Choose Your Pipeline Capacity
All tiers get Kill Switch SDK, Evidence Vault, signed bundles, and every compliance framework. Tier up for more pipelines and executions.
SCAN
See the Risk
14-day free trial
Start free for 14 days. Visibility into your AI security & compliance risks. Web-view only.
Start Free 14 DaysWhat's Included
DEFEND
Defend it Internally
Arm your engineering teams with exports, CI/CD gates, and runtime attack testing — all features, more pipeline capacity.
Start DefendingWhat's Included
CERTIFY
Prove it to Anyone
Cryptographically signed evidence, continuous monitoring, full governance stack — prove compliance to auditors & regulators.
Get CertifiedWhat's Included
FIRM
Manage it for Clients
Tailored to your practice
Everything in CERTIFY + custom pipeline limits, multi-org management, and a dedicated CSM for your compliance practice.
Contact SalesWhat's Included
Side-by-Side Comparison
Hover over abbreviations to see full terms. All tiers get all features — difference is pipeline capacity & execution limits.
| Feature | SCAN $99/mo | DEFEND $349/mo | CERTIFY $999/mo | FIRM Custom |
|---|---|---|---|---|
| Pipeline & Automation | ||||
Pipelines (Pipelines (Compliance Workflows)) | 10 | 50 | 200 | Custom |
Execs (Monthly Executions) | 100 | 1,000 | 5,000 | Custom |
CI/CD (CI/CD Integration) | ||||
Cron (Scheduled Monitoring) | ||||
| AI Security Scanner | ||||
Vectors (Runtime Attack Vectors) | — | 100 | 268 (all) | 268 (all) |
SAST (Static Analysis (80+ rules)) | ||||
PDF (PDF Report Export) | ||||
SARIF (SARIF Export (CI/CD Format)) | ||||
| Scan History Retention | 30 days | 90 days | Unlimited | Unlimited |
| NYC LL144 Bias Detection | ||||
NYC LL144 (Bias Audits / Month) | 2 | 10 | Unlimited | Unlimited |
JD (JD + Resume Scans) | 10 | Unlimited | Unlimited | Unlimited |
| PDF Audit Report Export | ||||
| Audit History | — | 12 months | Unlimited | Unlimited |
| Governance & Evidence | ||||
AI Inventory (AI Systems in Inventory) | 3 | 25 | Unlimited | Unlimited |
SDK (Kill Switch SDK) | ||||
CT (Compliance Twin) | ||||
Vault (Evidence Vault (Immutable)) | ||||
MARPP (Signed Artifact Bundles (MARPP)) | ||||
| Regulatory Alerts | ||||
| Compliance Assessments | ||||
SOC2 (SOC2 Framework) | ||||
GDPR (GDPR Assessment) | ||||
HIPAA (HIPAA Assessment) | ||||
ISO (ISO 27001 / 42001) | ||||
NIST (NIST AI RMF) | ||||
EU (EU AI Act Compliance) | ||||
CCA (Colorado AI Act) | ||||
AIRRD (AIRRD Assessment) | ||||
| Full Board Reports | ||||
| Full Audit Logs (Exportable) | ||||
| Team & Support | ||||
| Team Seats | 1 | 3 | 10 | Unlimited |
| Multi-Organization Support | ||||
API (API Access) | ||||
| Support Channel | Email + Call | Priority 4h | ||
CSM (Dedicated Account Manager) | ||||
Frequently Asked Questions
What's the difference between SCAN, DEFEND, CERTIFY, and FIRM?
All tiers get all features — the difference is pipeline & execution capacity. SCAN ($99) is for teams exploring (10 pipelines, 100 executions/mo, web-view only). DEFEND ($349) adds exports and runtime testing (50 pipelines, 1,000 executions/mo). CERTIFY ($999) adds cryptographic evidence & full governance (200 pipelines, 5,000 executions/mo). FIRM (custom) is for agencies managing multiple clients with unlimited pipelines.
What's the "14-day free trial" for SCAN?
Start SCAN at no charge for 14 days. After 14 days, you're billed $99/month unless you cancel. No credit card required to start.
What are "Pipelines" and "Executions"?
A Pipeline is a compliance assessment workflow (e.g., "Run GDPR assessment on our hiring process"). An Execution is one run of that pipeline. SCAN allows up to 10 pipelines and 100 total executions/month. When you hit your limit, you can upgrade or wait until the next month.
What are "Runtime Vectors"?
Adversarial attack scenarios that test your AI system against real-world exploitation techniques (prompt injection, jailbreak, data exfiltration, etc.). SCAN gets zero vectors (passive scanning only). DEFEND gets 100 of the 268 vector suite. CERTIFY gets all 268.
What is MARPP (Signed Artifact Bundle)?
MARPP is our Metadata-Anchored Retention & Proof Protocol — it cryptographically signs your compliance evidence (SHA-256) with a tamper-evident chain-of-custody. Auditors can verify nothing was modified. Available in CERTIFY and FIRM only.
What is the Kill Switch SDK?
A 5-layer emergency shutdown system you embed in your AI apps. It lets you instantly halt AI inference at the model, API, orchestration, data, or network layer — critical for high-risk AI compliance. Available in CERTIFY and FIRM only.
Can I upgrade or downgrade?
Yes. Upgrades take effect immediately. Downgrades take effect at the end of your current billing period.
Do you offer annual pricing?
Yes — annual billing saves 20% on all paid tiers. Use the toggle above the pricing cards to see the per-month rate when billed annually.
Do you conduct audits or certify compliance?
No. HAIEC provides tools and infrastructure to help you prepare for audits. Final compliance determination is made by your independent auditor. We do not conduct audits or issue certifications.
Secure & Trusted Platform
Need Custom Help?
We can help you design a custom compliance program tailored to your AI systems and regulatory landscape.
Our team will work with you to assess your current compliance posture, identify gaps, and build a roadmap for your organization.
Start Your Compliance Journey Today
Get a 14-day free trial of SCAN — card saved on file, no charge until Day 15. Cancel anytime.