A per-message meter on a fleet you sized at design time is priced backwards.
Usage-metered device platforms bill per message, per operation, per MB, so the invoice climbs with every unit you ship and spikes exactly during the incident, when a hijacked fleet is chattiest and your analysts can least afford to ration a hunt. Hardware margins are set at BOM time; a meter is the one number you can't put on that sheet.
whisper verify --trustless costs nothing and needs no account: our own API is not in the trust path.
A meter that climbs with your fleet, and spikes when you're attacked, isn't a price. It's a risk.
Two curves. One rises with every unit shipped, every telemetry message, every query your analysts run chasing a rotating adversary, and peaks precisely during the incident. The other is a flat line you set once and forecast for years.
Per-device, not per-message
Priced to the thing you actually govern, the device, so a chatty firmware release or a noisy incident never moves the invoice. Ship a new SKU, grow the fleet, weather an attack: the figure holds.
Attribution is never metered
Run identify, walk, history and Cypher as hard as an incident demands. No per-query tax means your analysts never ration a hunt while a rotating adversary keeps working.
Additive, not another bill
It sits on top of the device cloud, SIEM and threat-intel you already own as a feed: no per-analyst-seat licence, no data-egress fee, no new console to staff.
Start keyless and free. Prove it on a product line. Roll it across the fleet, flat the whole way.
POC → pilot → enterprise, exactly the path a product-security program buys on. Every tier speaks the same address-is-identity primitive; you're only widening how much of the fleet it covers, never re-platforming.
Free, forever
$0
No account. No card. No key.
The keyless half of the platform: trustless and anchored at the IANA root, our API never in the path:
- ✓
whisper verify --trustlessany device identity - ✓ Resolve and reverse-resolve a /128, read its RDAP
- ✓ Check a DANE-EE pin from any client with a TLS stack: reverse-DNS + RDAP, no key
Flat engagement
Fixed scope
One product line, time-boxed, one flat price.
Everything in Verify, keyed to a defined device count so a program owner can prove value before the board:
- ✓ Provision device identities from the secure-element key for the line
- ✓ Full attribution graph: unmetered during the pilot
- ✓ Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel today (STIX 2.1 / TAXII on the roadmap)
- ✓ EU CRA / IEC 62443 / EN 303 645 evidence export
Flat per-device / year
Fleet quote
One rate, quoted to your fleet size. It doesn't move.
The whole program, all three planes, across every device: the way a CISO buys defence-in-depth:
- ✓ Identity, attribution graph and device governance, fleet-wide
- ✓ Unlimited attribution: no per-query meter, ever
- ✓ On-prem or your own tenant: data sovereignty by construction
- ✓ Enterprise support and SLA, supplier / ODM interface specs
Why a quote, not a sticker. A fleet price is one number, but the right number depends on fleet size, on-prem vs tenant, and the standards evidence you need, so we quote it flat and in writing, and it holds for the term. No usage true-ups, no surprise line at renewal. Get a fleet quote →
The same platform, at three widths. Nothing behind the paywall is the security itself.
The keyless verification a customer, a partner, a regulator or a researcher needs to check a device's identity is free at every tier, on principle. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify.
| Capability | Verify | Pilot | Fleet |
|---|---|---|---|
Trustless verify / resolve / RDAP (whisper verify --trustless) | ✓ | ✓ | ✓ |
| Trace a /128 to the device behind it (reverse-DNS + RDAP) | ✓ | ✓ | ✓ |
Full attribution graph (identify, origins, walk, history, Cypher) | – | product line | unlimited |
Device-identity provisioning (register /128, DANE-EE, revoke) | – | product line | fleet-wide |
Device governance (per-device /128, policy, op:logs) | – | product line | fleet-wide |
| SIEM feed: Splunk & Microsoft Sentinel connectors today · CEF/ECS | – | ✓ | ✓ |
| EU CRA / IEC 62443 / EN 303 645 evidence export | – | ✓ | ✓ |
| On-prem / own tenant (data residency, sovereignty) | – | – | ✓ |
| Enterprise support & SLA · supplier / ODM interface specs | – | pilot support | ✓ |
| Metered by usage (per message / query / MB / seat) | never | never | never |
The ROI isn't a promise: it's four costs the flat line takes off your books.
A predictable figure is only half the case. The other half is what it removes: analyst hours, incident blast radius, audit effort, and re-platform risk.
Analyst hours you stop burning
Correlating a rotating, meaningless last IP across Amazon, Google and Azure is manual, and it never converges. The graph collapses the rotation to one operator with a replayable evidence chain: the hours go back to your SOC, and the meter never punishes them for looking harder.
The rotation you can't do
When a shared credential leaks, the textbook answer is "rotate it": impossible across a fielded fleet without a recall-grade OTA campaign. With per-device identity the answer is one revoke for the affected unit, at DNS-TTL speed, publicly checkable. The catastrophic fix becomes a routine one.
One revoke, not a fleet event
A compromised device is revoked worldwide in one owner-thrown call: no CRL distribution, no coordinated firmware push, no support-line surge. The blast radius is one leaf key, never a shared root.
Audit effort you don't repeat
Findings arrive already mapped to EU CRA and IEC 62443 evidence, with the per-device who-talked-to-what record the frameworks presuppose. The compliance artefact is a byproduct of the tool, not a separate consulting line.
Re-platform risk you avoid
IoT platforms retire and strand their fleets; the migrations are measured in engineer-years. Whisper anchors identity in public DNS and registered address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Longevity is the cheapest line in any TCO.
No shadow costs at renewal
No per-message true-up, no per-seat creep as your SOC grows, no data-egress fee. What you forecast in year one is what you sign in year three: the number a CFO can actually plan around.
A pricing model can be an attack surface. Ours isn't.
If security is metered, an adversary can run up your bill, and a defender rations their own hunt. We priced those failure modes out.
"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"
Never. The graph is unmetered on the keyed tiers: identify, walk, history and Cypher run as hard as the hunt demands. There is no per-query line for an attacker to inflate and none for a defender to fear.
"Does my bill spike when a hijacked fleet gets chatty, or when I ship a popular product?"
Neither. The price is per-device, set once, for the term. A message flood, an impersonation campaign, or a strong quarter of sales moves your risk or your revenue; it doesn't move the invoice. The meter that would have peaked during the incident simply doesn't exist.
"Is the free tier a real capability or a trap that expires into a sales call?"
Real, and permanent. Keyless verify is anchored at the IANA root: our own API is not in the trust path, so we couldn't gate it if we wanted to. Verifying a device's identity is a public check, and a customer's right to check the device on their own network is exactly the kind of thing that should never carry a price.
Straight answers, before the call.
What exactly is metered?
Nothing by usage. You pay a flat rate per device, per year. No per-message charge, no per-query graph fee, no per-analyst seat, no per-MB premium, no data-egress bill. The only variable is how many devices the program covers.
Can I try it without procurement?
Yes: the Verify tier is free and needs no account. Run whisper verify --trustless today; resolve, reverse-resolve and read RDAP for any /128, no key. When you're ready to provision, a Pilot is a fixed, time-boxed engagement on one product line.
What happens when my fleet grows?
The per-device rate holds; the total scales linearly and predictably with device count, quoted in writing for the term. No usage true-up, no renewal surprise, no penalty for a strong sales quarter or an attacked fleet.
Is this on top of my device-cloud cost?
It's a layer on top of the enrollment and SIEM you already run: the Splunk and Microsoft Sentinel connectors ship today. Not a replacement and not a second console to staff. It makes the tools you already pay for sharper.
On-prem or hosted?
Either. The Fleet tier runs on-prem or in your own tenant, so the graph and per-device logs stay where your regulator, and your customers, need them: data residency and sovereignty by construction, at no metered premium.
What if I stop?
Identities are DNSSEC/DANE objects you can verify independently, and evidence exports are open formats (CEF, ECS; STIX on the roadmap). There's no proprietary lock on your own attestations, your device records, or your compliance file.
Flat depth on top of the stack you already run: it doesn't replace a line, it de-risks the whole one.
You already pay for a device cloud, a SIEM, and a threat-intel subscription, and you should keep them: Whisper is additive to all three. Where a per-message cloud makes the bill track your success and a rigid module bundle makes you buy packages you don't need, a flat per-device line adds the two layers no one else owns, attribution across rotating clouds and public, forge-proof identity after auth, without a meter and without a new silo.
| Pricing model | Forecastable at BOM time? | Meter spikes under attack? |
|---|---|---|
| Per-message / per-operation metered cloud | hard | yes |
| Rigid multi-module bundle (six-figure floor) | partly | n/a: over-scoped |
| Whisper: flat per-device / year | yes | no |
It makes the device-cloud, SIEM and threat-intel investments you already carry sharper, as a machine-readable feed, not a thing they compete with. See the full comparison →
One flat number. Every device, covered.
Keyless verify is free forever: start there, no account. When you're ready, a fleet quote is one flat per-device/year figure you can forecast and defend. No meter, no surprise at renewal.
Or run whisper verify --trustless right now: it costs nothing.