Pricing

Pricing that scales with
your posture.

One platform, four tiers — from a lean security team standing up its first AI layer to an enterprise SOC that needs white-glove, dedicated capacity. All prices below are illustrative until general availability.

Plans

Choose your tier.

All tiers include core AI investigation, continuous AI penetration testing, compliance-ready reporting, and unlimited alert coverage. Prices carry an Illustrative marker — final figures confirmed at contract.

Recon
$2,400/mo Illustrative

For startups and lean security teams standing up their first AI layer.

  • Up to 500 alerts investigated per day
  • Continuous AI pentesting — up to 2 targets
  • Behavioral analytics — user & entity baselines
  • Autonomous verdict engine (minutes to close)
  • Threat intelligence enrichment
  • Single SIEM / EDR integration
  • Compliance reporting (one framework)
  • Email support
Get Started
Citadel
$14,500/mo Illustrative

For security-mature organizations with complex, multi-cloud environments.

  • Unlimited investigations — all asset types
  • Continuous AI pentesting — up to 50 targets, all asset types
  • Custom risk-scoring models
  • Advanced insider threat & fraud signals
  • Unlimited integrations
  • SSO + RBAC + audit logging
  • Board-ready executive reporting
  • Quarterly analyst review sessions
  • SLA-backed response times
  • Dedicated tenant environment
Get Started
Garrison
Custom

White-glove enterprise service for the most demanding security mandates.

  • Everything in Citadel
  • Unlimited AI pentesting — all targets, any frequency
  • Named account team + vCISO advisory
  • Adversary simulation exercises
  • Custom AI model tuning for your environment
  • Multi-region & data residency options
  • GRC / SIEM / SOAR deep integration
  • On-site deployment option
  • Regulatory compliance packaging (FedRAMP, HIPAA)
Contact Sales
Universal coverage

What every tier includes.

These capabilities are not add-ons — they ship with every plan, from Recon to Garrison.

Autonomous verdict engine

Every alert is pursued to a binary verdict — confirmed threat or cleared — with a full evidence trail attached. No backlog, no triage queue, no abandoned investigations.

Threat intelligence enrichment

Every case is enriched against adversary TTP libraries, CVE context, and reputation data — so analysts receive findings with context, not raw IOCs to interpret.

Compliance-ready reporting

Audit packages are generated as a by-product of every investigation — ready for SOC 2, ISO 27001, NIST CSF, and other common frameworks without additional analyst time.

30-day proof of concept

Every engagement starts with a structured 30-day POC against your live environment. You see verdicts on real alerts before you sign an annual contract.

Stack-native deployment

Phalanxia connects to your existing SIEM, EDR, identity, and cloud providers — deployed alongside your stack in five business days, no rip-and-replace required.

Human escalation path

Confirmed high-severity threats route to your on-call analyst with the full evidence trail pre-assembled. The machine does the investigation; the human makes the call to contain.

FAQ

Pricing questions, answered.

Why do the prices say "Illustrative"?

Phalanxia is in a controlled early-access phase. The figures shown reflect our target pricing architecture — final per-seat and usage-based rates are confirmed during your sales conversation ahead of contract signature. We publish illustrative numbers so procurement teams and budget owners have a realistic planning anchor.

Is AI penetration testing included, or priced separately?

It's included in every tier. Phalanxia is a single platform — autonomous alert investigation and continuous AI penetration testing ship together, billed as one subscription. The number of pentest targets scales with your tier, from up to 2 on Recon to unlimited on Garrison. There is no separate pentest engagement fee or add-on contract.

How does billing work?

All tiers are invoiced annually, with monthly installments available on Citadel and Garrison. The 30-day proof-of-concept period is billed as a single project engagement; if you proceed to a subscription the POC fee is credited toward your first year. Usage overages (alerts beyond tier thresholds) are metered and appear on your next invoice with 30-day notice before any spend exceeds the soft cap you set at onboarding.

What does the 30-day proof of concept include?

The POC is a full live deployment against your production environment — not a sandbox. Phalanxia connects to your primary SIEM or EDR within five business days, begins issuing verdicts on real alerts, and delivers a findings briefing at day 14 and a full outcome report at day 30. You receive a dedicated deployment engineer and access to the full feature set of the tier under evaluation for the duration of the POC.

How is Phalanxia deployed — cloud, on-prem, or hybrid?

The default deployment model is Phalanxia-hosted SaaS on isolated AWS infrastructure in your chosen region. Citadel customers receive a dedicated single-tenant environment. Garrison engagements can include a customer-managed deployment inside your own cloud account (BYOC) or, for regulated industries, an air-gapped on-premises option. Data residency guarantees are available for EU, UK, and APAC regions on all tiers Citadel and above.

What support is included?

Recon includes email support with a 48-hour SLA. Vanguard adds priority ticket routing, a named customer success manager, and quarterly business reviews. Citadel provides a 4-hour response SLA for critical issues and direct Slack channel access to the engineering team. Garrison engagements receive a dedicated account team including a Phalanxia vCISO, a named deployment engineer, and 24/7 on-call escalation.

Can I change tiers mid-contract?

Upgrades take effect at the next billing cycle with zero downtime — your environment automatically inherits the expanded integrations and feature set of the higher tier. Downgrades are processed at annual renewal. If you outgrow a tier faster than anticipated (e.g., a rapid acquisition expands your alert volume), your account team can process a mid-term upgrade with a pro-rated true-up.

Engage

Not sure which tier fits? Let's figure it out.

A 15-minute consultation with the Phalanxia team maps your alert volume, stack, and compliance requirements to the right tier — no sales pressure, no commitment. A 30-day proof of concept is available on every plan.