System 03 — unified findings + bounded AI

Pentagon

Every scanner speaks its own dialect. Cloud, application, IAM, container, and Kubernetes findings do not deduplicate against each other, do not share a lifecycle, and cannot be asked a compliance question. Pentagon makes them one model — and puts AI agents on top of it, deliberately bounded.

Role co-architect + build Inputs 6+ heterogeneous scanners Core taxonomy · dedup · lifecycle AI bounded, human-reviewed

The problem

A finding from a code scanner, a finding from a cloud benchmark, and a finding from an IAM analyser describe the same kinds of risk in three incompatible vocabularies. So the same issue is counted three times, nothing has a shared status, "are we compliant with control X" is unanswerable, and leadership has no single number. Analysts triage the same thing repeatedly and trust the queue less each time.

What I built

I co-architected and built the warehouse and the boundaries around its AI. Scanners run as ephemeral jobs and write structured output plus a completion marker; an asynchronous processor ingests that into one PostgreSQL model.

One taxonomy — every finding classified on four orthogonal axes: what kind of thing it is, the scan category, the security domain, and the compliance frameworks it touches. That is what makes "show me every framework-X gap across all tools" a query instead of a project.
Fingerprint deduplication — a stable fingerprint per finding, so the same issue seen by two tools or across two runs is one finding with one history, not three rows.
A real lifecycle — open → triaged → resolved / risk-accepted / false-positive, with reopen tracking and SLA timing. A finding is a thing with a life, not a log line.
Bounded AI agents — triage, enrichment, and governance assistants that read findings and write enrichment under strict limits.

  ┌──────────────────────┐     ┌──────────────────┐     ┌──────────────────────────┐
  │ cloud / app / IAM /  │ ──▶ │ structured       │ ──▶ │ PostgreSQL               │
  │ container / k8s ...  │     │ output + done    │     │ 4-axis taxonomy          │
  │                      │     │ marker (JSONL)   │     │ fingerprint dedup        │
  └──────────────────────┘     └──────────────────┘     │ lifecycle + SLA          │
                                                        └──────────────────────────┘

                         ▼  posture view for security and
                            engineering leadership

            ┌─────────────────────────────────┐
            │ bounded AI agents               │
            │ triage · enrichment · GRC       │
            │ deterministic · scoped I/O      │
            │ no destructive actions          │
            │ human review on disputes        │
            └─────────────────────────────────┘

pentagon — one model, agents on top, bounded

Design decisions

One taxonomy across heterogeneous scanners

The four axes are the whole point: they make findings from unlike tools comparable and let compliance be a dimension you query rather than a spreadsheet you rebuild.

Trade-off every new scanner needs a reviewed mapping into the taxonomy. The taxonomy is a governed contract — its value is exactly its stability.

Fingerprint, then deduplicate

Identity is decided before storage. Get the fingerprint keys right and cross-tool dedup is free; get them wrong and you either merge two real issues or split one into noise.

Trade-off fingerprint design is subtle and per-scanner; it earns its keep every day after it is correct.

Ephemeral jobs, asynchronous ingest

Scanning and ingestion are decoupled through structured output in object storage with an explicit completion marker. Scanners can be cheap and interruptible; ingestion is its own well-behaved thing.

Trade-off eventual rather than immediate, and you need a completion signal plus backfill for links that arrive out of order.

The AI is bounded on purpose

Agents run with deterministic settings for classification, a scoped read/write surface, no destructive actions, human review on disputed calls, and logged inputs and outputs. They are assistants that make analysts faster, not actors that change state on their own.

Trade-off deliberately less autonomous than the demos. In security that restraint is the feature — an agent that can act unreviewed is an incident waiting for a prompt.

Operating profile

Pentagon became the single posture view security and engineering leadership actually use across cloud, application, and IAM. It is private by default. The agents speed up the humans; they do not replace the review step, and that is stated, not implied.

What I would change

Taxonomy governance should have been a defined process from the first scanner mapping, not something formalised once drift appeared. The model was right; treating its mappings as reviewed contracts from day one would have saved the cleanup. It is the same lesson Cerberos taught, paid once more.