Security you pay more for the moment you're attacked is priced backwards.
Usage-metered tooling bills per API transaction, per signaling message, per analyst seat — so the invoice climbs as your core grows and spikes exactly during the incident, when you can least afford to ration a hunt across roaming and IPX. Against the economics of a fraud problem that ran to $38.95B in 2023 (CFCA), a meter is a number you cannot forecast.
whisper verify --trustless costs nothing and needs no account — our own API is not in the trust path.
A meter that climbs with your core — and spikes when you're attacked — isn't a price. It's a risk.
Two curves. One rises with every NF you add, every SBI transaction, every query your analysts run chasing an operator across rotating IPX egress — and peaks precisely during the incident. The other is a flat line you set once and forecast for years.
Per-NF, not per-transaction
Priced to the thing you actually govern — the network function — so a busy SBI or a noisy signaling incident never moves the invoice. Add a slice, light up a new roaming peering, weather an attack: the figure holds.
Attribution & lookups, never metered
Run identify, walk, history and Cypher — and op:lookups to see who's enumerating your NRF — as hard as an incident demands. No per-query tax means your SOC never rations a hunt while an operator keeps rotating egress.
Additive, not another bill
It sits on top of the signaling firewall, SEPP, SIEM and operator PKI you already own as a feed — no per-analyst-seat licence, no data-egress fee, no new console to staff, no second CA to run.
Start keyless. Prove it on a slice or a peering. Roll it across the core — flat the whole way.
POC → pilot → enterprise, exactly the path a core-security program buys on. Every tier speaks the same address-is-identity primitive; you're only widening how many NFs it covers, never re-platforming and never standing up a second PKI.
Free to start
$0
Keyless verify, open to all. A handful of NF identities to provision.
The keyless lower half — trustless, anchored at the IANA root, our API never in the path — plus enough provisioned NF /128s to prove the control plane on your own bench:
- ✓
whisper verify --trustlessany NF, NRF or SEPP identity - ✓ Resolve and reverse-resolve a /128, read its RDAP; back-trace a suspicious peer, no key
- ✓ A handful of NF /128 identities — derive one from the NF's existing key + its
nfInstanceId
Flat engagement
Fixed scope
One network slice, or one N32 roaming peering. Time-boxed, one flat price.
Everything in POC, keyed to a defined NF count so a core-security owner can prove value before the board:
- ✓ Provision NF /128 identities across the slice or the peering — DANE-pin the SBA cert they already present
- ✓ Full attribution graph — unmetered during the pilot
- ✓ Egress governance per NF: policy ·
op:firewall·op:budget· one-callop:revoke - ✓ Splunk connector (signed JSON → CEF/ECS) · NIS2 Art.23 incident evidence · public transparency log
Flat per-NF / year
Core quote
One rate, quoted to your NF count. It doesn't move.
The whole core, all three planes, across every NF — the way a CISO buys defence-in-depth:
- ✓ Identity, attribution graph and egress governance, core-wide
- ✓ Unlimited attribution — no per-query meter, ever, across roaming and IPX
- ✓ On-prem or your own tenant — NIS2 / data-residency by construction
- ✓ Enterprise support and SLA; verifiable peer identity at every N32 border
Why a quote, not a sticker. A core price is one number, but the right number depends on NF count, on-prem vs your own tenant, and the standards evidence you need — so we quote it flat and in writing, and it holds for the term. No usage true-ups, no surprise line at renewal. Get a core quote →
The same platform, at three widths. Nothing behind the paywall is the verification itself.
The keyless verification a roaming partner, a regulator or a researcher needs to check an NF's identity is free at every tier — on principle, because our API isn't in the trust path. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify.
| Capability | POC | Pilot | Enterprise |
|---|---|---|---|
Trustless verify / resolve / RDAP (whisper verify --trustless) | ✓ | ✓ | ✓ |
| Trace a /128 to the NF behind it (reverse-DNS + RDAP) | ✓ | ✓ | ✓ |
NF /128 identities (register /128, DANE-EE pin, op:revoke) | a handful | slice / peering | core-wide |
Full attribution graph (identify, origins, walk, history, Cypher) | — | unmetered | unlimited |
Egress governance (policy · op:firewall · op:budget · op:lookups · op:revoke) | — | slice / peering | core-wide |
| Transparency log — public mint + revoke ledger, Bitcoin-anchored† | read / verify | ✓ | ✓ |
| Splunk connector — signed JSON → CEF/ECS | — | ✓ | ✓ |
| NIS2 Art.23 incident evidence · GSMA FS.36 / EU 5G Toolbox mapping | — | ✓ | ✓ |
| On-prem / own tenant (NIS2 data-residency) | — | — | ✓ |
| Enterprise support & SLA · verifiable peer identity at N32 | — | pilot support | ✓ |
Roadmap — STIX 2.1 / TAXII · first-class --nf-id arg | roadmap | roadmap | roadmap |
| Metered by usage (per transaction / message / seat) | never | never | never |
† The transparency log is append-only, Ed25519-signed and anchored to Bitcoin via OpenTimestamps — tamper-evident today; independent third-party witnessing is the next step (it already speaks the C2SP witness protocol, so any external witness can co-sign). STIX 2.1 over TAXII, and the first-class typed --nf-id argument are on the roadmap — everything else in this table is shipped & live.
The ROI isn't a promise — it's the costs the flat line takes off your books.
A predictable figure is only half the case. The other half is what it removes: analyst hours, de-peering delay, incident-reporting effort, audit repetition, and re-platform risk.
Analyst hours you stop burning
Correlating a rotating, meaningless last IP across IPX hubs, roaming partners and three clouds is manual, and it never converges. The graph collapses the rotation to one operator — infrastructure genealogy for the cloud hops, a JA4 client fingerprint for a proxy swarm — with a replayable evidence chain. The hours go back to your SOC, and the meter never punishes them for looking harder.
One revoke, not a bilateral de-peering
A compromised NF or interconnect identity is op:revoked worldwide at DNS-TTL speed — one signed record pulled, propagating at cache-TTL. No per-operator CRL you hope every partner fetched, no slow, commercial, bilateral de-peering. The blast radius is one /128, never a shared private root.
Faster NIS2 Art.23 reporting
When the clock runs a 24-hour early warning, a 72-hour notification and a one-month final report, an attribution you can replay — the operator behind a rotating IPX egress, named with a reproducible evidence chain — is the difference between a warning you can file and a blank one. The final report writes itself from the transparency log.
Audit effort you don't repeat
Findings arrive mapped to NIS2 Art.21/23, the EU 5G Toolbox and GSMA FS.36, and every mint and revoke is already in a public, Bitcoin-anchored ledger your regulator can replay. The compliance artefact is a byproduct of the tool, not a separate consulting line. Honest status: the log is tamper-evident today; independent witnessing is next.
Re-platform risk you avoid
This is real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers — anchored in the public DNSSEC root, not a private CA you'd one day have to migrate off. Longevity is the cheapest line in any TCO.
No shadow costs at renewal
No per-message true-up, no per-seat creep as your SOC grows, no data-egress fee, no second PKI to operate. What you forecast in year one is what you sign in year three — the number a CFO can actually plan around.
A pricing model can be an attack surface. Ours isn't.
If security is metered, an adversary can run up your bill, and a defender rations their own hunt. We priced those failure modes out.
"If attribution is metered, do my analysts have to ration lookups in the middle of an incident — across roaming and IPX?"
Never. The graph is unmetered on the keyed tiers — identify, walk, history and Cypher run as hard as the hunt demands, and so does op:lookups on who's enumerating your NRF. There is no per-query line for an attacker to inflate and none for a defender to fear.
"Does my bill spike when I'm under attack, or just when I add NFs, a slice, or a new roaming peering?"
Neither. The price is per-NF, set once, for the term. A signaling flood, an NRF-enumeration campaign, or lighting up a new N32 peering moves your risk — it doesn't move the invoice. The meter that would have peaked during the incident simply doesn't exist.
"Is the free tier a real capability or a trap that expires into a sales call?"
Real, and permanent. Keyless verify is anchored at the IANA root — our own API is not in the trust path, so we couldn't gate it if we wanted to. Verifying an NF's identity is a public check that a roaming partner or regulator can run against the DNSSEC root; charging for the truth would defeat the point.
Straight answers, before the call.
What exactly is metered?
Nothing by usage. You pay a flat rate per NF, per year. No per-API-transaction charge, no per-signaling-message fee, no per-query graph fee, no per-analyst seat, no data-egress bill. The only variable is how many NFs the program covers.
Can I try it without procurement?
Yes — keyless verify is free and needs no account. Run whisper verify --trustless today — resolve, reverse-resolve and read RDAP for any /128, no key; a POC then hands you a handful of NF /128 identities to provision and prove the control plane on your bench.
What happens as I add NFs, slices or peerings?
The per-NF rate holds; the total scales linearly and predictably with NF count, quoted in writing for the term. No usage true-up, no renewal surprise, no penalty for a busy or attacked core.
Is this on top of my SIEM and firewall cost?
It's a feed into the signaling firewall, SEPP and SIEM you already run — the Splunk and Microsoft Sentinel connectors ship today — not a replacement and not a second console to staff. It makes the tools you already pay for sharper, and never replaces mTLS or OAuth2.
On-prem or hosted?
Either. The Enterprise tier runs on-prem or in your own tenant, so the graph and per-NF logs stay where your regulator needs them — NIS2 and data residency by construction, at no metered premium.
What if I stop?
Identities are DNSSEC/DANE objects you can verify independently, every mint and revoke is in a public transparency log, and evidence exports are open formats (CEF, ECS; STIX and per-sector JSON on the roadmap). There's no proprietary lock on your own attestations or your compliance record.
Flat depth on top of the stack you already run — it doesn't replace a line, it de-risks the whole one.
You already pay for a signaling firewall, a SEPP at the N32 border, an operator PKI, and a SIEM — and you should keep every one; Whisper is additive to all of them and never replaces the mandatory mTLS + OAuth2 that binds an NF at the handshake. Where a per-message signaling cloud makes the bill unforecastable and a rigid carrier suite makes you buy modules you don't need, a flat per-NF line adds the layers no one else owns — a publicly verifiable NF identity (DNSSEC + DANE, no cross-certification), cross-operator attribution across rotating IPX and cloud egress, and revocation at DNS-TTL — without a meter and without a new silo.
| Pricing model | Forecastable? | Meter spikes under attack? |
|---|---|---|
| Per-message / usage-metered signaling cloud | hard | yes |
| Rigid multi-module carrier suite (six-figure floor) | partly | n/a — over-scoped |
| Whisper — flat per-NF / year | yes | no |
It makes the signaling firewall, SEPP and SIEM investments you already carry sharper, as a machine-readable feed — not a thing they compete with. It anchors at the IP / DNS / transport boundary, complements your private PKI and never sits inside the signaling plane. See the full comparison →
One flat number. Every NF, accounted for.
Keyless verify is free forever — start there, no account. When you're ready, a core quote is one flat per-NF/year figure you can forecast and defend against core-network economics. No meter, no surprise at renewal.
Or run whisper verify --trustless right now — it costs nothing.