Skip to content
Pricing

Detection is free. Enforcement is the product.

The source-available core detects, reacts, and advises the agent, free forever. Active Defence is for production: a hijacked agent physically cannot run what you didn't pre-authorize, and it cannot switch the guard off. You pay to turn “detected” into “impossible.”

Free

$0
forever · self-hosted · source-available

See everything. Stop a single agent.

  • 82 detectors, correlation, eBPF sensor, on-device Warden model
  • Reactive response: block IP, kill process, suspend user, honeypot
  • AI-agent guardrail (advisory): check-command, MCP proxy, taint tracking
  • Arm the Execution Gate on one agent (observe → rehearse → enforce), no licence needed
  • Hash-chained audit + off-host anchor CLI
  • Local dashboard, alerts (Telegram/Slack/webhook), SIEM (CEF)
Install free

Active Defence

$50
per protected agent / month · billed $600 annually · auto-renews · cancel anytime

Make it kernel-impossible, not just detected.

  • Always-on Execution Gate across every agent: nothing runs unless pre-authorized
  • Agent-scoped enforce, lock each agent's process tree, host untouched
  • DNS Guard enforce: malicious domains never resolve
  • Anti-tamper watchdog: integrity + stealth, survives a root attacker
  • Managed allowlist + curated policy
  • Everything in Free

Enterprise

Custom
annual · let's scope it together

Fleet, compliance, and sovereignty, with a human on call.

  • Fleet: multi-host + per-tenant attribution (k8s pod → tenant)
  • Signed off-host audit anchors (auditor-grade tamper evidence)
  • Air-gapped / sovereign deployment, no cloud dependency
  • SSO, priority support, SLA, onboarding
  • Compliance mapping (ISO 27001, MITRE Navigator export)
  • Everything in Active Defence
Talk to us

Platform / OEM

Let's talk
embed licensing

Ship the guardrail inside your agent product.

  • Embed the kernel guardrail in the runtime you ship to customers
  • One integration protects every workload you deploy
  • Per-tenant attribution + pod-scoped enforcement built in
  • Co-engineering + a direct line to the people writing the eBPF
  • Volume / revenue-share licensing
Become a design partner

Active Defence is priced per protected agent (per registered agent slot) for single-box and small deployments, so it maps to the unit of risk: one rogue agent is the incident. Fleets with many short-lived agents per node are priced per node instead, and enterprise deployments are scoped as a contract. Talk to us and we'll fit the meter to how you actually run agents.

What moves a team from free to paid

The upgrade trigger is never “detect better.”

Free already enforces reactively and runs the full advisory guardrail. Teams pay for one of three things:

Make it impossible, not just detected

Free blocks reactively and can arm the gate on one agent. Paid keeps enforcement always-on across every agent and adds a watchdog a root attacker cannot switch off.

Prove it to someone

An auditor, a customer's security review, a cyber insurer. Signed off-host audit anchors turn a local record into third-party tamper-evidence.

Don't operate it alone

Curated policy, a managed allowlist, fleet aggregation, SLA, and support, for teams that need the outcome without running the machinery.

Who runs which, by situation

Free vs Active Defence, per real scenario

SituationRuns freePays when…
Claude Code for staff on KubernetesAdvisory guardrail + per-tenant attribution + per-pod detectionPer-pod enforce (unknown binary impossible) + fleet console + support
OpenClaw on a VM (single box)Guardrail + check-command + detectionArmed gate (kernel denies) + anti-tamper watchdog
CI runner running an agent on PRsAdvisory check-command on every commandActually block exec of non-allowlisted binaries in the runner
Cursor on a senior dev's Linux workstationGuardrail + local detection (the right fit)Usually stays free, and that is fine
Long-running autonomous agent (Devin-like)Hash-chained audit + advisoryEnforce while it runs unattended + signed audit of what it did
Remediation agent that touches prodReactive skills (block/kill, reversible) + advisoryPre-authorization (agent runs only the approved set) + audit
Agent with access to a customer DBDetection + advisoryDNS Guard enforce (exfil domain won't resolve) + egress lockdown
Vendor building an agent platformn/aAlways licensed, embed the enforcement in their product (OEM)
Team using 10 third-party MCP serversMCP proxy advisory + taint tracking (alert)Proxy in guard/kill mode blocking tool-poisoning, managed
Regulated fintech / healthcareLocal audit + anchor CLISigned off-host anchor (auditor tamper-evidence) + enforce + SLA
Defence / gov, air-gappedEverything local (detection + advisory)Enforce + stealth watchdog + sovereign support (pays the most)
Solo dev / small team, exposed VPS, no SOCFull EDR, block IP, honeypot (free forever)Almost never, and the free tier is complete on its own
Design Partner Program

The first partners don't pay list price.

We are taking a small number of design partners onto Active Defence at a steep discount (or free) in exchange for a logo, a case study, and direct feedback that shapes the roadmap. You get the founding team on your threat model, and pricing locked in before the list price applies.

Start on the free core today
curl -fsSL https://www.innerwarden.com/install | sudo bash