Your firewall reads the message. Your operator PKI proves the NF — but only to itself.
Enea, SecurityGen, P1, Positive Technologies, Mobileum on the signaling plane; Palo Alto CN-Series, Fortinet, A10, Check Point on the packet core; Ericsson and Nokia PKI and the SEPP on the trust plane — each is good at what it does, and you should keep running every one. But the compromised-NF, rotating-egress incident survives the whole stack, because it lives in three seams none of them was built to close: a publicly-verifiable NF identity, cross-operator attribution, and cross-operator revocation at DNS-TTL.
whisper verify --trustless — the one thing your signaling firewall, your core firewall, and your operator CA all lack: no one has to trust our API.
Every layer here is good. The incident survives in the seams between them.
The 5G SBA is a flat, all-IP HTTP/2 mesh, and it inherits the whole web/API threat model. Reach the NRF and you can pull any NF's profile and speak as it — OAuth2 authorization is optional by spec, so reachability approximates authorization. The action then rides out through IPX hubs, roaming peers and cloud-hosted egress. Strip that incident down and it leans on exactly three structural gaps. Here's which category of tool leaves each one open, and why.
A signaling firewall scores the message within the signaling plane — Global Title, realm, GT-to-GT. A 5G-core firewall scores the packet. Neither names the internet-side operator behind a rotating egress: an event arrives through one IPX ASN, then another, then a cloud-hosted NF, and every hop is disposable. In-plane attribution stops at the last GT you saw — which was never the actor.
Only Whisper closes it — the graph. A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS/RDAP, TLS and hosting, answering in under 300 ms — fingerprints the operator, not the IP. Rotation across IPX ASNs and clouds collapses into one infrastructure genealogy (shared ASN, hosting, certificate lineage); a residential- or cloud-proxy swarm collapses on a JA4/JA3 client fingerprint that travels with the tooling regardless of the exit. Every answer is a reproducible evidence chain your CSIRT and a regulator can replay — the NIS2 Art.23 who/where an incident report needs.
"My signaling firewall already flags the malicious message. Why can't it tell me who's behind it?"
Because it attributes in-plane. GT and realm identify the last signaling hop, not the internet operator running a rotating IPX/cloud egress — and the last GT you logged was disposable. The graph fuses BGP, DNS, RDAP and TLS to name the operator behind the host, and JA4 collapses the swarm to one tooling fingerprint. It's an additive feed into the firewall you already run, not a second one.
3GPP does bind identity into the certificate: TS 33.310 mandates the NF cert carry subjectAltName = urn:uuid:<nfInstanceId>, and mTLS on the SBI is mandatory. That is genuinely strong — inside one operator. But the CA is operator-private: no roaming partner, no IPX, no regulator, no peer operator can independently verify "this really is operator X's AMF" without bilateral cross-certification of each MNO's Root CA. And when an NF is compromised, revocation is a per-operator CRL/OCSP that doesn't cross the operator boundary — de-peering is slow, manual, commercial.
Only Whisper closes it — public identity. Take the same nfInstanceId and the NF's existing key, and anchor them in the public DNSSEC root: a routable /128 that drops into the NF's NFProfile.ipv6Addresses, with a DANE‑EE TLSA 3 1 1 pin of the same SBA certificate it already presents. Now any counterparty verifies the NF against the IANA root — no cross-certification, no access to the operator's private CA — and one signed-record pull revokes it everywhere at cache-TTL. It never replaces mTLS or OAuth2; it's the independent, public layer on top.
"3GPP already puts the nfInstanceId in the cert and mandates mTLS. Isn't identity solved?"
Solved inside your operator — not across the boundary. The cert is signed by your private CA, so a roaming partner or regulator can't verify it without cross-certifying your Root CA, and a compromise waits on a per-operator CRL. Whisper keeps the exact urn:uuid:nfInstanceId identity and makes it publicly verifiable and cross-operator revocable — the same cert, DANE-pinned, from the NF's existing key. No new PKI, no re-key, no NRF API change.
Gap 1 is attribution made durable across rotation. Gap 2 is a private assertion made a public, revocable proof. No layer you already run was built to close either — that's the white space, and it's exactly where the compromised-NF endgame persists unattributed.
An outsider asks three questions. Your stack answers them only privately.
Line the three categories you run up against the questions a cross-operator incident actually forces you to answer, and the picture is honest and simple: the message layer and the packet layer are well covered, the NF cert is strong inside your domain — and the three questions an outsider asks are the seams.
Incumbents own the top rows. Whisper owns the bottom five. One row, both — by different means.
Two honest columns for the layers you run — the signaling / 5G-core firewalls, and the operator PKI/SEPP — against Whisper. Keep every incumbent: the top two rows are theirs. The identity-issuance row, both of us do — they issue privately; we make the same identity public. And the bottom five are the ones no layer on your stack was built to answer.
| Capability | Signaling / 5G-core firewall | Operator PKI / SEPP | Whisper |
|---|---|---|---|
| Signaling firewalling — inspect & score SS7 / Diameter / GTP-C / HTTP-2 messages | ✓ | — | additive feed |
| 5G-core traffic protection — GTP-U / SCTP / malformed / DoS packet defense | ✓ | — | additive feed |
NF identity issuance — a certificate bound to urn:uuid:nfInstanceId | — | ✓ private CA | ✓ public DNSSEC+DANE |
| Publicly-verifiable NF identity — no bilateral cross-certification | — | — | ✓ |
Cross-operator attribution across rotating egress (BGP·DNS·RDAP·TLS·JA4) | — | — | ✓ |
| Cross-operator revocation at DNS-TTL — one pull, not one CRL/OCSP per operator | — | — | ✓ |
| Routable identity that survives NAT / roaming / IPX | — | — | ✓ |
| Identity derived from the NF's existing key — no re-key, no new CA | — | — | ✓ |
"So where does the operator PKI stop and Whisper start?"
At the operator boundary. Your PKI issues and lifecycles the NF cert, mTLS binds it on the SBI, OAuth2/NRF authorizes the service call — all mandatory, all primary, all kept. Whisper takes the exact identity that PKI already minted and projects it onto a public anchor: DNSSEC, DANE, RDAP, reverse-DNS, and a graph that names the operator behind a rotating egress. It's a second, independent, publicly-checkable layer — and a cross-operator kill-switch — not a replacement for the first.
One honest caveat, said out loud: revocation here kills the /128 and its egress authorization at DNS-TTL — faster and cross-operator, where a CRL/OCSP can't reach. It does not revoke the operator's TLS certificate; that stays the operator CA's job. Sell it as the additional kill-switch your PKI never had, not as a PKI.
It DANE-pins the same SBA cert your NF already presents. It doesn't re-issue anything.
The identity is not new. The NF already carries a certificate whose subjectAltName is urn:uuid:<nfInstanceId>, signed by your operator CA and presented on every mTLS handshake on the SBI. Whisper takes that same cert and that same key and anchors them in the public DNSSEC root — the identity your PKI privately asserts becomes globally, third-party verifiable, with no re-key, no second PKI, and no change to the NRF API.
nfInstanceId, same cert, same key — anchored in the public DNSSEC root instead of a hidden operator CA. The private identity your PKI already minted becomes third-party verifiable and cross-operator revocable, with nothing re-issued.And it feeds the tools around it. Findings land as a machine-readable feed into the SIEM the SOC already runs — the Splunk connector ships today, mapping to CEF and ECS; a Microsoft Sentinel connector, OpenCTI, and STIX 2.1 over TAXII export are on the roadmap. It is not another console your NF SOC babysits; it's depth on the seam your firewalls and PKI don't reach, arriving in the formats they already ingest.
Every layer here, you (or your peer) must trust. Ours, no one does.
Your firewall's verdict, your PKI's assertion, a roaming partner's SEPP — each asks someone to trust it. Whisper's core claim — this address is that NF — is checkable by anyone against the IANA DNS root, with our own API and the peer's private CA both deliberately outside the trust path. No account required.
# keyless — re-derive and verify any NF's identity, trustless
$ whisper verify --trustless 2a04:2a01:5e0::a3f
✓ DNSSEC chain valid to the IANA root
✓ DANE-EE (TLSA 3 1 1) matches the NF's existing SBA cert
✓ RDAP: registered under AS219419 · 2a04:2a01::/32
identity: VERIFIED — the peer's private CA was never trusted
# the address is the NF — reverse DNS names it, no NRF access, no cross-cert
$ dig -x 2a04:2a01:5e0::a3f +short
amf-3d3e8b1a.5gc.example-mno.whisper.online.
# who really operates a host probing your N32 border — the graph API, with your key
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" \
-H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"185.62.x.x\")"}'
operator: <fingerprinted> · seen across 3 IPX ASNs + AWS / Azure
rotating egress collapsed by JA4: same tooling, 37 exit IPs → 1 operator
# bind an NF to the nfInstanceId it already carries (the UUID in its cert SAN)
$ export WHISPER_API_KEY=whisper_live_xxx
$ curl -s https://graph.whisper.security/api/query -H "X-API-Key: $WHISPER_API_KEY" --data-urlencode "q=CALL whisper.agents({op:'connect', args:{tier:'wireguard',
identity_public_key:'<base64 SPKI of the NF's existing key>',
device_id:'3d3e8b1a-9c2f-4e77-b6a1-8f2c1e7d40a9'}})" # device_id = nfInstanceId
→ identity 2a04:2a01:5e0::a3f DANE-pins the SAME SBA cert · drops into NFProfile.ipv6Addresses
# who has been resolving / RDAP-querying this NF — a recon tripwire at the N32 border
$ whisper lookups 2a04:2a01:5e0::a3f
14:02Z AAAA vplmn-262-02 — enumerating your AMF pool before a roaming burst
# per-NF egress governance — default-deny lateral movement (CISA ESF 5G Cloud)
$ whisper policy set --default deny --allow smf.5gc.example-mno.whisper.online,udm.5gc.example-mno.whisper.online
# compromised NF — kill it everywhere, in one TTL, not one CRL per operator
$ whisper kill --revoke 2a04:2a01:5e0::a3f # cross-operator, at DNS-TTL
Today you pass the nfInstanceId as device_id — a generic domain separator that ships now. A first-class typed --nf-instance-id argument is on the roadmap.
Whisper is one layer, done well. It sits beside these — not over them.
Plenty of good tools live inside the signaling plane, inside the SIM, or inside the compliance binder. That's a different lane, and we don't claim it. Naming the boundary is the point: it's how you know exactly what you're buying.
Signaling firewalling & packet-core inspection
Message scoring across SS7 / Diameter / GTP-C / HTTP-2, and GTP-U / SCTP / malformed / DoS protection on the packet core. That stays ✓ for the signaling and 5G-core firewalls — Whisper does not inspect signaling or the user plane. We add verifiable identity, attribution and revocation beneath them.
The subscriber plane — SUPI / SUCI / 5G-AKA
The permanent subscriber identity, its SUCI concealment, and the symmetric AKA secret in the UICC/eSIM with the home-network UDM/AUSF. That's the device-and-subscriber trust domain. Whisper targets the NF plane — the network functions, not the SIM.
NESAS/SCAS certification & FCC rip-and-replace
We are honestly not a GSMA NESAS / 3GPP SCAS certification control, and not a route to CRA conformity or an FCC Covered-List removal. We're a defense-in-depth differentiator and a cryptographic PSIRT-attribution tool — value in the RFP, not a certificate you can wave.
We don't do signaling firewalling, user-plane inspection, subscriber-plane crypto, or type-approval paperwork — and we don't pretend to. Whisper is the network-identity and attribution layer that closes the three cross-operator seams, and it's honest about being exactly that. DANE/DNSSEC is strongest at the trust boundaries — NF discovery/DNS, N32/roaming, NEF exposure, management — not deep inside the SBI where mTLS and the NRF already bind tightly.
No new silo. Mapped to your standards. Availability-safe by construction.
The additive posture isn't just tidy architecture — it's what makes the buy defensible. Nothing you already run gets torn out; one line item closes three cross-operator seams and feeds everything else.
A feed, not another console
The Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS, with STIX 2.1 over TAXII export on the roadmap; a sample Sentinel analytics rule and a Splunk CIM mapping ship in the docs. Zero analysts babysitting a new pane of glass.
Speaks your compliance language
Cryptographic attribution accelerates the who/where an NIS2 Art.23 incident report needs; per-NF /128 micro-segmentation maps to NSA/CISA ESF 5G Cloud lateral-movement isolation; a DANE-pinned peer identity hardens the N32-c spoofing vector GSMA FS.36 names; DANE-pinned NF resolution is an EU 5G Toolbox TM02 move. See the map →
Flat, forecastable TCO
Per-NF, per-year and flat — not per-signaling-message, not core-throughput metered. Against interconnect-scale economics that's a line item you can forecast. ROI in analyst-hours saved correlating disposable IPX/cloud egress, and one revoke instead of a slow, manual de-peering. See pricing →
Fail-open, never in the datapath
Whisper rides existing DNS/IPv6 and adds no inline SBI chokepoint. mTLS and OAuth2/NRF stay primary; if a consumer authorizes against the DANE/verify path, that plane is built to fail open — a Whisper outage never drops an NF, checks degrade to your existing anchors. Anycast on AS219419, no single node in the path.
Nothing issued in the dark
Every NF-identity mint and every revoke lands in a public, append-only RFC 6962 Merkle transparency log, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — an auditable, non-repudiable issuance trail for your regulator. Honest status: tamper-evident today, independent witnessing is the next step.
A vendor built to outlast the question
Real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. POC → pilot → enterprise, keyless to start — the safest way to begin, and to leave.
"If Whisper is down, does my core stop? And does any of this replace my mTLS or my NRF?"
No, and no. The identity plane fails open and is never in the SBI datapath — a Whisper outage degrades checks to your existing anchors; it never drops an NF or gates a service call. And nothing here replaces mandatory 3GPP security: mTLS binds the cert on the SBI, OAuth2/NRF authorizes the call, your PKI issues and lifecycles. Whisper is a second, independent, public layer on top of all three — plus a cross-operator kill-switch — which also means low switching cost in both directions, the safest way to start.
Keep your stack. Close the three seams.
Whisper is the identity, attribution and revocation layer that sits on top of the signaling firewall, the core firewall and the operator PKI/SEPP you already run — additive, mapped to your standards, flat to price, from the NF's existing key. Keyless to try, one call to provision, one more to revoke.
Or run whisper verify --trustless right now — our API isn't in the trust path.