Pricing

Same pipeline.
You choose where
your data lives.

Every tier runs the full 8-agent pipeline. No feature gating on the security capabilities that matter. The difference is where the stack runs and who keeps it updated.

Open
Free
self-hosted · MIT license

Full feature set. You run it, you own it. Bring your own LLM or use Ollama locally.

Deploy on GitHub
POPULAR
Pro
Per user · monthly Pricing tailored to your team size and sector

Managed. We run it, keep it updated, and redact your infrastructure data before any LLM call.

Get a quote →
Sovereign
Custom On-prem · enterprise

Zero data leaving your perimeter. BYO LLM, SSO, 24/7 support, dedicated SLA, and private Slack channel.

Talk to us →
Features
Open free · self-hosted
Pro per user · mo
Sovereign custom
Core pipeline
Full 8-agent pipeline (Recon → Reporter)
Asset discovery (CT logs + nmap CIDR sweep)
Vulnerability scanning (nmap + nuclei)
CVE correlation — 338k+ NVD entries
SSVC prioritization (deterministic, 0 LLM tokens)
CISA KEV + FIRST EPSS daily sync
Watchtower — KEV & EPSS spike alerts
Red / Blue adversarial validation
Phishing campaigns (asset-aware lures)
Auth phishing simulation (MFA/OTP)
Credential exposure (HIBP integration)
Dark web + IOC feeds (ThreatFox/URLhaus)
Incidents & case management
Posture timeline & risk scoring
Executive dashboard (11 widgets)
Audit log (append-only)
RBAC — Admin / Analyst / Viewer
REST API + API keys
Permission policies (AI action gates)
Community verdict memory (k-anonymity)
Pro & managed
Managed infrastructure & updates
Data redacted before LLM calls
Slack, Email, PagerDuty, OpsGenie alerts
Email support
MCP integration
Sovereign / enterprise
On-prem / air-gapped deployment
BYO model (Ollama / vLLM)
SSO / SAML
Tenant isolation & encryption at rest
Dedicated SLA
24/7 priority support
Private Slack channel
GitHub →
Get a quote →
Contact →

Can I switch tiers later?

Yes. The Open tier uses the same Docker images as Pro and Sovereign. Migration is a config change, not a re-deployment.

What LLMs does it use?

Open: Ollama locally or any OpenAI-compatible API. Pro: Claude Sonnet with data redaction. Sovereign: BYO — Ollama, vLLM, or any private endpoint.

Does the deterministic core cost LLM tokens?

No. SSVC prioritization, CVE correlation, KEV matching, EPSS scoring, and Watchtower alerts are 100% deterministic. Zero LLM calls, zero per-query cost.

What does "data redacted" mean in Pro?

Before any prompt reaches the LLM, Horus pseudonymizes hostnames, IPs, and emails using a stable per-org map. The LLM never sees real asset names. De-pseudonymization happens on the response side.

Is there a free trial for Pro?

Yes — the live demo is pre-loaded with 30 days of scan history, real CVE findings, Red/Blue debate transcripts, and phishing campaign results. No card required.

What's included in Sovereign support?

24/7 priority support, dedicated SLA, a private Slack channel with the Horus team, assisted deployment, and priority access to new agent releases. Pricing is per user.

Configure it once.
Your agents start tonight.

The demo is pre-loaded with 30 days of posture history, real CVE findings, Red/Blue debate transcripts, and phishing campaign results.

Open live demo Self-host free