Early access  ·  Selecting 3 design partners for Q3 2026 PATENT PENDING

Security correlation that
files its own paperwork

MACE unifies threat signals from every tool into one explainable score — then auto-drafts the regulatory evidence your incident just triggered. FedRAMP, GDPR, NIS2, DORA, NESA. Minutes, not hours.

Become a design partner See pricing
mace — incident pipeline 
$ mace agent install && mace scan --fleet
 1,247 assets resolved across CrowdStrike · Tenable · Splunk · Axonius
 Identity graph built — 11 asset classes, hardware-ID confidence scoring

▲ CDCS 9.6 / 10 — CRITICAL  srv-fin-012 (internet-facing, banking)
   V CVE-2026-31337 · EPSS 0.94 · KEV listed     N C2 beacon + 2 lateral hops
   I impossible travel · privilege escalation    KC exfiltration stage ×1.5

→ UREA evidence automaton triggered
 GDPR Art. 33 draft  — 72h deadline · ready in 4m 12s
 DORA ICT report     — 4h deadline · ready in 4m 12s
 SHA-256 chain of custody sealed · hash 7f3a…e9c1
7
security domains in one score
14
regulatory frameworks automated
<5min
to a filed-quality evidence draft
156/156
automated tests passing
The platform

Three engines. One pipeline.
Zero swivel-chair correlation.

Your tools each see one slice. MACE sees the incident — and the legal obligations attached to it.

UTAG

Universal Temporal Asset Graph

Probabilistic asset identity across 11 classes from every connected tool. Hardware-ID-boosted matching, time-decaying confidence, shadow-IT and impossible-travel detection — so every signal lands on the right asset.

CDCS

Cross-Domain Correlation Score

One explainable 0–10 score across vulnerabilities, endpoint, identity, network, compliance posture, threat intel, and device posture. EPSS + CISA KEV, MITRE ATT&CK kill-chain multipliers, weights that learn from your analysts.

UREA

Universal Regulatory Evidence Automaton

When the score crosses your threshold, MACE drafts the notifications and seals the evidence: pre-filled regulatory forms, jurisdiction reference numbers, tamper-evident SHA-256 chain of custody.

🛰️

One agent, every device

A single endpoint agent for Windows, macOS, Linux, Android, and iOS: inventory, STIG/CIS checks, CVE matching, behavioral EDR rules, DLP patterns, SBOM, honeytokens — in one scan pass, signed by the device's hardware root of trust.

🧠

Macey, your SOC copilot

Ask anything in plain English: "explain this alert," "draft the NIS2 early warning," "simulate a breach path to the payment database." Works with cloud LLMs or fully air-gapped with a deterministic fallback.

Every capability

The full feature set

Everything in the platform today — no roadmap items mixed in. Six capability families, one deployment.

🎯 Detect & Correlate

  • Seven-domain CDCS score (0–10), fully explainable
  • EPSS exploit-probability + CISA KEV prioritization
  • MITRE ATT&CK kill-chain multipliers (1.0–1.5×)
  • Blast-radius scoring from lateral-movement hops
  • Adaptive weights learned from analyst TP/FP feedback
  • Jurisdiction profiles: FedRAMP, GDPR, NESA & more
  • Sector risk multipliers (banking, defense, healthcare…)
  • Impossible-travel / geo-velocity anomaly detection

🗺️ Asset Intelligence (UTAG)

  • Probabilistic identity merge across all connected tools
  • 11 asset classes — servers to mobile to OT/IoT
  • Hardware-ID-boosted matching (MAC, serial, TLS cert)
  • Time-decaying Asset Confidence Score per device
  • Shadow-IT discovery and stale-asset flagging
  • CVE lineage inheritance between cloned assets
  • Graph-entropy behavioral anomaly signal

🛰️ Endpoint Agent (UMEA)

  • Windows, macOS, Linux, Android, iOS — one binary each
  • Hardware + software inventory in a single scan pass
  • STIG / CIS benchmark compliance checks
  • Local CVE matching — NVD, KEV, EPSS refreshed daily
  • Behavioral EDR rules (LSASS, encoded PowerShell, beacons)
  • DLP pattern detection (PAN, SSN, cloud keys, tokens)
  • SBOM (CycloneDX) + supply-chain attack detection
  • Honeytoken deception layer + nightly pen-test lite
  • Event-triggered incremental rescans (real-time)

📜 Compliance & Evidence (UREA)

  • 14 regulatory frameworks across US, EU, UAE + GCC
  • Pre-filled notification drafts in under 5 minutes
  • Deadline tracking with countdown per framework
  • SHA-256 chain of custody on every evidence record
  • Independent chain verification — API anyone can audit
  • Hardware-rooted report signing (Secure Enclave / TPM)
  • Jurisdiction reference numbers auto-generated
  • 17 industry profiles, 30+ framework mappings

⚔️ Respond & Simulate

  • Cyber digital twin — attack-path simulation to crown jewels
  • Cross-asset incident replay (scrub back through time)
  • Auto-remediation gated by safety allowlist + score threshold
  • Full audit log of every executed action
  • Identity threat detection (Okta, Microsoft, Google logs)
  • DNS-level microsegmentation with daily threat feeds
  • Response playbooks per incident class

🧠 Platform & AI

  • Macey — GenAI copilot over every capability
  • Air-gapped operation with deterministic fallback
  • Federated learning with differential privacy — raw data never leaves you
  • Post-quantum readiness tracker (FIPS 203/204/205)
  • Deepfake voice-call detection — no audio retained
  • Connectors: CrowdStrike, Tenable, Splunk, Axonius, MISP + API
  • SOC dashboard + admin portal, real-time WebSocket
  • SaaS or self-hosted — Terraform + Helm included
How it works

Connect. Correlate. Comply.

No rip-and-replace. MACE sits on top of the stack you already run.

01 — CONNECT

Plug in your tools

Native connectors for CrowdStrike, Tenable, Splunk, Axonius, MISP, plus the MACE agent and a generic API. Asset identities unify automatically — no mapping spreadsheets.

02 — CORRELATE

One score, with receipts

Every event is scored across seven domains before it becomes an alert. Every score decomposes into its inputs — your auditors and analysts see exactly why.

03 — COMPLY

Evidence, auto-drafted

Breach confirmed? The right frameworks are identified, notification drafts are pre-filled from incident data, and the chain of custody is cryptographically sealed.

Product preview

See it the way your analysts will

An interactive preview of the MACE console with simulated data. Click around — verify an evidence chain yourself.

🔒 console.macesec.com — SIMULATED DATA
1,247assets monitored
3critical incidents
11high priority
6.2mean CDCS
42evidence sealed
AssetOSCDCSTop signalLast scan
srv-fin-012Ubuntu 22.049.6 CRITICALC2 beacon + exfiltration2 min ago
dc-primary-01Win Server 20228.8 CRITICALGolden-ticket indicator4 min ago
lt-ceo-mbpmacOS 15.57.4 HIGHImpossible travel (NYC→Dubai)1 min ago
k8s-node-07Debian 125.3 MEDIUMKEV-listed CVE, patch available6 min ago
printer-3f-02Embedded5.1 MEDIUMShadow IT — ACS 0.2438 min ago
ws-eng-114Win 11 Pro2.1 LOWSTIG 96% · fully patched3 min ago
Tip: click the first row to open the incident.
INC-2026-0610-007 · srv-fin-012CDCS 9.6 / 10
V · Vulnerability
1.00
E · Endpoint
0.60
I · Identity
0.40
N · Network
0.88
C · Compliance
0.30
T · Threat intel
0.70
H · Posture
0.55
Multipliers: ×1.50 banking sector · ×1.20 blast radius (2 hops) · ×1.50 kill-chain: exfiltration · ×0.92 ACS
✓ GDPR Art. 33 draft generated — 71h 12m remaining ✓ DORA ICT report generated — 3h 18m remaining ⏳ Awaiting analyst confirmation → notify DPA
INC-2026-0610-007
sha256: 7f3a91c4…e9c1
CRITICAL
INC-2026-0609-031
sha256: c25b80aa…41f7
HIGH
INC-2026-0609-018 (tampered — simulation)
sha256: 503dd1f2…62e4
MEDIUM
Every record is sealed with a SHA-256 chain of custody. Verification recomputes the chain — anyone you hand evidence to can do the same.
lt-ceo-mbp · macOS 15.5 · UMEA agent v2.4 · scanned 1 min agoRISK 7.4 HIGH
✓ HardwareSecure Boot on · FileVault on · SEP-attested report · hash a91f…03bc
⚠ STIG / CIS — 71%142 pass · 41 fail · top: password policy, firewall stealth mode off
▲ Malware — 1 indicatorProcess matches Cobalt Strike beacon mutex pattern · PID 8841 quarantine pending
▲ DLP — 3 findingsAWS access key in ~/.env · 2 PANs in exports.csv · personal-cloud sync flagged
⚠ SBOM — 1,182 packages1 flagged: "requets" 1.0.2 — typosquat of requests (supply-chain)
⚠ Pen-test lite — 2 findingssudoers wildcard · world-writable dir on PATH — fix commands queued
CVE exposure — 4 open1 KEV-listed (browser) · patch available · auto-remediation awaiting approval
Post-quantum — 3 weak2 RSA-2048 SSH keys · 1 legacy TLS cert → FIPS 204 migration suggested
One scan pass produces all of this — inventory, compliance, malware, DLP, SBOM, and crypto posture — signed by the device's Secure Enclave.
~/.aws/credentials (decoy)
Read by PID 4471 (curl) · 09:14 UTC · cloud STS trip-wire also fired
TRIGGERED✗ Alert → INC-2026-0610-009
~/.ssh/id_rsa_backup (decoy)
Baseline intact · atime unchanged since placement
ARMED✓ Untouched
finance_passwords.kdbx (decoy)
Baseline intact · hash matches placement
ARMED✓ Untouched
lsass_dump.dmp (decoy)
Baseline intact · monitored via inode + atime tracking
ARMED✓ Untouched
Honeytokens are fake credentials and files planted at the exact paths attackers check first. Any touch is a high-fidelity alert — legitimate users never open them.
Digital twin simulation · target: db-pay-01 (crown jewel)3 STEPS · ~26H DWELL
1
srv-web-04 — initial breachCVE-2026-31337 · EPSS 0.94 · internet-facing → T1190 Exploit Public-Facing Application
Break it: apply patch (available)
↓ lateral movement · est. dwell 2h
2
jump-host-02 — pivotShared SSH keys, no MFA → T1021 Remote Services
Break it: enforce MFA on SSH
↓ credential reuse · est. dwell 24h
3
db-pay-01 — crown jewel reachedStale service account with DB admin → T1078 Valid Accounts
Break it: rotate + segment VLAN
MACE walks your real asset graph with EPSS-weighted edges and shows the cheapest control that breaks each step — before an attacker finds the path.
Regulatory coverage

Built for the deadlines that hurt

14 frameworks across three jurisdictions at launch — with an extensible library designed for more.

USFedRAMP SIR · 1 hour
EUDORA · 4 hours
EUNIS2 · 24h early warning
EUGDPR Art. 33/34 · 72 hours
USSEC 8-K · 4 business days
USHIPAA Breach · 60 days
USPCI-DSS v4.0 · 24 hours
USCMMC L2/3 · 72 hours
USSOC 2 evidence packs
USCISA KEV remediation
UAENESA IAS · immediate
UAEaeCERT · immediate
UAEDIFC DPL · 72 hours
KSANCA ECC-1:2018
Pricing

Priced per asset. Honest by design.

Benchmarked against the stack MACE consolidates — most customers fund it from two budgets: SOC and GRC.

Starter

SMBs and FedRAMP contractors getting compliance-ready
$12 /asset/yr
Up to 500 assets · billed annually
  • Full 7-domain correlation engine
  • 5 regulatory frameworks of your choice
  • MACE endpoint agent (all platforms)
  • SOC dashboard + evidence vault
  • Email support · 99.5% SLA
  • SSO/SAML, custom connectors
Start with Starter
MOST POPULAR

Professional

Mid-market enterprises under multiple regimes
$9 /asset/yr
Up to 5,000 assets · billed annually
  • Everything in Starter
  • All 14 frameworks, all jurisdictions
  • Adaptive weight learning + analyst feedback
  • Macey GenAI copilot
  • Attack-path simulation (digital twin)
  • SSO/SAML · priority support · 99.9% SLA
Talk to us

Enterprise

Large enterprise, government, and critical infrastructure
Custom
Unlimited assets · est. $6–8/asset/yr
  • Everything in Professional
  • On-prem or air-gapped deployment
  • Hardware-attested evidence chains
  • Federated learning (privacy-preserving)
  • Custom connectors + framework packs
  • Dedicated CSM · 24/7 support
Contact sales
The math your CFO will do anyway: a 1,000-asset mid-market firm pays ~$9,000/yr for Professional. One avoided late GDPR notification (fines up to 2% of global turnover) or ~200 analyst-hours of manual correlation pays for the platform several times over.
Founder

Built by one engineer who got tired of the swivel chair

VS

Vivek Sindhu

Founder · CEO · Inventor

UnifiedSec Technologies Inc.
Delaware, USA

Email Vivek

MACE exists because Vivek watched security teams do the same thing at every organization: five consoles open, an incident clock running, and an analyst hand-copying facts between an EDR, a scanner, a SIEM, and a Word template for the regulator. The tools were fine. The seams between them were the vulnerability.

So he built the seam. Vivek designed and personally implemented every layer of MACE — the UTAG asset-identity graph, the seven-domain CDCS correlation formula, the UREA regulatory evidence automaton, the cross-platform endpoint agent, and the Macey assistant — along with the SaaS platform around them and the 30-claim patent application that protects them. His background spans cybersecurity engineering, distributed systems, and regulatory compliance automation across US, EU, and GCC frameworks.

The founding conviction is simple: correlation should be explainable, and compliance should be a by-product of good security — not a second job. Every score MACE produces decomposes into its inputs. Every evidence record can be cryptographically verified by the people it's handed to. That standard of provability is also how the company operates — the test suite, the patent draft, and the data room are shown to every serious partner.

~22,000lines of platform code, founder-written
156/156automated tests passing
30patent claims drafted across 7 components
14regulatory frameworks automated
FAQ

Questions buyers actually ask

Does MACE replace my existing security tools?

No — and we won't pretend it does. MACE consolidates core functions for the mid-market and sits on top of enterprise stacks as the correlation and compliance layer. Your EDR, scanner, and SIEM keep doing what they're good at; MACE makes them make sense together.

How is the score explainable when competitors use "AI detection"?

CDCS is a published, deterministic formula — seven weighted domain sub-scores with kill-chain, blast-radius, and sector multipliers. Every alert ships with its full decomposition. Auditors, regulators, and analysts see exactly why the number is the number. The adaptive part (weights learning from your analysts' feedback) is bounded and inspectable.

Are the regulatory drafts legally binding submissions?

They're pre-filled, deadline-tracked drafts with sealed evidence chains — built for your counsel or DPO to review and submit. MACE removes the 4-hour scramble of assembling facts, not the human judgment of filing.

What's your security posture as a vendor?

Honest answer for an early-stage platform: 156/156 automated tests including evidence-chain tamper tests, hardware-attested agent reporting, and a third-party penetration test plus SOC 2 Type II underway. We'll show you the data room rather than a badge wall.

Can it run air-gapped?

Yes. The full pipeline — including the Macey assistant with its deterministic fallback — runs without internet access. Threat-intel feeds sync via removable media on your schedule.

What does deployment look like?

SaaS: connectors live in under a day. Self-hosted: Terraform + Helm onto your Kubernetes, typically a week including hardening. The endpoint agent is a single binary per platform.

Early access

We're selecting 3 design partners.
Bring us your worst compliance deadline.

Design partners get founder-level attention, locked-in pricing for 3 years, and a roadmap seat. We get your hardest problems. Fair trade.

Opens your mail app addressed to vivek.sindhu@unifiedsectech.com — a founder answers, not a sequence.