Who needs the data you’re missing?
Every audience has a different exposure. Every pricing model is published. Pick your role.
A vulnerability nobody is forced to disclose is a vulnerability that stays buried.
The people who can find concealed defects rarely have the standing to compel action. The people with enforcement authority rarely have the depth to know what they’re looking at. We sit in that gap — detecting what was quietly patched, proving when the vendor knew, and translating it into language a regulator, an underwriter, or a court can act on.
The underlying intelligence is a continuously updated feed of silent patches detected across open-source infrastructure — security fixes merged without public disclosure. One dataset. Six ways in. What changes is how you use the data and how it’s priced. A protocol maintainer measures risk against TVL. An auditor measures it against billings. An underwriter measures it against coverage volume. The risk surface differs, so the pricing model differs.
Every rate is published below. No sales calls. No “contact us for pricing.” Type your number and the math is instant.
Choose your risk surface.
Your dependencies have secrets.
Upstream libraries you ship contain silently patched vulnerabilities. Your users inherit the exposure. We find what your dependency manager misses.
Your audits have blind spots.
Upstream code changes after your audit. Silent patches ship between engagements. Your stamp of approval covers code that no longer matches what you reviewed.
Your stack has risks you can’t see.
Before launch, before your next raise — know what your upstream dependencies are hiding. Investor-ready risk reporting built on data that doesn’t exist in any public database.
Your diligence is incomplete.
The protocol’s audit is clean. Their public CVE count is zero. Their upstream dependency chain has 47 undisclosed fixes. Your thesis doesn’t account for what isn’t public.
Your models are missing half the data.
DeFi insurance premiums priced against incomplete risk databases. Protocols are financially rewarded for hiding vulnerabilities from you. We close the gap.
Full dataset. Unrestricted.
Securities regulators and financial supervisory authorities receive unrestricted access to the silent patch intelligence feed. The entities responsible for market transparency should not be gated from the data that enables it.
Need more than a data feed?
The intelligence products above are continuous monitoring — automated detection, delivered via API and reports. Some situations require direct engagement: a full audit of a codebase’s concealment history, regulatory translation of a confirmed finding, breach forensics linking an exploit to the commit where the vendor knew, or coordinated disclosure management end-to-end.
Those engagements are scoped and priced separately.
The data behind the data.
If you suspect something was buried.
Bring us the finding, the ghosted report, or the vendor whose disclosure record doesn’t add up. Tell us what you’re building, auditing, insuring, or investigating. We’ll tell you what the public data is missing.
Threshold review no charge · All prices published · No sales theater