ASPM and the API Security platform are two separate products β but they're built on the same principles: a local-LLM agentic AI engine, deployed entirely inside your perimeter, with nothing ever leaving the building.
Source code, scan traffic and AI inference never leave your network. Deploy in an air-gapped VLAN with zero outbound calls.
A local LLM (DeepSeek) drives autonomous agents that threat-model, plan, verify exploits and write fixes β not a chatbot bolted on the side.
Run ASPM, run API Security, or run both. Separate apps, separate data β licensed independently, never a forced bundle.
Each product is a self-contained pipeline with its own engines and its own local-LLM AI. No shared store, no shared logs β and nothing ever crosses your perimeter.
Each product runs autonomous agents on its own local LLM. They reason in a loop β plan, act, verify, correct β instead of answering one prompt at a time.
Reads your source, reconstructs the architecture, and builds a STRIDE threat model automatically.
Maps the attack surface and steers the scan engines toward the riskiest endpoints first.
Proves a finding is real with a safe reproduction β killing the false positives before they reach you.
Ranks by real business risk and writes the remediation β a code patch or a WAF rule.
Powered by an agentic AI engine on a local LLM (DeepSeek) β runs on your hardware, no per-token bill, no data egress.
One Docker Compose stack per product. No SaaS account, no outbound dependency.
Postgres, scanner pool, local LLM and the app β all as containers you run and own.
No license phone-home, no telemetry. Models ship with the install and run offline.
SSO/AD, RBAC, MFA/TOTP, scoped API tokens, password policy and lockout built in.
Spin up either product in minutes β entirely offline.