GreyMatter

We don't build AI. We make AI work.

AI orchestration, governance, and memory for the enterprise.

See the Portfolio Why GreyMatter

Why GreyMatter

Every AI tool forgets. Ours remembers.

Persistent Memory
Cognitive memory that survives sessions, restarts, and infrastructure changes. Your AI agents learn and never forget.
Enterprise Security
FIPS-validated crypto, PII detection, air-gapped deployment. Built for environments where compliance isn't optional.
Any Model. Anywhere.
Claude, GPT, Ollama, Nemotron — orchestrate any LLM on any infrastructure. Cloud, on-prem, or completely offline.

330,000+ lines of production code. Zero AI left behind.

One developer. Eight products. No excuses.

Your AI forgets everything. Mine doesn't.

Built by one. Scales to thousands.

Ship what a team of 20 won't attempt.

Memory is the moat. We built the fortress.

1,250+ tests. One developer. Zero shortcuts.

The solo developer's unfair advantage.

Stop prompting. Start orchestrating.

Every session starts where the last one ended.

330K+
Lines of Code
1,250+
Tests Passing
8
Products
3
AI Platforms
Get Started
Coming Soon

Private preview in progress. Public access, PyPI package, and MCP integration will be available at GA launch.

Product Portfolio

From orchestration to security to intelligence

Click any card to expand roadmap, market gaps, competitors, and partners.

Shipping v1.3.2
GreyMatter Solo

AI knowledge persistence and orchestration. Cognitive memory, soul identity, semantic search, 19 MCP tools. HTTP sync protocol. PyPI-ready.

Click to expand details →

Latest Release

  • v1.3.2 — HTTP sync + cognitive memory
  • Cursor-based sync pagination protocol
  • Spreading activation retrieval <200ms
  • FSRS-6 spaced repetition
  • sqlite-vec + FTS5 hybrid search
  • 19 MCP tools registered

Market Gaps We Fill

  • LLMs forget everything between sessions
  • No cross-session learning exists
  • Air-gapped environments get nothing
  • No governance for AI agent fleets
  • Agents can't share knowledge

Competitive Landscape

VS LangChain — framework, not platform
VS CrewAI — no persistent memory
VS AutoGPT — demo quality, not enterprise
+ Anthropic — our primary LLM partner
+ Ollama — local LLM runtime
+ NVIDIA — Nemotron + NeMo integration

Roadmap

Q1 '26
PyPI publication
Q2 '26
Distributed cluster GA + Cognitive open-source
Q3 '26
SOC integration v1
Q4 '26
Kubernetes operators
Q1 '27
Multi-site federation
In Development
GreyMatter Distributed

Multi-node HA cluster. Go Overseer with Raft consensus, CockroachDB, K3s, hub-and-spoke cognitive memory.

Click to expand details →

Current Status

  • HTTP sync protocol with cursor-based pagination
  • Solo→Cluster join protocol live
  • 3-node cluster hardware deployed
  • Mac Mini M4 Pro coordinator online
  • Tailscale mesh networking live
  • CockroachDB 3-node replication

Market Gaps We Fill

  • No AI orchestration for air-gapped
  • Cloud-only platforms fail defense/intel
  • No cost governance for AI fleets
  • No HA/failover for agent workforces
  • $57B TAM by 2028

Competitive Landscape

VS AWS Bedrock — cloud-only, vendor lock-in
VS Azure AI — complex, expensive, no air-gap
VS Google Vertex — ecosystem lock-in
+ CockroachDB — distributed SQL partner
+ Tailscale — mesh networking
+ HashiCorp — Raft consensus library

Roadmap

Q1 '26
3-node cluster bootstrap
Q2 '26
Overseer MVP + LLM Gateway
Q3 '26
First enterprise design partners
Q4 '26
Production release + K8s operators
Q1 '27
Multi-site federation
Q2 '27
Self-service tier
Shipping v0.2.0
GreyMatter Mobile

iOS 17+ / macOS 14+ companion. Swift 6.0, GRDB 7.0, Neural theme. Memory browser, dashboard, sync pipeline.

Click to expand details →

Latest Release

  • v0.2.0 — Neural theme redesign
  • 4-tab navigation (Home/Memory/Search/Settings)
  • Memory Pulse dashboard with sparkline
  • Segmented memory browser
  • Server sync pipeline
  • Swift 6.0 strict concurrency

Market Gaps We Fill

  • No mobile companion for AI orchestration
  • Executives want AI visibility on the go
  • On-call monitoring for AI agent fleets
  • Knowledge capture anywhere

Competitive Landscape

VS No direct mobile competitors exist
+ Apple — SwiftUI + GRDB ecosystem
+ GRDB — local SQLite persistence

Roadmap

Q1 '26
Neural theme + nav redesign
Q2 '26
Connect to distributed cluster API
Q3 '26
TestFlight beta
Q4 '26
App Store submission
Q1 '27
watchOS companion
In Development
NeuralFabric

AI-native network detection and response. Agent-driven triage, Rust traffic generation, Cisco ACI + Extreme Fabric adapters. 37 scenario tests.

Click to expand details →

Current State

  • Detection engine + severity routing
  • Agent-based triage with decision memory
  • Auto-enforcement with rollback
  • Rust packet generator (neuralfabric-pktgen)
  • Cisco ACI adapter (11 scenarios)
  • Vector search for detection similarity

Market Gaps We Fill

  • NDR tools detect but don't decide
  • No AI-native triage — just dashboards and alerts
  • Enforcement is always manual
  • $4.2B NDR market, 15% CAGR

Competitive Landscape

VS Darktrace — black-box ML, no agent reasoning
VS Vectra — detection only, no enforcement
VS ExtraHop — packet capture, not intelligence
+ Extreme Networks — Fabric Connect integration
+ NVIDIA — BlueField DPU acceleration

Roadmap

Q1 '26
Detection + triage + enforcement
Q2 '26
Cisco ACI adapter + vector search
Q3 '26
NDOT/Clark County POC
Q4 '26
Federation + IOC sharing
Q1 '27
Multi-vendor GA
85% Built
SecureLLM

Rust LLM security proxy. 55+ PII patterns, FIPS crypto (CMVP #4951), MCP protocol support, provider-agnostic. Single binary.

Click to expand details →

Latest Release

  • 23 Rust crates, 451 tests, 2 binaries
  • 55+ PII detection patterns
  • FIPS-validated AES-256-GCM (AWS-LC-RS)
  • Ed25519 license tier enforcement
  • MCP protocol proxying + SSE streaming
  • 6 LLM providers + enterprise dashboard

Market Gaps We Fill

  • CISOs blocking AI adoption due to data leakage
  • No FIPS-validated LLM security proxy exists
  • MCP protocol is completely unprotected
  • CJIS environments have zero LLM solutions
  • $1.2B→$5B LLM security TAM by 2028

Competitive Landscape

VS Presidio — library only, no proxy
VS PortKey — no PII, no air-gapped
VS Prompt Armor — prompt injection only
+ Carahsoft — SLED distribution channel
+ Splunk/Elastic — SIEM integration
+ AWS — LC-RS FIPS crypto library

Roadmap

Q1 '26
Core proxy + FIPS crypto
Q2 '26
Free tier GA + Pro launch
Q3 '26
Enterprise MVP (dashboard, RBAC)
Q4 '26
SOC 2 + CJIS compliance
Q1 '27
GovRAMP + SLED distribution
Shipping
Multi-Platform SDK

One MCP server powering Claude Code, Google Gemini CLI, and OpenAI Codex. Persistent memory on every AI platform.

Click to expand details →

Latest Release

  • Shared MCP server (greymatter_plugin.server)
  • Claude Code: full plugin + skills + hooks
  • Gemini CLI: extension + commands + GEMINI.md
  • OpenAI Codex: MCP server + manifest
  • Skills: memory-augmented, pattern-aware

Market Gaps We Fill

  • AI coding tools have zero memory
  • Platform lock-in forces single-vendor
  • Knowledge doesn't transfer between tools
  • Dev teams using multiple AI platforms can't share context

Competitive Landscape

VS Codeium — single platform, no memory
VS Cursor — IDE-locked, no persistence
+ Anthropic — Claude Code MCP protocol
+ Google — Gemini CLI extension system
+ OpenAI — Codex MCP support

Roadmap

Q1 '26
Claude + Gemini + Codex
Q2 '26
Cognitive library on PyPI
Q3 '26
VS Code + Cursor extensions
Q4 '26
Developer community launch
Q1 '27
Plugin marketplace
PyPI Ready
Cognitive Library

Open-source spreading activation retrieval. Semantic embeddings, FSRS-6 spaced repetition, hybrid search. Developer adoption funnel.

Click to expand details →

Capabilities

  • Spreading activation retrieval
  • FSRS-6 spaced repetition scheduling
  • sqlite-vec + FTS5 hybrid search
  • nomic-embed-text embeddings
  • Benchmarked <200ms recall
  • Standalone library, zero cloud deps

Market Gaps We Fill

  • RAG is keyword matching, not cognition
  • No spaced repetition for AI memory
  • Embedding search alone misses semantics
  • Drives GreyMatter platform adoption

Competitive Landscape

VS LlamaIndex — RAG only, no activation
VS Chroma — vector store, not cognitive
+ Ollama — local embeddings
+ sqlite-vec — vector search engine

Roadmap

Q2 '26
PyPI publication + GitHub open-source
Q3 '26
Developer blog + tutorials
Q4 '26
Enterprise support contracts
Q1 '27
Plugin ecosystem
In Development
NeuralPulse

macOS agent orchestration workstation. Attention queue, peek banners, credential store. Apple Silicon GPU/CPU monitoring with Ollama integration.

Click to expand details →

Current Status

  • Compact top bar navigation (⌃1/⌃2, ⌃` toggle)
  • Rich attention queue — 7 attention types, urgency-sorted
  • iMessage-style peek banners — pinnable, resizable
  • Pluggable credential store (macOS Keychain + AES-256-GCM)
  • Apple Silicon GPU/CPU/Memory monitoring
  • Ollama live model status + VRAM tracking

Market Gaps We Fill

  • Activity Monitor is from 2001
  • No AI workload visibility exists
  • Model compatibility is trial-and-error
  • $100-300M dev tools TAM

Competitive Landscape

VS iStatistica — no AI awareness
VS Activity Monitor — dated, no GPU detail
+ Ollama — API integration
+ Apple — Metal Performance Shaders

Roadmap

Q1 '26
Attention queue + peek banners
Q2 '26
Agent session management + credential store
Q3 '26
Beta + TestFlight
Q4 '26
App Store launch
Q1 '27
Pro tier (analytics, history)

Security & Compliance

Enterprise security isn't a feature. It's the foundation.

Four layers of encryption, post-quantum readiness, and zero-trust architecture — built for environments where compliance isn't optional.

Layer 1
Authentication
HMAC Tokens
Layer 2
Transport
TLS 1.2+
Layer 3
At Rest
AES-256 / SQLCipher
Layer 4
Sync Payloads
AES-256-GCM + ML-KEM-768
Shipped What we deliver today
PII & Secret Detection
55+ patterns — cloud credentials, API keys, tokens, connection strings, PII. Nemotron-powered NLP scanning with 0.85–0.99 confidence.
3 modes: warn · redact · block
Tap to learn more →

Business Value

  • Stop data breaches before they start — catch leaked API keys and passwords in real time
  • Reduce compliance audit prep from weeks to minutes with automated scanning
  • Three flexible modes let you warn developers, auto-redact, or hard-block — your call

How It Works

  • 55+ regex patterns scan every input and output for secrets, credentials, and PII
  • Nemotron NLP layer catches what regex misses — names, addresses, context-dependent data
  • 0.85–0.99 confidence scoring means almost zero false positives
Why it matters

One leaked API key can cost millions. This catches sensitive data automatically — before it ever leaves your system — so your team can move fast without worrying about accidental exposure.

4-Layer Encryption
HMAC auth tokens, TLS transport, AES-256 SQLCipher at rest, AES-256-GCM sync payloads. Post-quantum ML-KEM-768 key encapsulation.
Post-quantum ready
Tap to learn more →

Business Value

  • Data is protected at every stage — in transit, at rest, during sync, and at login
  • Post-quantum cryptography means you're protected today and tomorrow
  • Meets the strictest encryption requirements for government and healthcare

How It Works

  • Layer 1: HMAC tokens verify every request is authentic
  • Layer 2: TLS encrypts everything in transit
  • Layer 3: SQLCipher encrypts the database on disk
  • Layer 4: AES-256-GCM + ML-KEM-768 protects data syncing between nodes
Why it matters

Most platforms encrypt data "in transit" and call it secure. We encrypt at four separate layers because a breach at one layer doesn't compromise the others. And when quantum computers arrive, your data is already safe.

Policy Engine
Declarative YAML-based rules. Allow, rewrite, redact, escalate, or refuse. Priority-based evaluation with shadow mode for monitoring.
YAML policy-as-code
Tap to learn more →

Business Value

  • Define security rules in plain YAML — no coding required
  • Shadow mode lets you test new rules without blocking real traffic
  • Your security posture becomes version-controlled and auditable

How It Works

  • YAML files define what to allow, block, rewrite, or escalate
  • Priority-based evaluation ensures critical rules fire first
  • Shadow mode monitors without enforcing — perfect for rollout
Why it matters

Security policies shouldn't live in someone's head. Write them once in YAML, version them in Git, and every AI interaction follows the same rules — consistently, every time, even at 3 AM.

Audit Trail
Every security event logged — rate limits, policy violations, scanning results, escalations. Indexed by type, severity, and timestamp.
Full event history
Tap to learn more →

Business Value

  • Instant answers for auditors — every security event is logged and searchable
  • Prove compliance without manual evidence gathering
  • Spot anomalies early with indexed, filterable event history

How It Works

  • Every rate limit hit, policy violation, scan result, and escalation is recorded
  • Events indexed by type, severity, timestamp for fast queries
  • Structured format ready for SIEM export or compliance reporting
Why it matters

When an auditor asks "what happened on Tuesday at 2 PM?" you have a complete, timestamped answer — not a best guess. That's the difference between passing an audit and scrambling through it.

Rate Limiting & Validation
Per-tool sliding window (60 calls/60s). Content size limits. Path traversal prevention. Symlink validation. Secret file blocking.
Defense in depth
Tap to learn more →

Business Value

  • Prevent runaway AI costs from rogue agents or misconfigured tools
  • Block common attack vectors — path traversal, symlink exploits, oversized payloads
  • Protect sensitive files (.env, credentials) from accidental AI access

How It Works

  • Each tool gets its own sliding window — 60 calls per 60 seconds by default
  • Input validation blocks path traversal (../../) and symlink attacks
  • Known secret file patterns (.env, id_rsa) are automatically blocked
Why it matters

AI agents can make thousands of requests per minute if unchecked. Rate limiting keeps costs predictable, and input validation ensures no agent can accidentally (or intentionally) access files it shouldn't.

Air-Gapped Operation
No phone-home, no cloud dependencies. Fully offline with local LLMs (Ollama, vLLM). Works disconnected from day one.
Zero internet required
Tap to learn more →

Business Value

  • Deploy in classified, SCIF, and disconnected environments
  • Zero data exfiltration risk — nothing leaves the network, ever
  • No vendor lock-in — runs entirely on your hardware with your models

How It Works

  • All AI inference runs locally via Ollama or vLLM
  • No telemetry, no license phone-home, no cloud dependencies
  • Install once, run forever — even without internet
Why it matters

For defense, intelligence, and regulated industries, "cloud-based" is a non-starter. Your AI operates on your network, your hardware, your terms — completely disconnected from the outside world.

Response Scanning
Detect hallucinated PII from LLM outputs — not just user inputs. Nemotron-powered bidirectional scanning catches sensitive data before it reaches the application layer.
Bidirectional protection
Tap to learn more →

Business Value

  • Catch AI-generated fake phone numbers, SSNs, and addresses before users see them
  • Protect against training data leakage in LLM responses
  • Bidirectional means both what goes in and what comes out is scanned

How It Works

  • Same PII detection engine scans LLM outputs, not just inputs
  • Nemotron NLP catches context-dependent PII that regex alone misses
  • Sensitive data is caught before it reaches your application layer
Why it matters

AI models can hallucinate realistic-looking personal data — real-seeming SSNs, phone numbers, addresses. If that reaches your users or your database, you have a compliance nightmare. We catch it on the way out.

Designed Architecture complete, implementation next
SecureLLM Proxy (Rust)
23-crate Rust security proxy. Provider-agnostic interception, streaming SSE, MCP proxying. FIPS crypto via aws-lc-rs. Enterprise: dashboard, SIEM, compliance, RBAC.
23 crates · 451 tests · 85% complete
Tap to learn more →

Business Value

  • One binary sits between your AI and every LLM provider — no code changes needed
  • Switch providers without changing a single line of application code
  • FIPS-validated cryptography means government contracts are on the table

How It Works

  • Rust binary intercepts all LLM API calls transparently
  • Applies security policies, PII scanning, and rate limits in-line
  • Streams responses via SSE — no latency penalty
Why it matters

Instead of bolting security onto every AI application individually, one proxy secures them all. Deploy once, protect everything — and switch AI providers without touching your apps.

Cost & Usage Tracking
Per-request metrics, token budgets, model-specific pricing tiers. Enforce spending limits before they become surprises.
SecureLLM Pro feature
Tap to learn more →

Business Value

  • No more surprise AI bills — set budgets per team, project, or model
  • Know exactly which AI features cost what, and optimize accordingly
  • Hard spending limits prevent one runaway agent from blowing the budget

How It Works

  • Every LLM request is metered — tokens in, tokens out, model, cost
  • Configurable budgets with alerts at thresholds (50%, 80%, 95%)
  • Model-specific pricing tiers reflect actual provider costs
Why it matters

Companies are discovering that AI costs can spiral fast — one misconfigured agent loop can burn through thousands in hours. Cost tracking with hard limits means you're always in control of the spend.

Three-Tier Licensing
Free (Anthropic + OpenAI, PII detection), Pro ($29/mo — all providers, MCP proxying, custom rules), Enterprise (PostgreSQL, RBAC, SIEM, compliance). Test keypair + fixture generator built.
Ed25519-signed JWT · Implemented
Tap to learn more →

Business Value

  • Start free — no credit card, no commitment, no sales call
  • Pro tier at $29/mo unlocks every provider and advanced rules
  • Enterprise tier scales to your compliance and infrastructure needs

How It Works

  • Ed25519-signed JWT licenses — cryptographically tamper-proof
  • License validation is offline-capable — no phone-home required
  • Tier features unlocked in the binary, not via feature flags
Why it matters

Security shouldn't be paywalled at the basics. The free tier gives you real PII detection — because everyone deserves a baseline. When you need more, the upgrade path is simple and predictable.

Planned What we'll ultimately deliver
Distributed Governance
Go Overseer with Raft consensus. Cluster-wide policy enforcement, cost controls, failover management. CockroachDB-backed audit logs.
Raft · CockroachDB
Tap to learn more →

Business Value

  • One security policy governs every node in the cluster — no gaps, no drift
  • If a node goes down, governance automatically fails over — zero downtime
  • Cost controls enforced cluster-wide prevent any single team from overspending

How It Works

  • Go-based Overseer coordinates policy across all nodes via Raft consensus
  • CockroachDB stores distributed audit logs — survives node failures
  • Automatic leader election means no single point of failure
Why it matters

As you scale from one server to dozens, security can't depend on manual config. Distributed governance means every node follows the same rules — automatically — even if nodes join, leave, or fail.

RBAC & SSO
Role-based access control with tool-level ACLs. Agent authorization boundaries. OpenID Connect SSO (Okta, Azure AD, Ping).
Enterprise identity
Tap to learn more →

Business Value

  • Use your existing identity provider — Okta, Azure AD, Ping — no new passwords
  • Control exactly which tools each team or agent can access
  • Onboard and offboard people in minutes, not days

How It Works

  • OpenID Connect SSO plugs into your existing identity infrastructure
  • Tool-level ACLs define granular access — who can use what, when
  • AI agents get their own authorization boundaries, separate from humans
Why it matters

Enterprise IT won't adopt a tool that requires its own identity system. SSO means GreyMatter slots into your existing security stack, and RBAC means the intern can't accidentally access production AI agents.

SIEM Integration
Forward security events to Splunk, syslog, or any SIEM. Real-time alert streaming with structured event export.
Splunk · Syslog
Tap to learn more →

Business Value

  • AI security events appear in the same dashboard as everything else
  • SOC teams get real-time visibility without learning a new tool
  • Correlate AI events with network and application events in one place

How It Works

  • Structured event export to Splunk, syslog, or any SIEM endpoint
  • Real-time streaming — no batch delays
  • Events pre-formatted for common SIEM query patterns
Why it matters

Your security operations center already monitors everything else in Splunk. If AI events live in a separate silo, they'll be ignored. SIEM integration means AI security is just another feed on the dashboard your team already watches.

HSM Support
Hardware security module integration for key management. FIPS 140-2 Level 3 compliance through dedicated crypto hardware.
FIPS 140-2 Level 3
Tap to learn more →

Business Value

  • Encryption keys stored in tamper-proof hardware — not in software
  • Unlocks FIPS 140-2 Level 3 — the highest standard for most government work
  • Key extraction is physically impossible, even with full server access

How It Works

  • Dedicated crypto hardware (HSM) stores and manages encryption keys
  • All key operations happen inside the HSM — keys never leave the device
  • Supports AWS CloudHSM, Azure Dedicated HSM, and on-prem hardware
Why it matters

Software can be hacked. Hardware security modules can't be — the keys are physically locked inside the device. For the most sensitive environments, this is the gold standard that makes auditors smile.

Compliance Reports
Auto-generate compliance evidence artifacts. Audit trail export for SOC 2 Type II. Framework-specific reporting templates.
Automated evidence
Tap to learn more →

Business Value

  • Generate audit evidence in minutes instead of weeks of manual gathering
  • Framework-specific templates (SOC 2, HIPAA, CJIS) — not generic exports
  • Continuous compliance — evidence is always current, not point-in-time

How It Works

  • Pre-built templates map audit trail events to specific compliance controls
  • One-click export produces auditor-ready documentation
  • Continuous monitoring keeps evidence fresh between formal audits
Why it matters

Compliance audits are expensive because evidence gathering is manual. Automated reports turn a 6-week scramble into a button click — saving tens of thousands in consulting fees and staff hours every audit cycle.

Multi-Site Federation
Encrypted sync between air-gapped sites. VLAN segmentation for regulatory separation. Disconnected operation with eventual consistency.
Air-gapped federation
Tap to learn more →

Business Value

  • Run AI at multiple locations without connecting them to the internet
  • Each site operates independently — no single point of failure
  • VLAN separation ensures regulated data stays where regulations say it must

How It Works

  • Encrypted sync protocol works over sneakernet, private links, or satellite
  • Eventual consistency — sites sync when connected, work independently when not
  • VLAN segmentation enforces data residency at the network level
Why it matters

Defense installations, hospital networks, and financial trading floors can't be connected to each other. Federation lets each site run AI independently while syncing knowledge securely when the window opens.

Target Compliance Frameworks (highlighted = priority targets on roadmap)
SOC 2 Type II HIPAA CJIS FedRAMP NIST 800-53 FERPA ITAR CMMC

Built for every conversation

One platform, every audience

Investor / Pitch
"We don't build AI. We make AI work."
Enterprise Sales
"Orchestrate any AI. Anywhere."
Security / Compliance
"AI governance from the ground up, and local first."
Defense / Air-Gapped
"Enterprise AI, even offline."
Developer
"Memory. Purpose. Scale."
Partner
"Powered by GreyMatter."