Editorial notice: vettedaiagents.com is an independent editorial directory. Not affiliated with, endorsed by, or sponsored by any vendor named on this site. Vetting is editorial, not compliance certification. Verify all claims directly with vendors before purchasing. Vetting last reviewed April 2026
Vol. I, April 2026, vettedaiagents.com

Vetted AI Agents in 2026: 16 Vendors That Pass the Bar, Vetting Criteria Published

Independent editorial directory. Seven criteria: SOC 2 / ISO 42001 / public references / pricing transparency / data residency / outcome accountability / time in market and named team. Curated, sourced, dated, quarterly re-vetted.

16
Vendors Listed
4 on watchlist
7
Criteria Applied
Pass bar: 5 of 7
8
ISO 42001 Certified
as of April 2026
Apr 2026
Vetting Reviewed
Next: July 2026

The 7-Criterion Vetting Framework

#1
Security Certifications
SOC 2 + ISO 42001 / AIUC-1 or equivalent
#2
Public References
3+ named customers, publicly cited
#3
Pricing Transparency
Public pricing or triangulated range
#4
Data Residency
Explicit residency + training opt-out
#5
Outcome Accountability
Outcome pricing or published benchmarks
#6
Time in Market
6+ months production, 10+ customers
#7
Team Composition
Named founders + engineering lead
Read the full criteria manifesto →

Why a vetting bar matters in 2026

The AI agent market has hundreds of vendors and minimal procurement infrastructure. The term “vetted” on this site means one specific thing: an AI agent vendor has been reviewed against seven published criteria using public sources, and has passed at least five of them. We are not a certified compliance auditor. We do not test agents in production. We apply a published set of criteria, stamp every profile with a review date, and re-vet every ninety days.

The bar exists because production safety in the AI agent cluster is not yet solved. Gravitee’s State of AI Agent Security 2026 survey of more than 900 executives and practitioners found that 88% of organisations had confirmed or suspected an AI agent security incident in the prior year. Red-team research through 2026 has shown that agents under adversarial conditions can be induced to take destructive actions and to disclose personally identifiable information through indirect prompt injection channels. A procurement bar that starts with SOC 2 Type II and ISO 42001 is not paranoia; it is a minimum for a board-defensible vendor shortlist.

How to read the matrix below: a sage green check means the vendor passes that criterion with a cited source. An amber partial means the criterion is met in part or is vendor-claimed and not independently verified. A red cross means the criterion is not met as of the last review date. Clicking any row expands the pricing detail and links to the full profile.

Master Vetting Matrix

16vendors × 7 criteria, sortable and filterable. Click any row to expand pricing detail.

Last reviewed April 2026
16 vendors shown
Passes criterionPartial / under reviewDoes not pass
VendorScoreSecurityReferencesPricingResidencyOutcomeTimeinMarketTeamVertical
7/7Customer Service
7/7Customer Service
7/7Customer Service
7/7Customer Service, Contact Center
7/7Contact Center
7/7Enterprise Search
WWriter
7/7Enterprise Search, Knowledge
AAnthropic Claude
7/7Engineering, Enterprise Search
HHarvey
7/7Legal
6/7Customer Service
6/7Sales
6/7Sales
6/7Sales
CCognition (Devin)
6/7Engineering
MMoveworks
6/7IT Service Desk
AAisera
6/7IT Service Desk, Customer Service

Additional Listed Vendors

These six vendors pass the bar and appear in the matrix above. Dedicated profile pages are deferred to the v1.5 quarterly pass.

Writer
enterprise search / knowledge
7/7
Certs: SOC2, ISO 27001, ISO27701, ISO 42001
Cognition (Devin)
engineering
6/7
Certs: SOC2
Gap: Missing ISO 42001 certification
Anthropic Claude
engineering / enterprise search
7/7
Certs: SOC2, ISO 27001, ISO 42001
Harvey
legal
7/7
Certs: SOC2, ISO 27001
Moveworks
it service desk
6/7
Certs: SOC2, ISO 27001
Gap: Missing ISO 42001 certification
Aisera
it service desk / customer service
6/7
Certs: SOC2
Gap: Missing ISO 42001 certification

Browse by Vertical

Customer Service
  • Intercom Fin
  • Decagon
  • Sierra
  • Cognigy
  • Forethought
Sales
  • Clay
  • Apollo.io
  • AiSDR
Engineering
  • Cognition (Devin)
  • Anthropic Claude
IT Service Desk
  • Moveworks
  • Aisera

Frequently Asked Questions

What does 'vetted' mean for an AI agent?+
On this site, 'vetted' means a vendor has been editorially reviewed against seven published criteria using public sources, and has passed at least five of them. We are not a certified compliance auditor. We apply a published set of criteria, stamp every profile with a review date, and re-vet quarterly. Buyers should verify all claims directly with vendors before purchasing.
Are AI agents safe for production use?+
Production safety in AI agents is not yet a solved problem. Gravitee's State of AI Agent Security 2026 survey (900+ respondents) found 88% of organisations had confirmed or suspected an AI agent security incident in the prior year. Red-team research through 2026 has shown agents under adversarial conditions can be induced to take destructive actions and disclose PII through indirect prompt injection channels. The vetting bar reduces but does not eliminate procurement risk.
Which AI agents are SOC 2 Type II certified?+
As of April 2026, all 16 listed vendors disclose a SOC 2 attestation on a public trust center (the security floor for listing). Several name a SOC 2 Type II report specifically, including Anthropic Claude and Decagon (both verified at their trust centers). At least one, Apollo.io, publicly states 'SOC 2' (audited by A-LIGN) without naming the report type, with the full report available on request, so confirm the current report type directly with each vendor. ISO 42001 (AI-specific governance) is certified by: Intercom Fin, Decagon, Sierra, Cognigy, Cresta, Glean, Writer, and Anthropic Claude. Source URLs are in each vendor profile and on the /sources page.
Should I trust an AI agent that doesn't publish pricing?+
Most enterprise AI agent vendors don't publish list prices. Pricing transparency is one of seven criteria here. A vendor with no public pricing and no triangulated range fails this criterion but may pass five others and qualify for listing. Intercom Fin ($0.99/resolution) and Clay ($185-$495/month) publish pricing. Decagon and Sierra use contact-sales with triangulated ranges from Vendr.
How do you vet an AI agent for reliability and provenance in regulated procurement?+
For regulated procurement in 2026, vet vendors against documented, dated evidence rather than marketing. This directory applies seven published criteria: SOC 2 Type II plus a relevant secondary certification (ISO 27001, ISO 42001, or AIUC-1); 3+ publicly named reference customers; public or triangulated pricing; an explicit data residency and training opt-out statement; an outcome accountability mechanism; 6+ months in production with paying customers; and a public team page with named founders. Every profile carries source URLs and a review date and is re-vetted quarterly, so each claim traces back to a dated public source. Vetting was last reviewed April 2026.

Key sources

trust.decagon.aisierra.ai/securitytrust.cognigy.comcresta.com/securityglean.com/securitytrust.anthropic.comtrust.harvey.aivendr.com/buyer-guidesaiuc.io (AIUC-1 standard)

Full source index at /sources. Methodology at /methodology.