Bastion is Now Live as an Official ChatGPT App

TL;DR

Bastion just shipped as an official ChatGPT app, the first security and compliance platform ever to do so. Your team can now query policies, prepare for audits, assign compliance tasks, and review controls directly inside the tool they already use every day, with a one-click secured connection to your Bastion workspace.

We're excited to announce that Bastion is now live as an official ChatGPT app, available directly inside ChatGPT to every customer.

To our knowledge, this makes Bastion the first security and compliance platform ever to launch as an official ChatGPT app. SOC 2, ISO 27001, GDPR, vendor reviews, policy management, and program oversight, all accessible from the chat window your team already has open.

This is a meaningful step for an industry that has historically forced compliance work into its own silo. Compliance lives where work happens now.

Why This Matters

Most compliance platforms ask your team to context-switch. Open a new tab, log into another dashboard, hunt down the right policy, copy something into Slack, then come back and update a ticket. Multiply that by every SOC 2 control, every vendor review, every onboarding, and you understand why compliance feels heavy even when the tooling is good.

We built the Bastion ChatGPT app because the workflow should follow the team, not the other way around. ChatGPT is already where engineers draft RFCs, where founders write investor updates, where ops teams answer security questionnaires. Putting Bastion inside that same surface removes the friction that turns compliance into a chore.

What You Can Do With It

The Bastion ChatGPT app brings the core of our platform directly into the conversation.

Interact With Your Policies

Ask ChatGPT a question and get an answer grounded in your own policies, not a generic LLM summary.

• "What's our incident response SLA for a P1?"
• "Summarize our access control policy for a new hire."
• "Does our vendor management policy cover sub-processors?"
• "Generate a customer-ready version of our security policy."

The app pulls from your live policy library inside Bastion, so the answer reflects what is actually in force at your company, not what was true six months ago.

Manage Your Security Program

Run program-level work from the chat surface your team already lives in.

• Check control status across SOC 2 and ISO 27001
• Surface failing or stale controls before your audit
• Review evidence freshness across your environment
• Ask for a readiness summary ahead of an audit kickoff
• Get a plain-English explanation of any control's current state

This is especially useful for founders and operators who want a real-time view of where the program stands without opening another tool.

Manage Teams and Workflows

The app handles the day-to-day operational work that normally requires four tabs and a Slack thread.

• Assign a risk assessment to an owner
• Trigger a vendor security review for a new tool
• Onboard or offboard a team member from your security policies
• Send policy attestation reminders to specific people
• Run a quick check on who has signed what

Everything is logged inside Bastion with full audit trails, so compliance teams keep the evidence they need without changing how anyone else works.

Built for Teams That Have Never Heard of MCP

We shipped the Bastion MCP server earlier this year for engineering-heavy teams who wanted to wire compliance into their own AI tooling.

This is different. This is for everyone else.

If your team is not running MCP, not building custom integrations, and frankly does not want to know what either of those things means, the ChatGPT app is for you. It ships as a point-and-click integration in the ChatGPT App Store, with a secured OAuth connection to your Bastion workspace.

Setup looks like this:

1. Open ChatGPT, search for Bastion in the app directory
2. Click install
3. Sign in to Bastion through the secured OAuth flow
4. Start asking questions

No engineering work, no infrastructure, no API keys floating around in a Notion doc. Your team is operational in under two minutes.

Designed for Security, Not Despite It

Putting compliance data inside a chat surface only works if the security model is right. Here is what we built in.

• Scoped OAuth access so every user only sees what their Bastion role permits
• No training on your data, ever, by configuration of the app
• Full audit logging inside Bastion of every action taken through the app
• Tenant isolation identical to the rest of the Bastion platform
• Revocable access from both ChatGPT and Bastion at any time

The same controls that earn our customers their SOC 2 and ISO 27001 reports also govern how the ChatGPT app touches your data.

Why We Did It

Our thesis at Bastion has always been that security and compliance only deliver value when they sit inside the actual workflow of the company. Off to the side, they become a tax. Embedded into the work, they become a multiplier.

Most companies we work with use ChatGPT every single day. Engineers, founders, sales, finance, ops. It is, for many teams, the single most used tool after their email client.

If your compliance program is not available where your team works, your team will not engage with it. They will postpone, work around it, or ask the security person to do everything. None of that scales.

Shipping inside ChatGPT means a sales rep can ask "what's our policy on customer data retention" without filing a ticket. A new hire can complete their security training prompts without a separate portal. An engineer can pull the right control evidence into a customer call in five seconds.

That is what we are unlocking with this launch.

What's Next

This is the first version of the Bastion ChatGPT app, and we already have a roadmap of capabilities lined up, including:

• Audit-ready evidence retrieval for any control
• Customer security questionnaire drafting, grounded in your real environment
• Risk register updates and review assignments
• Compliance KPI summaries for board reporting

We will be rolling these out over the coming months, and we will continue to follow the same principle: meet the team where they already work.

Get Started

Existing Bastion customers can connect the app today.

1. Open ChatGPT and search "Bastion" in the app directory
2. Click install and complete the secured OAuth flow with your Bastion account
3. Start asking your compliance program questions in plain English

Not yet a Bastion customer? Book a demo and we will show you how the ChatGPT app fits into a complete SOC 2 or ISO 27001 program.

Questions about the Bastion ChatGPT app or how to roll it out to your team? Contact us and we will help you get set up.