The secure AI back-end you
don’t build or operate.
Typed records, documents, hybrid search, citation-grounded answers, and in-perimeter inference — behind one API and one declared data model, reachable both by your app and by your agents.
Start lean. Scale to compliance-grade without re-platforming.
Invite-only preview today. Self-serve and a free tier are on the way as we open access.
One model, everything derives from it
Declare your data model once.
The platform turns that one declaration into the back-end an AI product actually needs — the pieces stay in sync because they’re properties of the same model, not four systems you wire together and operate.
declare once
One declared data model
Typed records and documents
Define your own record schemas — fields, validation, references, sensitivity — and write records against them. Ingest documents inline or by upload, organize them in folders, and retrieve their text and download URLs. Every write to an audited model is versioned, with optimistic concurrency.
Hybrid search, no separate vector DB
One search call spans records and documents, in keyword, semantic, or hybrid mode. Your source of truth is what’s searchable — no vector index bolted beside a database with a fragile sync job in between.
Grounded RAG out of the box
The same indexed content grounds inference: chat, retrieval over your own data, and document-scoped question answering — streamed, with citations back to the source.
MCP-native for agents
Twenty-one data-plane tools let an agent read and write your Vectros data directly over the Model Context Protocol. Vectros data-plane tools only — no web-fetch or external-search surface, by design.
Per-customer isolation that fails closed
Every data-plane resource is partitioned by an auth-derived context that fails closed; lookups never cross a context boundary. Isolation is structural — not a row-level rule one forgotten WHERE clause away from a leak. Scoped keys carry exactly the permissions you grant and no more.
Cost tracks the work you do
Credit-based and pay-as-you-go — one credit is a penny, with a generous free read allowance on every plan. You pay to write, search, store, and run inference, and only for the capabilities you turn on. You don’t pay for other tenants’ scale.
Cost tracks the work you do — see the five-tier shape and the credit model.
One substrate, two surfaces
Reach your data the way your product does — app-native and agent-native.
The same typed model, the same fail-closed isolation, and the same scoped keys are reachable two ways: by the people who use your product, and by the agents that act on their behalf. You don’t pick one — you get both over one substrate.
Your app — human-native
A working UI on day one
The default data-plane app gives you a browsable UI over your typed model immediately — records, documents, folders, search. Build your own with the React toolkit and the SDKs when you’re ready; same model, same isolation, same keys.
Your agents — MCP-native
Native tools over MCP
Vectros ships an official Model Context Protocol server. Drop one entry into your agent’s config and the model can search, read, and write your data as native tools — twenty-one data-plane tools, no web-fetch or external-search surface, by design. Isolation and scoped-key enforcement hold exactly as on the API.
{
"mcpServers": {
"vectros": {
"command": "npx",
"args": ["-y", "@vectros-ai/mcp-server"],
"env": { "VECTROS_API_KEY": "ssk_live_..." }
}
}
}Search, records & RAG as tools
Hybrid search, full record/document/folder CRUD, and grounded question-answering — callable directly by the model.
Data plane only
No internet, no third-party tools. An agent reaches your tenant’s data and nothing else.
One-command credential
The CLI mints a least-privilege scoped key and merges the config for you — your root key never touches an agent.
The bridge
Start lean. Scale to compliance-grade without re-platforming.
The trap every cheap tool sets
Most cheap back-ends wall you the day you land your first real customer. The auth or database you reached for was never eligible for a BAA, or compliance arrives as an enterprise-tier jump — so you rip it out and re-platform, usually with that first customer watching.
Why there’s no wall here
Compliance is a peak of the capability surface, not a tax on the entry price. The same per-customer isolation that keeps you cheap at the bottom makes you defensible at the top — identical on every tier. When a customer needs audit history or sensitive-field handling, you turn it on. Same platform, no rewrite.
Where this is going
From back-end to governed agentic workflows.
The same isolated, audited, typed substrate is what governed agentic workflows run on. We run our own content and outreach operations on it today — dogfooding the agentic layer before we open it. Partner-facing agentic workflows are on the roadmap, not the price list. Start on the back-end; grow into governed agents on the same platform, no re-platform.
Runnable proof
A thing you can run beats stacked adjectives.
Pick a blueprint — one reviewable file that declares the schemas, access, and a service principal — and provision it. Then drive it from an MCP agent or the data-plane UI. No application code required.
vectros blueprint list
vectros bootstrap --blueprint agentic-sdlcAgentic-SDLC knowledge base
Your team’s decisions, conventions, runbooks, and gotchas as one typed, hybrid-searchable system of record — recalled by your agents over MCP, browsable by your team. The blueprint we run our own engineering org on.
See how it worksSecond Brain
Dump every note, idea, and link in one place — then just ask it. The widest on-ramp.
Clinical Intake
synthetic / illustrativeStructured intake that validates on the way in and surfaces the most similar prior cases by meaning. Triage and decision support — never decisioning.
See the audit trail, don’t just read about it
The version timeline made visible: who changed what, when — each row append-only and part of a tamper-evident state-continuity chain, with sensitive fields already redacted in every historical row.
| Ver | Actor | Change |
|---|---|---|
| v4 | svc.intake-bot | status: in_review → triaged |
| v3 | dr.okafor | risk_note: ••••••••• (redacted) |
| v2 | svc.intake-bot | priority: normal → elevated |
| v1 | dr.okafor | record created · 7 fields |
The single clearest answer to “why not a general-purpose back-end?” See what you can build or read Vectros vs. rolling your own.
The invite-only journey
Reach conviction on public material before you ask for access.
Read the docs
The API, SDK, CLI, and MCP surface, plus the rendered spec.
Read the code
The reference apps and SDKs are public; read them, don’t take our word.
Run a blueprint
Pick one and see exactly what it provisions.
Request early access
The gate.
Honest caveats
Where the boundaries are.
What’s in place today, what’s scoped, and what isn’t built yet.
Audit history is tamper-evident, not tamper-proof.
A SHA-256 state-continuity chain makes out-of-band alteration detectable; it does not make the store physically immutable.
Reviewed, not certified.
Partner-facing surfaces have been hardened through extensive adversarial security review. We don’t hold a SOC 2 report or a third-party penetration test today — both are on the roadmap.
In-perimeter inference is scoped to the partner data plane.
Sensitive content on that path stays inside the Vectros perimeter; it isn’t a whole-platform guarantee.
You can fully delete a customer’s data.
Decommissioning a customer or a whole tenant runs a real, irreversible cascade — not a soft-delete flag. One-click erasure of a single person’s data on request (the “right to be forgotten”) isn’t built yet; it’s on the roadmap.
A bridge token is a real human step.
Provisioning a blueprint needs a developer-portal sign-in; there’s no fully unattended bootstrap.
Pricing always lives on the pricing page — never duplicated here.