Autonomous verdict engine
Every alert is pursued to a binary verdict — confirmed threat or cleared — with a full evidence trail attached. No backlog, no triage queue, no abandoned investigations.
One platform, four tiers — from a lean security team standing up its first AI layer to an enterprise SOC that needs white-glove, dedicated capacity. All prices below are illustrative until general availability.
All tiers include core AI investigation, continuous AI penetration testing, compliance-ready reporting, and unlimited alert coverage. Prices carry an Illustrative marker — final figures confirmed at contract.
For startups and lean security teams standing up their first AI layer.
For teams that ship fast and need autonomous security that keeps pace.
For security-mature organizations with complex, multi-cloud environments.
White-glove enterprise service for the most demanding security mandates.
These capabilities are not add-ons — they ship with every plan, from Recon to Garrison.
Every alert is pursued to a binary verdict — confirmed threat or cleared — with a full evidence trail attached. No backlog, no triage queue, no abandoned investigations.
Every case is enriched against adversary TTP libraries, CVE context, and reputation data — so analysts receive findings with context, not raw IOCs to interpret.
Audit packages are generated as a by-product of every investigation — ready for SOC 2, ISO 27001, NIST CSF, and other common frameworks without additional analyst time.
Every engagement starts with a structured 30-day POC against your live environment. You see verdicts on real alerts before you sign an annual contract.
Phalanxia connects to your existing SIEM, EDR, identity, and cloud providers — deployed alongside your stack in five business days, no rip-and-replace required.
Confirmed high-severity threats route to your on-call analyst with the full evidence trail pre-assembled. The machine does the investigation; the human makes the call to contain.
Phalanxia is in a controlled early-access phase. The figures shown reflect our target pricing architecture — final per-seat and usage-based rates are confirmed during your sales conversation ahead of contract signature. We publish illustrative numbers so procurement teams and budget owners have a realistic planning anchor.
It's included in every tier. Phalanxia is a single platform — autonomous alert investigation and continuous AI penetration testing ship together, billed as one subscription. The number of pentest targets scales with your tier, from up to 2 on Recon to unlimited on Garrison. There is no separate pentest engagement fee or add-on contract.
All tiers are invoiced annually, with monthly installments available on Citadel and Garrison. The 30-day proof-of-concept period is billed as a single project engagement; if you proceed to a subscription the POC fee is credited toward your first year. Usage overages (alerts beyond tier thresholds) are metered and appear on your next invoice with 30-day notice before any spend exceeds the soft cap you set at onboarding.
The POC is a full live deployment against your production environment — not a sandbox. Phalanxia connects to your primary SIEM or EDR within five business days, begins issuing verdicts on real alerts, and delivers a findings briefing at day 14 and a full outcome report at day 30. You receive a dedicated deployment engineer and access to the full feature set of the tier under evaluation for the duration of the POC.
The default deployment model is Phalanxia-hosted SaaS on isolated AWS infrastructure in your chosen region. Citadel customers receive a dedicated single-tenant environment. Garrison engagements can include a customer-managed deployment inside your own cloud account (BYOC) or, for regulated industries, an air-gapped on-premises option. Data residency guarantees are available for EU, UK, and APAC regions on all tiers Citadel and above.
Recon includes email support with a 48-hour SLA. Vanguard adds priority ticket routing, a named customer success manager, and quarterly business reviews. Citadel provides a 4-hour response SLA for critical issues and direct Slack channel access to the engineering team. Garrison engagements receive a dedicated account team including a Phalanxia vCISO, a named deployment engineer, and 24/7 on-call escalation.
Upgrades take effect at the next billing cycle with zero downtime — your environment automatically inherits the expanded integrations and feature set of the higher tier. Downgrades are processed at annual renewal. If you outgrow a tier faster than anticipated (e.g., a rapid acquisition expands your alert volume), your account team can process a mid-term upgrade with a pro-rated true-up.
A 15-minute consultation with the Phalanxia team maps your alert volume, stack, and compliance requirements to the right tier — no sales pressure, no commitment. A 30-day proof of concept is available on every plan.