SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States
Flux result f92b16d0 077a 40ea babc d8335b59a98f
#
MDM
#
Application Security
#
Physical Security

Appdome launches Vault for mobile compliance history

Wed, 25th Mar 2026
Author image
By Mark Tarre, News Chief

Appdome has launched Vault, a workspace for recording and searching the compliance history of mobile app security and fraud controls. The product also includes an AI compliance agent.

Vault is designed to give risk and compliance teams a single record of what protections were deployed in a mobile app, when changes were made, and who made them. It stores compliance histories for each customer's mobile business, including policy changes, administrative actions, release histories, build records, and certifications generated on the Appdome platform.

The launch comes as mobile teams face growing pressure to produce evidence for internal reviews, regulatory checks, and post-incident investigations. As mobile apps have become a primary channel for banking, payments, healthcare, and commerce, compliance teams are increasingly being asked to show what controls were in production at a specific point in time and whether those controls changed over time.

According to Appdome, Vault keeps an immutable record of defence configurations, policy selections, admin access, builds, releases, validation records, and Certified Secure certifications. This is intended to help organisations retrieve historical evidence even after staff, systems, or processes have changed.

Audit trail

The system is intended to support a range of compliance and governance tasks, including internal audits, incident response reviews, reconstruction of a defence timeline after an event, checks for policy drift, and verification of obligations to business partners, insurers, and third-party risk programmes.

It also offers configurable retention periods and scope settings, allowing customers to retain information in line with internal governance rules or regulatory requirements. Enterprise customers can keep multi-year records, generate exports for audits, and apply legal or regulatory holds where needed. Customers that have used the platform for years will also be able to access older compliance data through Vault.

Vault can also be linked to governance, risk, and compliance tools through an API, giving customers a way to pull mobile compliance records into broader reporting and oversight systems.

Alongside the workspace, Appdome introduced what it calls an Agentic AI Compliance Agent. The tool is intended to answer audit-style questions by drawing on data stored in Vault, including access logs, team management records, policy configurations, CI/CD build and release metadata, approvals, governance actions, and evidence of policy drift.

AI queries

Users can ask the AI agent whether their current defence model supports a given regulatory requirement, whether specified protections were present in production releases during a particular period, where policy drift occurred, or how controls map to frameworks such as PCI, HIPAA, SOC 2, NIST, OWASP, and ISO.

Appdome is positioning the product as a way to replace fragmented evidence gathering that often depends on email chains, individual staff knowledge, and manual reconstruction. The problem can become more acute when organisations need to review incidents or answer audit questions years after an app release.

"Mobile leaders are under increasing pressure to prove compliance with security, anti-fraud, and API protection requirements at all times," said Tom Tovar, CEO and Co-Creator of Appdome.

"Vault provides a centralized workspace to view, investigate, and interrogate the complete mobile compliance history over time, and leverage Agentic AI to map the brand's defense posture to any regulatory framework and address internal and external audits in real time," he said.

Chief Technology Officer Avi Yehuda said the aim is to move compliance evidence away from ad hoc processes and toward automatic record-keeping.

"Vault uses technology to record and demonstrate compliance on demand, replacing manual processes with agentic workflows," said Yehuda, CTO and Co-Creator of Appdome.

"Who and how mobile businesses build, validate, and prove compliance over time shouldn't be left to verbal communications and email threads - it needs to be recorded and retrieved in real time as decisions are made and work is done," he said.

Industry analyst Richard Stiennon framed the issue as one of historical reconstruction rather than rule interpretation.

"The biggest challenge in mobile compliance is not understanding the rules, but reconstructing the history," said Stiennon, Chief Research Analyst at IT-Harvest.

"When evidence is scattered across tools, teams, and time, proving continuous compliance is slow, manual, and risky," he said.

Appdome said its platform already holds the operational and build data needed to create an app-by-app compliance record.

"As a platform and workflow product, Appdome serves as the source of truth for how the mobile business is protected," said Tair Cohen, VP of Application Engineering at Appdome.

"Other products lack the operational, access, policy, and build data to create a compliance lineage app-by-app. Appdome has all the pieces and, now, that data is at your fingertips," he said.

Related stories
OpenAI launches Trusted Access for Cyber with major names
Anthropic launches Claude Opus 4.7 with stronger coding
Cyber insurance now common among North American SMBs
CIQ launches Linux compliance platform ahead of deadlines
Emerson & OPSWAT strike global reseller deal for OT patching

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
Autonomize launches healthcare AI platform version 3
CERN joins OpenSearch foundation as associate member