Is Cyberflake software self-hosted?

Yes. Every Cyberflake product ships as a Docker bundle that you deploy inside your own VPC, on-premise, or in an air-gapped environment. We do not run a managed cloud, do not operate a shared multi-tenant version, and do not have a hosted SaaS fallback. The deployment you stand up is the deployment, and it stays inside your network.

Does Cyberflake collect telemetry or usage data?

No. The only external HTTPS call any Cyberflake product makes is licence verification, which transmits the licence identifier, install identifier, product code and running version — and nothing else. There is no analytics SDK, no error-reporting service, no third-party pixel and no usage-metrics endpoint in any product or release.

OpsLens is a self-hosted AWS visibility and security dashboard. It covers 16 AWS services with 69 anomaly checkers across cost, security, incidents, inventory and compliance — all in one dashboard running inside your own account, using read-only IAM access.

Tracer is an OS-level monitoring agent. It collects CPU, RAM and disk metrics, watches files and ports, tracks process anomalies, and surfaces IT incidents and unusual activity — all from inside the host with no cloud middleman.

Scanner is a self-hosted vulnerability assessment (VA) scanner. It discovers exposed services, identifies known CVEs across your infrastructure, flags misconfigurations and weak ciphers, and produces audit-ready VA reports — without sending a single packet outside your network.

Sambhav is a cloud AI chat agent that bridges product and engineering teams. It translates product requirements into engineering context and engineering decisions back into product language, helping both sides stay aligned in one shared chat — without endless sync meetings. Unlike the rest of the Cyberflake stack, Sambhav is delivered as a cloud (SaaS) service.

Does Cyberflake support air-gapped deployments?

Yes. Air-gapped deployments are supported through offline, pre-signed licence bundles refreshed via secure channel. There is no internet dependency in the running product itself, only periodic licence renewal handled outside the production environment.

How are Cyberflake releases verified?

Every Cyberflake release is Ed25519-signed. The signing key lives offline. Customers can cryptographically verify each binary they install against the published public key before deploying it.

Operational Security Tooling
For Cloud-Native Teams

Software you deploy inside your own infrastructure. Read-only access, append-only audit logs, and a single external call — license verification — that transmits exactly one thing.

See Products

From Zero To Dashboard In Three Steps

No agents on every host. No write permissions. No external dependencies. Deploy once and walk away.

Deploy

Pull the Docker bundle and bring it up on any host. Single compose file. No vendor cloud, no SaaS account, no managed control plane.

$ docker compose up -d

Connect

Apply a read-only IAM CloudFormation template (OpsLens) or install the lightweight Tracer agent. Read-only by default — no write or delete permissions, ever.

arn:aws:iam::role/CyberflakeReadOnly

Watch

Initial sync completes in 15–60 minutes depending on account size. Anomaly checkers run on schedule. Dashboards populate. Reports get scheduled. You log out.

✓ 16 services · 69 checkers · live

Engineered To Be Trusted

Our security stack runs inside your infrastructure. Read-only by default. Append-only audit logs. Signed releases. The same security posture across the entire stack.

Self-hosted AWS visibility. 16 services, 69 anomaly checkers in one dashboard — cost, security, incidents and compliance inside your own account.

AWS Cost Anomalies Compliance Inventory

Self-hosted vulnerability assessment. Discovers exposed services, identifies known CVEs, flags misconfigurations — and produces audit-ready VA reports without any data leaving your network.

VA Scan CVE Misconfig Network Reports

OS-level monitoring agent. Collects CPU, RAM and disk metrics, watches files, ports and processes — surfacing IT incidents from inside the host.

CPU / RAM / Disk Files Ports Processes Incidents

Cloud AI chat agent that closes the gap between product and engineering. Translates PM intent into clear engineering context, and engineering decisions back into product language — in one shared chat.

Cloud PM ↔ Eng AI Chat Specs Standups

Docker-native deploy

Ships as a Docker bundle. Up and running in minutes.

Read-only by default

No write access anywhere. Your data never leaves your network.

Signed releases

Ed25519-signed bundles. Every build cryptographically verifiable.

General enquiries

Sales, demos, partnerships, customer support — anything that isn't a vulnerability report. A real engineer responds within one business day.

hello@cyberflake.net

Security disclosure

Vulnerability reports and responsible disclosure. PGP key available on request. Triaged within one business day; we don't pursue legal action against good-faith research.

security@cyberflake.net