PRIVATE BETA — Q3 2026

Security your engineersactually own.

Intelligent Detection-as-code, AI-assisted triage, and Threat Intelligence.

Free beta access for early users.
£49/month founding access includes early features + locked pricing forever.

Become founding team (£49) →
The problem

You know the risk.
AI has changed the game

01

AI didn't just change how you build. It's changed how you get attacked.

Automated vulnerability scanning, AI-generated phishing, credential stuffing at scale — the threat surface your team faces in 2026 is categorically different from two years ago. Manual reviews can't keep pace. Your defence needs to be as automated as the attack.

02

Your logs are evidence. Nobody's reading them.

Thousands of auth events, network connections, and process executions generated every day. All of it sitting in files no one opens until after the breach.

03

You caught the last incident by accident.

Someone noticed something unusual in a Slack alert. Maybe. There's no version-controlled detection logic, no audit trail — just institutional knowledge in one engineer's head and luck that's running out slowly.

04

Enterprise deals are stalling on security questions.

SOC 2, ISO 27001, GDPR audit trails. Your sales cycle now includes a 40-page security questionnaire. You need proof of active monitoring, not a paragraph in your docs.

05

The tools your team ships with are now attack surfaces.

GitHub, Vercel, CI pipelines — the breaches hitting developer infrastructure aren't abstract anymore. Your team uses these tools every day. When the supply chain is the vector, you need detection that understands how developers actually work.

06

SIEMs are built for teams you don't have.

Splunk and Chronicle are priced for enterprises with dedicated analysts and six-figure budgets. You need something that works for a team of engineers who have other jobs to do.

Where you are

The gap every
growing team falls into.

Security anxiety doesn't hit at the same size for everyone. Some teams feel it at ten people, some at fifty. The exposure curve doesn't wait for your headcount.

Founder
1–3 people

Security is a password manager and a prayer. Acceptable — the surface is small.

You are here
Early Team
4–15 people

Engineers own everything. Security is whoever noticed the Slack alert. Still getting away with it.

Obsidian Blue sits here →
You are here
Growing Fast
15–80 people

Real customers. Real data. Real attack surface. No security function. This is where incidents happen.

Obsidian Blue sits here →
You are here
Scaling
80–200 people

First security hire. Compliance pressure mounting. Choosing a SIEM. Budget conversations starting.

Obsidian Blue sits here →
Enterprise
200+ people

Dedicated SOC. Six-figure tooling. Splunk contracts. Not your problem yet.

Obsidian Blue / triage-result / alert_id: a594966a
ESCALATE — confidence 0%
185.220.101.1
confidence0%
// enrichment signals
AbuseIPDBabuse_confidence_score100w:0.6
VirusTotalmalicious_engines14/94w:0.5
GreyNoiseclassificationmaliciousw:0.4
AI
LLM analysis
Known Tor exit node flagged critical across 3 independent sources. Immediate escalation recommended.
explainability first

Every decision
fully explained

Obsidian Blue doesn't just flag threats — it shows you exactly why and up-skills you. Every triage decision comes with the signals that contributed, the confidence score, and an AI-generated summary your team can act on immediately.

  • Multi-source, enrichment intel operating in parallel

    E.g AbuseIPDB, VirusTotal, and GreyNoise queried simultaneously — results in under 500ms.

  • 🎯

    Deterministic rules before AI

    Clear-cut cases resolved instantly. LLM called only for ambiguous signals — keeping costs low and speed high.

  • 🔒

    AI reliability layer

    Confidence thresholds, fallback logic, and full audit trail. No black box decisions.

  • 📋

    Human override with feedback loop

    Analyst decisions feed back into detection quality. The system gets smarter over time.

The pipeline

From log line
to decision.

01
Log Collection
Every event, from every surface

SSH, web servers, cloud audit trails, GitHub webhooks — normalised to a common schema automatically. File tail, syslog, and webhook ingestion without custom integrations.

beta
02
Detection Rules
Your engineers write and own the rules

YAML-defined detections your team versions and ships like code. Brute force, privilege escalation, port scans — and anything specific to your stack.

beta
03
Alert Pipeline
Nothing gets missed

Every matching event processed with a full audit trail. No silent failures, no dropped alerts.

beta
04
Threat Intel
Context on every indicator

IoCs enriched against various sources of intelligence in parallel to provide context to your detections. Embedded in every triage result.

beta
05
AI Triage
Signal from noise, automatically

Deterministic rules handle the clear cases. LLM classification handles the ambiguous ones. Every decision explained — not just a score.

beta
06
Notifications
Your team knows the moment it matters

Escalations fire to Slack, PagerDuty, or email automatically. The alert, the confidence score, the AI summary — delivered where your team already works.

planned
07
Rule Intelligence
Detections that improve themselves

Pattern mining on historical alerts surfaces detection gaps and false positive rates. AI-suggested rules based on what your stack actually sees — not generic templates.

planned
Early access program

Get early access
before everyone else.

Demos coming soon · Sign-ups receive product updates as we ship

Become founding team (£49) →

Free beta access · or £49 founding rate (locked forever) · limited to 100 teams