Platform capabilities

Analyst categories — CNAPP, CSPM, SIEM, IGA, PAM, AIOps, APM — overlap heavily and proliferate yearly. Procurement teams need a one-page answer to "what is this product, in your terms?". The Platform capabilities page is that answer.

The four roles

For every category, we declare exactly one role:

• Core native — we own the engine. The output is computed inside VinTekh. Examples: RCA, attack-path, CSPM (Azure), CDR (Azure), CAI (Azure).
• Correlate — we ingest someone else's output and weave it into our graph. We add value via correlation, not by replacing the source tool. Examples: SIEM (we ingest Sentinel/Splunk events), APM (we ingest Dynatrace/Datadog service maps), PAM (we ingest CyberArk audit).
• Reference — we surface the category shallowly so the user knows we see it; depth lives in the source tool. Examples: GitOps (Argo/Flux config read), Internal Developer Platform (Backstage read).
• Roadmap — we know the category exists; we don't deliver it yet. Honest about future work. Examples: SOAR (intentionally never — we're read-only), BAS, Digital Twin.

Why we won't call ourselves things we're not

Specifically, we will not say:

• "CNAPP" until we have full DSPM + multi-cloud asset graph at Wiz/Prisma parity. Today CNAPP is marked correlate.
• "AIOps" until we have anomaly clustering + cross-source event correlation. Today AIOps is core native only for our RCA engine.
• "SIEM" or "SOAR" — never. SIEM stays correlate; SOAR is intentionally future because executing changes violates our read-only constitutional rule.

What we do call ourselves

AI-Native Unified Cloud Intelligence Platform. A read-only control plane that discovers every resource and identity, builds one normalised graph, grades every capability honestly, and renders investigations, recommendations, diagrams, and reports against that single graph.

See also Service coverage — the service-level grades that feed the category counts on this page.