OpsPilot

A governed control plane for the operations that matter most.

OpsPilot is the product Wisego is building first: a natural-language control plane for Active Directory, Windows Server, GPO, identity, and access. It is designed for IT and security teams that take operational excellence — and audit — seriously.

Status · In active development

The model proposes. Your policy decides. The audit log proves it.

The conversation around AI in operations has stalled in two places: chat interfaces that do nothing useful, and autonomous agents nobody can defend in front of a regulator. OpsPilot is engineered against both failure modes. It is fast where it should be fast, and slow exactly where slow is the right answer.

Inherits AD / Entra role scopes
Plan before execute, always
In-context approval workflows
Tamper-evident audit chain
Multi-tenant isolation
No tenant data used to train models

Apply for early access See the roadmap

OpsPilot · session

tenant: acme

ITDisable Jane Cooper, reassign her group memberships to the Finance lead, and revoke her VPN access.

OpsPilotResolved Jane Cooper (jcooper@acme.local). Planned change set:

OpsPilot• Disable AD account, set expiration to today (UTC).

OpsPilot• Move 4 group memberships → Marcus Lee (Finance Lead).

OpsPilot• Revoke active VPN session and refresh-token (Entra ID).

OpsPilotRisk: medium. Affects 3 systems. Requires approver: ops-admin.

ITApprove.

OpsPilotExecuted in 1.8s. Audit trail wis-evt-8421 captured.

Policy-gated · approver requiredFull audit trail

What OpsPilot does

A control plane, not a chatbot.

Six primitives carry the experience. Each is a deliberate design decision against the failure modes we already see in the market.

Conversational infrastructure

Talk to your environment the way you brief a senior engineer. OpsPilot resolves entities, dependencies, and side effects before proposing anything.

Plan, diff, rollback

Every action is a versioned change set. Review the diff, the impact, and the approval requirements before it executes. Roll back when needed.

Policy-gated execution

OpsPilot inherits scopes from the roles already granted in AD and Entra. It cannot exceed them. Period.

Explainability

Why this change, on what authority, against which policy — captured for every run. No black-box automation.

Auditability

Tamper-evident logs of plans, approvers, decisions, and executions. Exportable into your SIEM and compliance evidence pipeline.

Identity-first by design

Built for AD and Entra ID before anything else. The hardest, highest-value surface — done well — is the foundation for everything else.

How natural-language operations work

From intent to executed change — without losing the audit trail.

Intent

An operator describes what they want to happen, in plain language.

Grounded plan

OpsPilot inspects the live environment, resolves entities, and proposes a structured change set.

Approval gate

The plan routes to the policy-defined approver. Reviewers see diff, blast radius, and authority.

Executed & logged

Execution is scoped, idempotent, and recorded. Every decision — human or model — is captured.

Security model

Built so security teams say yes.

OpsPilot is engineered with the assumption that it must defend itself in front of a CISO, an auditor, and a hostile incident review. The model is one component; the guarantees come from the architecture.

Least-privilege by default

Connectors register scopes; OpsPilot operates strictly within them, even when prompted otherwise.

Approval-bound execution

Change classes (read-only, low-risk, sensitive) route to declared approvers. Sensitive changes require multi-party approval.

No silent automation

OpsPilot never executes without an approved plan. Scheduled runs follow the same approval contract.

Tenant isolation

Per-tenant boundaries, encryption keys, and audit chains. No cross-tenant model or data leakage.

Tamper-evident audit

Chained event logs, exportable to your SIEM. Every plan and execution is reproducible from the log.

No training on tenant data

Your environment data is not used to train Wisego’s or any vendor’s general models.

Reference architecture

Four layers. One contract.

OpsPilot is designed so that swapping any layer — reasoning, policy, integrations — does not break the others. The contract between layers is the audit log itself.

Reasoning layer

Multi-model orchestration that grounds plans in your live environment state, not training data.

Policy & approval engine

Declarative scopes, change classes, and approver routes — enforced regardless of which model proposes the change.

Integration adapters

Native, read-first connectors for AD, Entra, GPO, DNS/DHCP. Extensible for future Microsoft surfaces.

Audit & evidence store

Structured event log with cryptographic chaining. Built for legal-grade reproducibility.

Microsoft-first strategy

Win the surface where operations actually live.

Active Directory, Group Policy, and Entra ID still run a meaningful share of every enterprise — and that is where the most expensive operational mistakes are made. Wisego’s strategy is to be the strongest, safest control plane for that surface before extending outward. Depth before breadth.

Read the roadmap

Active Directory
Entra ID (Azure AD)
Group Policy Objects
NTFS / share permissions
Windows Server
DNS / DHCP
Hybrid identity flows
PKI & certificate services

Build with us

Join the Founding Partners shaping OpsPilot.

Early-access is limited to a small cohort of MSPs, infrastructure leaders, and security teams. Apply if you want a seat at the table.

Join Early Access About Wisego