CyberCLI
Start Free →

Sovereign agentic AI SOC · v1 design-partner build

Your SOC.
Your AI.
Your audit chain.

Single-binary, on-prem agentic security operations. Wazuh + 23 open-source connectors. Local AI by default. Hash-linked audit chain. No cloud, no telemetry, no compromise.

Install on Linux · single binary · no daemon
$ curl -sSL https://cybercli.com/install.sh | sh
Start Free → Lock Founder Pricing — $299/yr
On-prem
100% sovereign · alerts never leave your environment
No telemetry
Zero callbacks · no usage beacons · ever
Audit chain
Hash-linked · append-only · exportable

What you get

Three properties no cloud SOC can offer.

01

Sovereign by default

Single-binary install. Your alerts never leave your network. Local Ollama auto-detected; BYOK frontier optional. Zero telemetry to us, ever.

02

OSS-extending, not OSS-locked

Built on Wazuh + 23 open-source connectors (Suricata, ClamAV, nginx, Falco, Keycloak, WireGuard, pfSense, and more). Add proprietary connectors on Pro.

03

Agentic, with a leash

Six-role Cyber Guild (Warden / Knight / Marshal / Herald / Scribe / Governor). Trust Ladder caps autonomy per action class. Every decision hash-chained and replayable.

The roster

24 open-source connectors. 6 proprietary on Pro.

We don't replace your tools — we orchestrate them. Free tier covers the full open-source roster. Pro adds the cloud-identity + EDR substrate that the major vendors gate behind enterprise pricing.

Free · OSS · 24 connectors
  • Wazuh
  • Suricata
  • Zeek
  • ClamAV
  • Falco
  • auditd
  • osquery
  • pfSense
  • OPNsense
  • CrowdSec
  • WireGuard
  • OpenVPN
  • nginx
  • Apache
  • Caddy
  • Traefik
  • HAProxy
  • Coraza
  • AdGuard Home
  • Pi-hole
  • OpenCanary
  • Cowrie
  • Trivy
  • Proxmox
Pro+ · proprietary · 6 connectors
  • Microsoft 365
  • Google Workspace
  • CrowdStrike
  • SentinelOne
  • Okta
  • UniFi
See the full matrix · MITRE ATT&CK coverage →

Cyber posture as a first-class signal

CYCON. Like DEFCON, for your network.

A 5-tier posture indicator the whole org reads at a glance. Operators see it in the dashboard chrome; executives see it on the status page. Engine-derived from live events — never set from a toolbar.

5
Steady Watch
Normal operations
4
Heightened Awareness
Increased intel watch
3
Elevated Risk
Force readiness up
2
Active Threat
Pre-incident posture
1
Maximum Defense
Incident in progress

Published pricing · no contact-sales gate

Cancel the $36k Darktrace invoice.

We publish every tier. Founder Pro locks $299/yr forever for everyone who signs up during the first year of public availability — across all future renewals, even after the window closes. Plex Pass for sovereign cyber.

Free

$0 /yr
10 endpoints
FIRST YEAR · LIFETIME LOCK

Founder Pro

$299 /yr · lifetime lock
50 endpoints

Pro

$500 /yr
50 endpoints

Business

$5,000 /yr
51–500 endpoints

Enterprise

from $25,000 /yr
unlimited endpoints
See full pricing → Why Founder Pro is locked for life