An atlas is a complete map — the document you reach for when you need to know what is where. STACK Atlas is the complete map of your AI estate, the artifact every other Stack product and every Compass score reads first.
Map the AI estate, end to end.
STACK Atlas auto-discovers every cloud account, SaaS app, model endpoint, autonomous agent, vector store, and machine identity in your environment — including the shadow AI nobody told the security team about. The foundation Compass scores against.
The job to be done
Continuous discovery and inventory across your AI-era estate. STACK Atlas auto-discovers every cloud account, SaaS app, code repository, model endpoint, autonomous agent, vector store, fine-tuning job, and machine identity — including the shadow AI nobody told the security team about. Each asset is tagged with ownership, data classification, dependency graph, and the Compass domain it belongs to.
Why it doesn’t exist yet
Wiz, Orca, and the CSPM category map cloud config but treat the AI layer as opaque. Snyk inventories code, not models. SaaS management tools like Torii and Zylo see expense data, not security posture. None of them discover that your data-science team spun up three OpenAI fine-tuning jobs on customer-export data last Tuesday. You cannot secure what you cannot see, and nobody has built a unified inventory for the AI-era stack.
The naming logic
An atlas is a complete map — the document you reach for when you need to know what is where. STACK Atlas is the complete map of your AI estate, the artifact every other Stack product and every Compass score reads first.
What ships in the first release
A focused first cut. Everything below is on the GA scope; the roadmap goes deeper from there.
Cloud Accounts
AWS, GCP, Azure, OCI — every account, every region, every service. IAM principals, S3/GCS buckets, secrets stores.
Model Endpoints
OpenAI, Anthropic, Bedrock, Vertex, Azure OpenAI, self-hosted endpoints (vLLM, TGI). Versions, owners, data classifications.
Autonomous Agents
LangGraph, CrewAI, AutoGen, custom orchestrators. Capability boundaries, tool access, escalation paths.
Vector Stores
Pinecone, Weaviate, pgvector, Chroma, Qdrant. Namespaces, embedding sources, chunk-level provenance.
Machine Identities
API keys, service accounts, OAuth apps, fine-grained tokens. Owner, last use, blast radius.
Compass Mapping
Every asset auto-tagged to the Compass domain it belongs to so gaps surface in the right capability score.
Questions design partners are asking
Straight answers about scope, integrations, and how this fits the rest of the Stack platform.
How is Atlas different from a CSPM?
CSPMs see cloud config and stop. Atlas is the only inventory that natively understands model endpoints, agents, vector stores, and the data flowing between them — the layer where AI risk actually lives.
Do you install agents on hosts?
No. Atlas pulls via read-only API connectors from cloud providers, model vendors, SaaS platforms, and identity providers. Zero endpoint footprint.
Does it find shadow AI?
Yes — that's the whole point. We correlate billing, DNS egress, IdP login patterns, and code-commit activity to surface AI usage your CISO doesn't know about yet.
How does it feed Compass?
Every discovered asset gets tagged with the Compass domain it belongs to. Compass scores move from self-reported maturity to inventory-grounded reality the moment Atlas is live.