SOC 2 Not Enough?In-VPC Agent Deployment

Pass AppSec approval in days.

We will build you a custom, reusable Infrastructure-as-Code template that drops your agent directly into your customer's VPC.

  • Reusable template, runs fully inside each customer's VPC
  • Built to pass customer security review in days, not months
  • AWS, GCP, and Azure
  • Tested end-to-end in a sandbox sub-account you provide
Customer VPC, Deployed via Your Template

Your AI Agent

Runs inside each customer's VPC

AWS
GCP
Azure
Deployment Dashboard
● healthy

Activity, last 30 days

+24% MoM

Agent version

v2.4.1

Token usage / day

18.2M

Agent actions / hr

12.4k

Problem

SOC 2 isn't enough anymore

Enterprise customers want more than a compliance badge before they let an AI agent near their data. Without a clean, reviewable, in-VPC deployment story, your agent stalls in their security queue for months.

security-portal · vendor-review

Vendor Onboarding Review · #VR-4287

AI Agent Deployment — your-company.com

Blocked

Status

Pending Approval

Days in queue

47

Reviewers

3 awaiting

Reviewer notes

  • MR

    Marcus Reyes · Security Architect

    Need clarity on what data leaves our VPC. Won't approve until we see network diagrams.

    blocker
  • PL

    Priya Lal · Compliance

    SOC 2 alone insufficient for prod data. Requires in-environment deployment.

    blocker
  • DK

    Daniel Kwon · Platform Eng

    Vendor's IaC doesn't fit our landing zone. Estimating 6+ weeks to adapt.

    concern

Solution

We build the template. You ship it to every customer.

A custom Infrastructure-as-Code template, built on the same in-VPC patterns Actual AI runs in production. We test it end-to-end in a sandbox sub-account you provide, then you re-use it across every new customer.

Custom Deployment Template

Infrastructure-as-Code template for AWS, GCP, or Azure that drops your agent into a customer's VPC with secure networking, IAM roles, and isolation pre-configured.

Security-Aligned Architecture

Designed to pass customer security review. No external data exfiltration. Clear boundaries and full auditability.

Tested in Your Sandbox Sub-Account

We provision and run the template end-to-end in a sandbox sub-account you provide, validating reliability, performance, and connectivity before handoff.

Reusable Across Every Customer

Parameterized once, ship many times. Use the same template for every new customer without one-off setup or bespoke security reviews.

Deployment Visibility Dashboard

Reference dashboard pattern bundled with the template. Status, health, and usage visibility your customers and your operators can use.

Process

From kickoff to template in two weeks

Four concrete steps. No mystery. We do the heavy lifting in the sandbox sub-account you provide so handoff is proven, not promised.

1

Kickoff call

30 minutes to align on your agent's runtime, customer cloud mix, and the data boundaries your enterprise prospects keep flagging.

2

Provide a sandbox sub-account

Spin up an isolated AWS, GCP, or Azure sub-account. We deploy the template here end-to-end, so handoff is proven before it ever touches a customer.

bash
# in your AWS Organization
aws organizations create-account \
  --account-name "actual-sandbox" \
  --email sandbox@your-co.com
3

We build & validate the template

Two weeks. Parameterized Infrastructure-as-Code, a reference dashboard pattern, and end-to-end testing in the sandbox sub-account you provided.

hcl
# your-agent.tf — parameterized once, ship many
module "agent" {
  source = "./modules/agent-vpc"
  customer_id = var.customer_id
  region = var.region
}
4

Ship to every customer

You receive the template, the dashboard, and a security-review packet. Same artifact for every customer — no more bespoke deployments per account.

Pricing

Simple, fixed engagement

Price

$5,000

Timeline

2 weeks

Scope

Custom template, sandbox testing & dashboard pattern

No ongoing commitment required.

Delivery commitments

  • Template delivered within 2 weeks of kickoff
  • You provide a sandbox sub-account (AWS/GCP/Azure) where we test the template
  • One primary agent template per engagement
  • End-to-end testing performed in the sandbox sub-account
  • Includes parameterized, reusable Infrastructure-as-Code
  • Reference dashboard pattern bundled with the template
  • You run the template against your customers. We don't deploy at each customer for you

Pass customer security in days, not months