financial exposure.

Zero AI
  • MITRE ATT&CK technique mapping
  • Board risk score (0–100)
  • Financial exposure in AUD
  • Attack chain staging detection
  • Department baseline deviation
  • Sovereignty tier classification
Stage 03 — Report writer

Phi-4 writes the narrative

Microsoft Phi-4 14B receives only the pre-computed, verified findings. It writes board-level prose. It cannot introduce new findings.

AI — narrow role only
  • Board-level executive narrative
  • Regulatory exposure summary
  • Proportionate recommendations
  • Runs entirely on-premises
  • GPN-AI compliant architecture
  • Every claim traceable to source log
Verifiable proof of zero egress
Disconnect the server from the internet. Upload your log file. Run the audit. The full report still generates. This is an architectural fact — not a marketing claim. On-premises Phi-4 inference requires no external API calls.
Platform capabilities

Everything your CISO, CLO, and board need — in one platform

Sentinel surfaces findings at two levels: board-readable metrics for non-technical stakeholders, and full forensic depth for security teams — from a single audit run.

Executive dashboard

Risk score dial, critical user count, financial exposure, APP 1.7 countdown. Designed for 60-second board comprehension. No jargon required.

User risk analysis

Ranked user cards with inferred risk scores. Click any user to drill into their full event timeline, MITRE technique mapping, and data volumes.

AI sovereignty grid

Every detected AI tool classified by sovereignty tier. Critical (PRC), Medium (US third party), or Approved (on-premises). No tool gets zero risk.

Attack chain visualiser

Multi-step sequences mapped to MITRE ATT&CK. Click each stage for forensic detail. One-click draft of APRA CPS 234 notification from within the dashboard.

Regulatory compliance tracker

Live countdown tiles for APP 1.7, APRA CPS 234, CPS 230, FAR, GPN-AI, and AI6 — each with status, obligation description, and recommended action.

Temporal heatmap

GitHub-style 84-day activity heatmap showing AI tool usage intensity. Off-hours spikes surface at a glance. 3am activity patterns reveal what your policy can't see.

Audit history & trend analysis

Risk score trend line across all audits. Shadow AI adoption velocity chart. Evidence you're managing posture over time — essential for board reporting and renewal.

Word + PDF report generation

Quick Report (Stage 2 only, instant) or Full Report (with Phi-4 narrative, 3–5 minutes). Board-ready .docx with executive summary, findings, and proportionate recommendations.

Zero-egress architecture

Everything runs on your infrastructure. Phi-4 inference is local. No cloud API calls. No data leaves. Disconnect the internet — the audit still runs. Verifiable, not claimed.

Ideal customers

Built for organisations where compliance isn't optional

Sentinel's ICP: organisations with existing network security infrastructure who face regulatory consequences for AI governance failures.

APRA-regulated

Banks, insurers & superannuation funds

CPS 230 (AI inventory), CPS 234 (72hr notification), and FAR (personal exec liability) create compounding obligation. One undetected DeepSeek event can trigger all three.

Zscaler ZIA/ZPA deployed
Palo Alto Prisma or Netskope
APRA prudential standard obligations
200–5,000 staff
Legal profession

Top 100 Australian law firms

Legal professional privilege and client confidentiality mean a single upload of a privileged document to ChatGPT is a crisis. Sentinel finds it before the client does.

Matter-level data sensitivity
CLO + CISO co-champions
Privacy Act obligations to clients
Top 100 by revenue
ASX-listed

ASX 200 companies

Market-sensitive information, continuous disclosure obligations, and board-level accountability under FAR make AI governance a governance issue — not just an IT issue.

Microsoft Sentinel SIEM
CrowdStrike or Defender EDR
Board audit committee oversight
500+ staff
Competitive position

No competitor does what Sentinel does

Sentinel sits at the intersection of CASB, AI governance auditing, and compliance reporting. Every other tool in this space uses cloud AI for detection. That's the conflict Sentinel eliminates.

Findings cannot hallucinate
Risk scores, data volumes, MITRE techniques, and financial exposure are all computed by deterministic Python. There is no AI in the detection layer. Every number is a fact from your log file.
GPN-AI compliant by architecture
The Federal Court's GPN-AI (16 Apr 2026) explicitly recognises on-premises closed AI as lower risk. Sentinel's architecture is the reference implementation — not an afterthought.
Your sensitive data stays on your server
CASB tools like Zscaler, Netskope, and Palo Alto upload your log metadata to cloud infrastructure for analysis. Sentinel runs entirely on your hardware. Auditing AI risk using cloud AI is a contradiction. We remove it.
Designed for Australian regulatory context
APP 1.7, APRA CPS 230/234, FAR, GPN-AI, AI6, NDB — every report maps findings to Australian obligations. Not a US product adapted for Australia. Built here, for here, from day one.
Proof of zero egress — try it yourself
1
Receive your Sentinel server and connect it to your internal network
2
Disconnect the server's internet access completely (unplug or firewall)
3
Upload your network security log file via the internal dashboard
4
Run the full audit — Stage 1, Stage 2, and Phi-4 narrative
5
Receive the complete Word and PDF report
No internet connection was required. No data left. The audit ran entirely on Microsoft Phi-4 14B, executing locally on the Sentinel server. This is verifiable, not claimed — because we have nothing to hide and everything to prove.
Pricing

Transparent pricing. No per-user fees. No usage caps on findings.

All tiers include the full Sentinel audit engine — deterministic detection, MITRE mapping, financial exposure, and board risk scoring. Tiers differ by audit frequency, integration depth, and reporting features.

Essentials
50–199 staff
$12,000
per year · AUD · 3 audits included
  • 3 full audits per year
  • Stage 1 + Stage 2 forensic engines
  • Interactive web dashboard
  • Quick Report (instant Word doc)
  • AI tool sovereignty classification
  • User risk analysis with drill-down
  • MITRE ATT&CK mapping
  • APP 1.7 & CPS 234 regulatory section
  • Phi-4 AI narrative (PDF report)
  • Native log source integrations
  • Continuous monitoring / alerts
Get started
Most popular
Professional
200–999 staff
$28,000
per year · AUD · unlimited audits
  • Unlimited audits
  • Full Sentinel dashboard — all 8 screens
  • Phi-4 AI narrative board-ready PDF
  • Attack chain visualiser
  • Temporal analysis heatmap
  • Audit history & trend reporting
  • Zscaler ZIA/ZPA native connector
  • Microsoft Entra ID enrichment
  • Scheduled audit automation
  • Email alerts on risk threshold breach
  • Multi-source SIEM integration
Book a demo
Enterprise
1,000+ staff
$65,000
per year · AUD · unlimited everything
  • Everything in Professional
  • Multi-source SIEM integration (Sentinel, Splunk)
  • CrowdStrike / Defender EDR connector
  • Microsoft Purview DLP integration
  • Real-time alert engine (Slack, Teams, webhook)
  • Acceptable use policy enforcement
  • Evidence repository for APRA CPS 234
  • Automated board pack generation
  • CPS 230 AI inventory module
  • API access for GRC platform integration
  • Dedicated IR advisory hours ($350/hr)
Contact us
On-site deployment — $4,500 one-time
Board presentation delivery — $3,500 per engagement
IR advisory — $350/hr
Additional audit run — $1,200 each (Essentials)
Kaitiaki Academy

Training the people who will govern AI — before the regulations demand it

AI governance failures happen when people don't understand what they're governing. Academy closes the knowledge gap with rigorous, vendor-neutral certification training built for the Australian regulatory environment.

The world is changing faster than organisations can hire.

The skills shortage in cybersecurity, AI governance, and compliance is not a future problem — it's happening now. Every CISO in Australia is trying to find people who understand both security and the regulatory frameworks that govern it. Academy builds them.

Enquire about Academy
Current certification courses
ZIA
Zscaler Internet Access
Cloud security gateway, URL filtering, SSL inspection, DLP policy, AI tool visibility.
6 weeks · available now
ZPA
Zscaler Private Access
Zero-trust application access, user-to-app connectivity, private app connector architecture.
8 weeks · available now
CISSP
Certified Information Systems Security Professional
The gold standard in security certification. 8 domains covering every dimension of enterprise security.
8 weeks · available now
CISM
Certified Information Security Manager
For security managers and aspiring CISOs. Governance, risk, incident management, and programme development.
8 weeks · available now
52 additional courses under development — added one at a time on request
IT certification pathways

Security analyst pathway

For entry-to-mid-level professionals moving into security operations. Combines hands-on tool knowledge with governance frameworks.

ZIA ZPA CompTIA Sec+ CISSP

Security manager pathway

For experienced professionals moving into CISO or head of security roles. Focused on governance, risk, and executive accountability.

CISSP CISM CRISC AI governance

Cloud security pathway

For professionals securing cloud-first organisations. Zero-trust architecture, cloud-native CASB, and identity security.

ZIA ZPA CCSP AWS Security

AI governance pathway

Emerging pathway for professionals who need to govern AI at an organisational level. Aligned to GPN-AI, APP 1.7, APRA CPS 230, AI6.

AI fundamentals Risk frameworks AU regulatory Board advisory
The multiplier effect
Every organisation that trains its people through Kaitiaki Academy is also building awareness of why AI governance matters — which is the same awareness that makes them understand why they need Kaitiaki Sentinel. Training and auditing reinforce each other. The team that understands the risk is the team that acts on the findings.
Enquire about team training
Get started

See Sentinel run on your log file.

The most powerful thing we can do is show you — live — what's happening in your network right now. Book a demo. Bring a real log file. We'll show you the findings in under an hour.

Book a live demo Request a sample report
Melbourne, VIC · gino.rangitaawa@kaitiakicompliance.com.au · Response within one business day