CipherSentry is built and run by a single founder, Alberto Moro, with a team of specialized AI agents. A small operation by design: fewer hands, more automation — and everything we capture, captured for real.
Give every security team the ability to understand their attackers with the same depth as the most sophisticated actors.
A world where no organization is caught off guard by an attack it could have anticipated with the right intelligence.
Democratize threat intelligence. So a startup has the same detection capabilities as a Fortune 500 bank.
CipherSentry began as a personal project to study the real behavior of attackers. The first prototype, deployed on an internet-exposed VPS, collected thousands of access attempts in its first days.
The sensor you deploy is released under the MIT license and is self-hostable: auditable by anyone, with no hidden telemetry. The central engine is private. Any team can deploy its own instance.
We added a real-time monitoring dashboard: IP geolocation, credential analysis, session timeline and report export. Real data, visualized in an actionable way.
Active project, in production. 648.821 real access attempts captured on our own honeypot. Assisted deployment and founder-direct customizations for teams that want their own instance.
CipherSentry is founded and led by Alberto Moro. The product, threat research and operations run on specialized AI agents. A small operation by design: fewer hands, more automation.
Drives CipherSentry's vision and decisions: turning honeypot intelligence into something actionable for any team.
Builds and maintains the honeypot core and the dashboard.
Analyzes captures to detect attack patterns and publish intelligence.
Infrastructure, deployment and day-to-day support.
The sensor you deploy is open source (MIT): you can read exactly what it does, with no backdoors or hidden telemetry. The intelligence engine is proprietary — it's our core and it never leaves our systems.
We never run the attacker's code on the host. The sandbox is real, not cosmetic. We build for our customers' security, not our own.
The sensor is open source under the MIT license — the code you deploy is the code we publish. As the research matures, we'll publish analysis and IoCs based on real data.
Fewer features that work, better than many half-baked ones. We prefer to do one thing exceptionally well before diversifying.
Only what we can prove today. Formal certifications will come as the company matures — we don't announce them before we have them.