agri.whisper.online · pricing

Security you pay more for the moment you're attacked is priced backwards.

Usage-metered tooling bills per API transaction, per query, per analyst seat, so the invoice climbs as your fleet grows and spikes exactly during the incident, when you can least afford to ration a hunt. Against always-on telematics from every machine in the field, a meter is a number you cannot forecast, and farming already carries enough per-acre, per-season line items nobody can predict.

We price the other way. Flat, per-machine, per year: not per transaction, per query, per seat, or per acre. Keyless verify is free forever, attribution is never metered. One line item you can forecast, and defend to your CFO.

whisper verify --trustless costs nothing and needs no account: our own API is not in the trust path.

$0 Keyless verify, resolve and back-trace: free forever, no account
One flat per-machine/year figure: not per-transaction, per-query or per-seat
0 usage meters on attribution: never ration a hunt mid-incident
1 owner-thrown revoke replaces a fleet lockout
$11M the ransom one food processor paid: the exposure you forecast against
~2× ransomware against food & agriculture roughly doubled in 2025

A meter that climbs with your fleet, and spikes when you're attacked, isn't a price. It's a risk.

Two curves. One rises with every machine you add, every API call, every query your analysts run chasing a rotating adversary, and peaks precisely during the incident. The other is a flat line you set once and forecast for years.

annual cost → fleet growth · API volume · incident load → usage-metered per transaction · per query · per seat under attack ↓ billed most exactly when it hurts most Whisper · flat per-machine / year set once · forecast for years · attribution never metered the overage a flat price never charges
Flat means the number you sign this year is the number you defend in every budget after. The meter you don't pay is the whole point.

Per-machine, not per-transaction

Priced to the thing you actually govern, the machine, so a busy season or a noisy incident never moves the invoice. Add a machine line, extend a program, weather an attack: the figure holds.

Attribution is never metered

Run identify, walk, history and Cypher as hard as an incident demands. No per-query tax means your analysts never ration a hunt while a rotating adversary keeps working.

Additive, not another bill

It sits on top of the SOC, SIEM and threat-intel you already own as a feed: no per-analyst-seat licence, no data-egress fee, no new console to staff.

Start keyless and free. Prove it on a slice. Roll it across the fleet, flat the whole way.

POC → pilot → enterprise, exactly the path a security program buys on. Every tier speaks the same address-is-identity primitive; you're only widening how much of the fleet it covers, never re-platforming.

Verify

Free, forever

$0

No account. No card. No key.

The keyless half of the platform: trustless and anchored at the IANA root, our API never in the path:

  • whisper verify --trustless any machine identity
  • Resolve and reverse-resolve a /128, read its RDAP
  • Back-trace a suspicious /128 to the machine behind it: reverse-DNS + RDAP, no key
Pilot

Flat engagement

Fixed scope

A bounded fleet slice, time-boxed, one flat price.

Everything in Verify, keyed to a defined machine count so a program owner can prove value before the board:

  • Provision machine identities from the device key for the slice
  • Full attribution graph: unmetered during the pilot
  • Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel today (STIX 2.1 / TAXII on the roadmap)
  • ISO 24882 / Data Act evidence export · Ag Data Transparent trail
Fleet

Flat per-machine / year

Fleet quote

One rate, quoted to your fleet size. It doesn't move.

The whole program, all three planes, across every machine: the way a CISO buys defence-in-depth:

  • Identity, attribution graph and agent governance, fleet-wide
  • Unlimited attribution: no per-query meter, ever
  • On-prem or your own tenant: data sovereignty by construction
  • Enterprise support and SLA, supplier interface agreements

Why a quote, not a sticker. A fleet price is one number, but the right number depends on fleet size, on-prem vs tenant, and the standards evidence you need, so we quote it flat and in writing, and it holds for the term. No usage true-ups, no surprise line at renewal. Get a fleet quote →

The same platform, at three widths. Nothing behind the paywall is the security itself.

The keyless verification a farmer, a regulator or a researcher needs to check a machine's identity is free at every tier, on principle. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify.

CapabilityVerifyPilotFleet
Trustless verify / resolve / RDAP (whisper verify --trustless)
Trace a /128 to the machine behind it (reverse-DNS + RDAP)
Full attribution graph (identify, origins, walk, history, Cypher)fleet sliceunlimited
Machine-identity provisioning (register /128, DANE-EE, revoke)fleet slicefleet-wide
Agent governance (per-agent /128, policy, op:logs)fleet slicefleet-wide
SIEM feed: Splunk & Microsoft Sentinel connectors today · CEF/ECS
ISO 24882 / Data Act evidence · Ag Data Transparent trail
On-prem / own tenant (data residency, sovereignty)
Enterprise support & SLA · supplier interface agreementspilot support
Metered by usage (per transaction / query / seat / acre)nevernevernever

The ROI isn't a promise: it's four costs the flat line takes off your books.

A predictable figure is only half the case. The other half is what it removes: analyst hours, incident blast radius, audit effort, and re-platform risk.

Analyst hours you stop burning

Correlating a rotating, meaningless last IP across Amazon, Google and Azure is manual, and it never converges. The graph collapses the rotation to one operator with a replayable evidence chain: the hours go back to your SOC, and the meter never punishes them for looking harder.

Harvest-window exposure

Agriculture's incidents land on a calendar: a ransomware attack halted an equipment maker's production in planting season 2022, and one processor paid $11M with a fifth of US meat behind it. Catching fleet-scale abuse before it becomes a seasonal outage is the difference between a revoke and a lost window: a flat line item hedges a variable-cost catastrophe.

One revoke, not a fleet lockout

A compromised machine is revoked worldwide at DNS-TTL speed: no fleet-wide credential reset, no dealer-network scramble, and the act is owner-thrown and publicly verifiable, never a covert lockout. The blast radius is one leaf key, never a shared root.

Audit effort you don't repeat

Findings arrive already mapped to ISO 24882 and Data Act evidence, with the per-identity who-accessed-what trail Ag Data Transparent presupposes. The compliance artefact is a byproduct of the tool, not a separate consulting line.

Re-platform risk you avoid

Agtech point solutions fold and strand their fleets. Whisper is real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Longevity is the cheapest line in any TCO.

No shadow costs at renewal

No per-transaction true-up, no per-seat creep as your SOC grows, no data-egress fee. What you forecast in year one is what you sign in year three: the number a CFO can actually plan around.

A pricing model can be an attack surface. Ours isn't.

If security is metered, an adversary can run up your bill, and a defender rations their own hunt. We priced those failure modes out.

"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"

Never. The graph is unmetered on the keyed tiers: identify, walk, history and Cypher run as hard as the hunt demands. There is no per-query line for an attacker to inflate and none for a defender to fear.

"Does my bill spike when I'm under attack, or just when my fleet grows?"

Neither. The price is per-machine, set once, for the term. A traffic flood, an enumeration campaign, or adding a machine line moves your risk; it doesn't move the invoice. The meter that would have peaked during the incident simply doesn't exist.

"Is the free tier a real capability or a trap that expires into a sales call?"

Real, and permanent. Keyless verify is anchored at the IANA root: our own API is not in the trust path, so we couldn't gate it if we wanted to. Verifying a machine's identity is a public check, and a farmer's right to check their own machine is exactly the kind of thing that should never carry a price.

Straight answers, before the call.

BILLING

What exactly is metered?

Nothing by usage. You pay a flat rate per machine, per year. No per-API-transaction charge, no per-query graph fee, no per-analyst seat, no per-acre premium, no data-egress bill. The only variable is how many machines the program covers.

ENTRY

Can I try it without procurement?

Yes: the Verify tier is free and needs no account. Run whisper verify --trustless today; resolve, reverse-resolve and read RDAP for any /128, no key. When you're ready to provision, a Pilot is a fixed, time-boxed engagement on a fleet slice.

GROWTH

What happens when my fleet grows?

The per-machine rate holds; the total scales linearly and predictably with machine count, quoted in writing for the term. No usage true-up, no renewal surprise, no penalty for a busy season or an attacked fleet.

STACK

Is this on top of my SIEM cost?

It's a feed into the SIEM and threat-intel you already run: the Splunk and Microsoft Sentinel connectors ship today. Not a replacement and not a second console to staff. It makes the tools you already pay for sharper.

RESIDENCY

On-prem or hosted?

Either. The Fleet tier runs on-prem or in your own tenant, so the graph and per-agent logs stay where your regulator, and your growers, need them: data residency and sovereignty by construction, at no metered premium.

EXIT

What if I stop?

Identities are DNSSEC/DANE objects you can verify independently, and evidence exports are open formats (CEF, ECS; STIX on the roadmap). There's no proprietary lock on your own attestations, your growers' access records, or your compliance file.

Flat depth on top of the stack you already run: it doesn't replace a line, it de-risks the whole one.

You already pay for a behavioural SOC, a SIEM, and a threat-intel subscription, and you should keep them: Whisper is additive to all three. Where a rigid module bundle makes you buy packages you don't need and a per-transaction cloud makes the bill unforecastable, a flat per-machine line adds the two layers no one else owns, attribution across rotating clouds and forge-proof identity after auth, without a meter and without a new silo.

Pricing modelForecastable?Meter spikes under attack?
Per-API-transaction / usage-metered cloudhardyes
Rigid multi-module bundle (six-figure floor)partlyn/a: over-scoped
Whisper: flat per-machine / yearyesno

It makes the Recorded Future, Mandiant and Sentinel investments you already carry sharper, as a machine-readable feed, not a thing they compete with. See the full comparison →

One flat number. Every machine, covered.

Keyless verify is free forever: start there, no account. When you're ready, a fleet quote is one flat per-machine/year figure you can forecast and defend. No meter, no surprise at renewal.

Or run whisper verify --trustless right now: it costs nothing.