Editorial notice: vettedaiagents.com is an independent editorial directory. Not affiliated with, endorsed by, or sponsored by any vendor named on this site. Vetting is editorial, not compliance certification. Verify all claims directly with vendors before purchasing. Vetting last reviewed April 2026
VettedAIAgents
Vol. I — April 2026 — vettedaiagents.com

Vetted AI Agents in 2026: 16 Vendors That Pass the Bar, Vetting Criteria Published

Independent editorial directory. Seven criteria: SOC 2 / ISO 42001 / public references / pricing transparency / data residency / outcome accountability / time in market and named team. Curated, sourced, dated, quarterly re-vetted.

16
Vendors Listed
4 on watchlist
7
Criteria Applied
Pass bar: 5 of 7
8
ISO 42001 Certified
as of April 2026
Apr 2026
Vetting Reviewed
Next: July 2026

The 7-Criterion Vetting Framework

#1
Security Certifications
SOC 2 + ISO 42001 / AIUC-1 or equivalent
#2
Public References
3+ named customers, publicly cited
#3
Pricing Transparency
Public pricing or triangulated range
#4
Data Residency
Explicit residency + training opt-out
#5
Outcome Accountability
Outcome pricing or published benchmarks
#6
Time in Market
6+ months production, 10+ customers
#7
Team Composition
Named founders + engineering lead
Read the full criteria manifesto →

Why a vetting bar matters in 2026

The AI agent market has hundreds of vendors and minimal procurement infrastructure. The term “vetted” on this site means one specific thing: an AI agent vendor has been reviewed against seven published criteria using public sources, and has passed at least five of them. We are not a certified compliance auditor. We do not test agents in production. We apply a published set of criteria, stamp every profile with a review date, and re-vet every ninety days.

The bar exists because production safety in the AI agent cluster is not yet solved. Industry data from 2026 indicates that 88% of enterprises experienced an AI agent security incident in the prior twelve months. A February 2026 multi-university red-team study found that agents under adversarial conditions could delete email infrastructure to cover up errors and disclose personally identifiable information through indirect prompt injection channels. A procurement bar that starts with SOC 2 Type II and ISO 42001 is not paranoia; it is a minimum for a board-defensible vendor shortlist.

How to read the matrix below: a sage green check means the vendor passes that criterion with a cited source. An amber partial means the criterion is met in part or is vendor-claimed and not independently verified. A red cross means the criterion is not met as of the last review date. Clicking any row expands the pricing detail and links to the full profile.

Master Vetting Matrix

16vendors × 7 criteria — sortable and filterable — click any row to expand pricing detail

Last reviewed April 2026
16 vendors shown
Passes criterionPartial / under reviewDoes not pass
VendorScoreSecurityReferencesPricingResidencyOutcomeTimeinMarketTeamVertical
7/7Customer Service
7/7Customer Service
7/7Customer Service
7/7Customer Service, Contact Center
7/7Contact Center
7/7Sales
7/7Sales
7/7Enterprise Search
WWriter
7/7Enterprise Search, Knowledge
AAnthropic Claude
7/7Engineering, Enterprise Search
HHarvey
7/7Legal
6/7Customer Service
6/7Sales
CCognition (Devin)
6/7Engineering
MMoveworks
6/7IT Service Desk
AAisera
6/7IT Service Desk, Customer Service

Additional Listed Vendors

These six vendors pass the bar and appear in the matrix above. Dedicated profile pages are deferred to the v1.5 quarterly pass.

Writer
enterprise search / knowledge
7/7
Certs: SOC2, ISO 27001, ISO27701, ISO 42001
Cognition (Devin)
engineering
6/7
Certs: SOC2
Gap: Missing ISO 42001 certification
Anthropic Claude
engineering / enterprise search
7/7
Certs: SOC2, ISO 27001, ISO 42001
Harvey
legal
7/7
Certs: SOC2, ISO 27001
Moveworks
it service desk
6/7
Certs: SOC2, ISO 27001
Gap: Missing ISO 42001 certification
Aisera
it service desk / customer service
6/7
Certs: SOC2
Gap: Missing ISO 42001 certification

Browse by Vertical

Customer Service
  • Intercom Fin
  • Decagon
  • Sierra
  • Cognigy
  • Forethought
Sales
  • Clay
  • Apollo.io
  • AiSDR
Engineering
  • Cognition (Devin)
  • Anthropic Claude
IT Service Desk
  • Moveworks
  • Aisera

Frequently Asked Questions

What does 'vetted' mean for an AI agent?+
On this site, 'vetted' means a vendor has been editorially reviewed against seven published criteria using public sources, and has passed at least five of them. We are not a certified compliance auditor. We apply a published set of criteria, stamp every profile with a review date, and re-vet quarterly. Buyers should verify all claims directly with vendors before purchasing.
Are AI agents safe for production use?+
Production safety in AI agents is not yet a solved problem. Industry reporting from 2026 indicates 88% of enterprises had experienced an AI agent security incident. A February 2026 multi-university red-team study found agents could delete email infrastructure to cover errors and disclose PII through indirect channels. The vetting bar reduces but does not eliminate procurement risk.
Which AI agents are SOC 2 Type II certified?+
As of April 2026, all 16 listed vendors have disclosed SOC 2 Type II attestations. ISO 42001 (AI-specific governance) is certified by: Intercom Fin, Decagon, Sierra, Cognigy, Cresta, Glean, Writer, and Anthropic Claude. Source URLs are in each vendor profile and on the /sources page.
Should I trust an AI agent that doesn't publish pricing?+
Most enterprise AI agent vendors don't publish list prices. Pricing transparency is one of seven criteria here. A vendor with no public pricing and no triangulated range fails this criterion but may pass five others and qualify for listing. Intercom Fin ($0.99/resolution) and Clay ($185-$495/month) publish pricing. Decagon and Sierra use contact-sales with triangulated ranges from Vendr.

Key sources

trust.decagon.aisierra.ai/securitytrust.cognigy.comcresta.com/securityglean.com/securitytrust.anthropic.comtrust.harvey.aivendr.com/buyer-guidesaiuc.io (AIUC-1 standard)

Full source index at /sources. Methodology at /methodology.