The AI-native, edge-first security platform.
100+ scanners, AI red-team, closed-loop auto-heal, and a full bug-bounty platform — running on Cloudflare's edge in three deployment modes: cloud SaaS, customer-Cloudflare, or air-gapped sovereign.
100+ scan engines on the edge
Headers · TLS · DNS · CSP · CORS · auth-replay · JWT · SAML · OIDC · GraphQL · path-traversal · SSRF · log4shell · WebAuthn · CSPM · Nuclei runtime · SPA crawler. All run in seconds.
Closed-loop auto-heal
Findings flow into tk-heal via service binding. Blast-radius scored, idempotency-keyed, budget-bounded. Safe actions auto-execute; risky ones escalate to humans.
Bug-bounty platform
Programs · scope-in/out · reward tables · Hall of Fame · researcher tokens · threaded comms · scope auto-validation · duplicate detection · 10-state triage FSM · retest workflow · R2-stored proof of concept · CVE-style disclosure feed.
STIX 2.1 + SARIF 2.1.0 + CycloneDX + CSAF + VEX
Findings export straight to GitHub Code Scanning, GitLab Vulnerability Report, SonarQube, MISP, OpenCTI. CycloneDX SBOM + CSAF 2.0 advisories + VEX exploitability — required for EU CRA 2027.
Three deployment modes
Cloud SaaS for individuals and teams. Customer-Cloudflare for enterprises. Sovereign workerd for EU governments, banking, classified — fully air-gapped, offline-verifiable signed rule packs.
Post-quantum-ready
Rule packs signed with Ed25519 today, Dilithium plug-in for sovereign mode tomorrow. Trust store via Worker secret. Verify offline with no network call.