Why we built HeimWall

In April 2023, Samsung engineers pasted proprietary source code into ChatGPT to help debug a chip bug. Confidential technical details left the building. The company banned external LLMs inside two weeks. Every security team in the Fortune 500 forwarded that article internally, and then the moment passed.

It didn't pass. It accelerated.

Three years later, Cursor has a million paying developers. Claude Code ships inside every major engineering org we've talked to. Copilot is a default checkbox. Windsurf is landing in the same seats. The median American software engineer uses three different AI coding tools in a single week, and most of them are logged into their personal accounts because the company is still debating which one to standardize on.

If you're a VP of Engineering or a CISO, you already know this. What you don't have is a single pane of glass for any of it.

The gap

When an engineer types into ChatGPT through a browser, a classic DLP tool like Nightfall or Symantec has a chance of catching the outbound request. The surface has been inspected for twenty years. But Cursor isn't a browser. It's a desktop app talking to a model over a WebSocket with proprietary framing. Claude Code is a CLI running inside a terminal. Copilot Chat lives inside VS Code's own IPC. Windsurf proxies through its own cloud. The shape of the signal is different. The tools that caught ChatGPT don't catch these.

More subtly: each of those products has shipped its own native admin controls. Cursor has a workspace dashboard. GitHub Copilot has a compliance pane. Claude Code has enterprise logging. Every one of them is tool-specific. If your team uses three, you need three dashboards, three policy surfaces, and three mental models, and none of them talk to each other. The cross-tool view is nobody's job.

That's the gap HeimWall was built for.

What we're actually building

HeimWall is a 15-megabyte desktop agent that sits locally next to the AI coding tools your engineers already use, plus a manager dashboard in the cloud. When a prompt is composed, the agent inspects it on the engineer's own machine. Rule engine plus a small on-device ML classifier, both running in under 50 milliseconds p95. What leaves the machine is a categorization, not a body. "This prompt at 14:02 contained what looked like an AWS key": yes. "Here's the prompt": no. The raw text never leaves the engineer's laptop by default. That's not a configuration flag we ship on; it's a default we built the architecture around.

The manager side is a weekly safety score per team, a category breakdown (Secret, PII, Proprietary Code, Customer Data), a trend line, and a list of Friday coaching moments. It is deliberately not a wall of prompts. It is deliberately not a leaderboard.

If you need to see the actual text of a specific prompt during an incident, Investigation Mode exists. It requires a second-factor step-up, a written justification of at least 50 characters, automatic notification to the affected engineer within an hour, and a 24-hour time-box. Every action is audit-logged. It is not a browsable view of your team; it is a break-glass tool for when something has gone wrong.

What we will not do

We are a security product for engineering organizations, not a surveillance product for engineering managers. That line isn't marketing. It's in the contract.

Every customer MSA HeimWall ships will contain a clause prohibiting use of safety scores or flag history in performance reviews, promotion decisions, or compensation decisions. Every page of the manager dashboard carries a non-dismissible banner restating that clause. If a customer uses HeimWall data to make an HR decision, they are in material breach of their agreement with us, and we will terminate the contract.

We chose this because the alternative is a product that engineers sabotage. Engineers are smart. If you install software that watches everything they type and feeds it to their manager's performance review, they will find a way around it inside a week. They'll use their phone, their personal laptop, a different tool, or they'll leave. You end up with less visibility, not more.

Observability is the product. Coaching is the outcome. Surveillance is the word we choose not to be.

Why now

Three things changed in 2025 that made this category real.

First, adoption went over the line. When a tool sits at single-digit percent of engineers, security treats it as a curiosity. When it crosses fifty percent (and Cursor + Claude Code + Copilot collectively did that in 2025) it becomes the critical path. Enterprise buyers stopped asking whether they'd need AI coding governance and started asking how fast they could get it.

Second, the tools stopped being fungible. Early on, Cursor and Copilot were interchangeable enough that a company could "pick one" and govern it with native controls. The last eighteen months have turned every major tool into its own workflow surface with its own data lake and its own telemetry model. Cross-tool observability is no longer a nice-to-have. It's the only way to make consistent policy decisions.

Third, regulators showed up. California AB 1651 requires written disclosure for electronic monitoring. The EU AI Act draft covers workplace AI deployment. SEC cybersecurity disclosure rules now expect tool-by-tool incident reporting. None of these are satisfied by "we use Cursor and we trust our engineers." A compliance story requires a measurable signal.

Where this goes

We're shipping a macOS-first private beta in the coming weeks. US B2B engineering teams, 200–5,000 engineers, Apple Silicon + Intel. Windows is on the sixteen-week horizon. Linux lands after Demo Day. We're deliberately narrow. We'd rather be the best AI-coding observability tool on the three platforms where your engineers actually write code, than the third-best generalist on all of them.

Join the waitlist. We'll reach out to the first cohort of design partners personally. Enterprise prospects who want to talk about SOC 2 progress, on-prem, or BYOK can email founders@heimwall.ai and we'll set up a call.

The engineering teams we've already spoken to are tired of guessing. Let's fix the guessing problem.