Live

cyron.io

Kernel-level API security

cyron.io detects the API attacks that look like normal traffic. It runs at the Linux kernel with eBPF, mirrors your requests out of band, and adds zero latency to the live path. Deploy in under ten minutes and see your first findings the same day.

Start free See pricing

How it works

Three steps to live protection.

1. Run one container

Pull the iris agent and start it with a single command. No SDK, no code changes, no application restart.

2. It learns your normal

The agent discovers your active endpoints and quietly builds a behavioral baseline over the first 24 hours.

3. Threats get caught

Anomalies are flagged in about 2 ms and can be blocked at the kernel. Every incident comes with a plain-English report.

What it catches

Attacks that pass a firewall but should not pass you.

cyron.io reads payload intent and behavior, so it sees abuse that signature matching never will.

Business logic fraud

Checkout enumeration, coupon abuse and inventory manipulation, caught by how the API is used, not just what is sent.

Account takeover

Credential stuffing and account enumeration spotted from behavioral patterns across sessions.

Data exfiltration

Object-level authorization breaches and abnormal data pulls flagged before they become a breach you report.

Sensitive data exposure

Scanning that surfaces secrets and regulated data leaking through API responses.

Shadow and drifting endpoints

Automatic discovery keeps an honest inventory of every active endpoint, including the ones nobody documented.

Forensics on demand

System 2 Thinking applies LLM reasoning to ambiguous incidents and writes an explanation a human can act on.

Standards coverage

OWASP API Security Top 10

cyron.io maps detection across the categories that drive real API breaches.

Risk area	OWASP categories	Covered
Data theft and exfiltration	API1, API3, API6	Yes
Account takeover	API2, API5	Yes
Business logic fraud	API4, API6	Yes
Infrastructure disruption	API4, API7	Yes
Compliance exposure	API9	Yes

Architecture

It never sits in your way.

Live API traffic is never routed through Cyron. The agent captures a kernel-level copy with eBPF and analyzes it out of band, so a problem in the analyzer can never slow or break your production path.

Zero added latency to the live request path
Raw payloads are never stored, only metadata and patterns
EU hosting, with on-premise and air-gapped options
SIEM-ready webhooks and exportable, timestamped forensic logs

Works with your WAF, not instead of it

A web application firewall blocks known patterns inline at the edge. cyron.io reads intent and behavior out of band and catches the business logic abuse a WAF cannot see. Run both for defense in depth.

GDPR NIS2 PCI-DSS 4.0 HIPAA-compatible SOC 2 in progress

Pricing

Start free. Grow when you need to.

Annual billing saves two months. The 14-day trial unlocks every capability, no credit card required for the free plan.

Free

Free forever

Threat detection on HTTP, WS, gRPC
7 threat intelligence feeds
Sensitive data scanning

Lite

$15 /mo

$12/mo billed annually

Everything in Free
Kernel-level blocking
SIEM webhooks, endpoint discovery

Essential

$25 /mo

$21/mo billed annually

Everything in Lite
Behavioral intelligence
Credential stuffing and logic abuse

Standard

$65 /mo

$55/mo billed annually

Everything in Essential
System 2 Thinking
Forensic reports, protocol analysis

Premium

$165 /mo

$138/mo billed annually

Everything in Standard
Higher throughput
Priority email support

View full pricing and start a trial

Need on-premise, white-label or higher throughput? Talk to the cyron.io team for a custom plan.

FAQ

Questions teams ask first.

Does cyron.io add latency to my API?

No. The iris agent taps traffic at the Linux kernel with eBPF and analyzes a mirrored copy out of band. Your live request path is never proxied, so it stays exactly as fast as before.

Do I need to change my code?

No. There is no SDK, no library to import and no application restart. You run a single Docker container and it discovers your active endpoints automatically.

Which protocols are supported?

HTTP and REST, WebSocket, and gRPC with protobuf analysis.

Does it replace my web application firewall?

No, it complements one. A WAF blocks known patterns inline at the network edge. cyron.io analyzes payload intent and behavior out of band, catching business logic abuse a WAF cannot see. Most teams run both.

Where is my data processed?

Hosting is in the EU, and on-premise or air-gapped deployment is available. Raw payloads are never stored; only metadata and behavioral patterns are kept.

How much does it cost?

There is a free plan with no credit card required. Paid plans start at 15 USD per month for Lite, and a 14-day full trial unlocks every capability.

See your first findings today.

Spin up the free plan in under ten minutes, or talk to us about enterprise, on-premise and white-label.

Start free Talk to sales