energy.whisper.online · pricing

Security you pay more for the moment you're attacked is priced backwards.

Usage-metered tooling bills per API transaction, per query, per analyst seat — so the invoice climbs as your fleet grows and spikes exactly during the incident, when you can least afford to ration a hunt. Against a fielded fleet of 25M+ inverters streaming telemetry, a meter is a number you cannot forecast.

We price the other way. Flat, per device, per year — not per transaction, per query, or per seat. Keyless verify is free forever, attribution is never metered. One line item you can forecast — and defend to your CFO.

whisper verify --trustless costs nothing and needs no account — our own API is not in the trust path.

$0 Keyless verify, resolve and back-trace — free forever, no account
One flat per-device/year figure — not per-transaction, per-query or per-seat
25M+ inverters already fielded — a per-transaction meter at that scale is unforecastable
0 usage meters on attribution — never ration a hunt mid-incident
1 revoke replaces re-keying a fleet whose certs have no CRL, no OCSP
~195 GW coordinated by one platform pair — a flat line hedges what a token takeover risks

A meter that climbs with your fleet — and spikes when you're attacked — isn't a price. It's a risk.

Two curves. One rises with every DER you add, every telemetry poll, every query your analysts run chasing a rotating adversary — and peaks precisely during the incident. The other is a flat line you set once and forecast for years.

annual cost → fleet growth · telemetry volume · incident load → usage-metered per transaction · per query · per seat under attack ↓ billed most exactly when it hurts most the overage a flat price never charges Whisper · flat per-device / year set once · forecast for years · attribution never metered
Flat means the number you sign this year is the number you defend in every budget after. The meter you don't pay — the one that would have peaked mid-incident — is the whole point.

Per-device, not per-transaction

Priced to the thing you actually govern — the inverter, gateway or EVSE — so a chatty telemetry cadence or a noisy incident never moves the invoice. Add a model line, extend a program, weather an attack: the figure holds.

Attribution is never metered

Run identify, walk, history and Cypher as hard as an incident demands. No per-query tax means your analysts never ration a hunt while a rotating adversary keeps dispatching.

Additive, not another bill

It sits on top of the OT SOC, SIEM and DERMS/2030.5 PKI you already own as a feed — no per-analyst-seat licence, no data-egress fee, no new console to staff, no inline OT chokepoint.

Start keyless and free. Prove it on a segment. Roll it across the fleet — flat the whole way.

POC → pilot → enterprise, exactly the path a grid-security program buys on. Every tier speaks the same address-is-identity primitive; you're only widening how much of the fleet it covers, never re-platforming.

POC

Free to start

$0

Keyless checks need no account, no card. A free sign-up adds a handful of identities to prove the bind — still $0.

The keyless half of the platform — trustless, anchored at the IANA root, our API never in the path — needs no account:

  • whisper verify --trustless any DER identity
  • Resolve and reverse-resolve a /128, read its RDAP
  • Back-trace a suspicious /128 to the device behind it — reverse-DNS + RDAP, no key

Then a free key (still $0) adds

  • Bind a handful of inverters to the LFDI they already carry and dig -x them
Pilot

A fleet segment

Fixed scope

A bounded segment, time-boxed, one flat price.

Everything in POC, keyed to a defined device count — the full control plane on a slice, so a program owner can prove value before the board:

  • Provision device /128 identities from the LFDI (or DER serial) for the segment
  • Full attribution graph — unmetered during the pilot
  • Egress governance: op:policy default-deny · firewall · budget · lookups · revoke
  • Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel connectors today (STIX 2.1 / TAXII on the roadmap)
  • The tamper-evident, Bitcoin-anchored transparency log — every mint and revoke auditable
Enterprise

Flat per-device / year

Fleet quote

One rate, quoted to your fleet size. It doesn't move.

The whole program, all three planes, across every device — the way a utility or aggregator CISO buys defence-in-depth:

  • Identity, attribution graph and egress governance, fleet-wide
  • Unlimited attribution — no per-query meter, ever
  • Non-repudiable telemetry — sign each DER's dispatch and telemetry to its /128
  • On-prem or your own tenant — NIS2 / GDPR data residency by construction
  • Enterprise support and SLA · CIP-013 supplier interface agreements

Why a quote, not a sticker. A fleet price is one number, but the right number depends on device count, on-prem vs tenant, and the standards evidence you need — so we quote it flat and in writing, and it holds for the term. No usage true-ups, no surprise line at renewal. Get a fleet quote →

The same platform, at three widths. Nothing behind the paywall is the security itself.

The keyless verification a utility, an ISO, a regulator or a researcher needs to check a DER's identity is free at every tier — on principle. The keyed tiers widen coverage and feed your stack; they never gate the ability to verify. Roadmap items are labelled honestly, never sold as shipped.

CapabilityPOCPilotEnterprise
Trustless verify / resolve / RDAP (whisper verify --trustless)
Trace a /128 to the device behind it (reverse-DNS + RDAP)
Public transparency log — every mint + revoke, tamper-evident, Bitcoin-anchored
Device /128 identities (register, DANE-EE, op:revoke) from the LFDIa handfulfleet segmentfleet-wide
Full attribution graph (identify, origins, walk, history, Cypher)fleet segmentunlimited
Egress governance (op:policy, firewall, budget, lookups, revoke)fleet segmentfleet-wide
Non-repudiable telemetry — sign a DER's dispatch/telemetry to its /128fleet segmentfleet-wide
SIEM feed — Splunk connector today · CEF / ECS
STIX 2.1 / TAXII · ISAC JSON exportroadmaproadmaproadmap
First-class typed --lfdi arg (pass the LFDI as device_id today)roadmaproadmaproadmap
On-prem / own tenant (data residency, NIS2 / GDPR)
Enterprise support & SLA · CIP-013 supplier interface agreementspilot support
Metered by usage (per transaction / query / seat)nevernevernever

On the roadmap, stated plainly. The Splunk and Microsoft Sentinel connectors ship today (signed JSON → CEF/ECS). STIX 2.1 over TAXII, a machine-readable per-ISAC export, and a first-class typed --lfdi argument are proposed and on the roadmap — until they land you pass the LFDI as device_id, which is shipped and live. The transparency log is tamper-evident, Ed25519-signed and Bitcoin-anchored today; independent third-party witnessing is the next step, and the log already speaks the witness-cosigning protocol.

The ROI isn't a promise — it's the costs the flat line takes off your books.

A predictable figure is only half the case. The other half is what it removes: analyst hours, incident blast radius, audit effort, and re-platform risk.

Analyst hours you stop burning

Correlating a rotating, meaningless last IP across Amazon, Google and Azure is manual, and it never converges. The graph collapses cloud rotation to one operator — and a JA4 client fingerprint collapses a residential-proxy swarm the same way — with a replayable evidence chain. The hours go back to your OT SOC, and the meter never punishes them for looking harder.

One revoke, not a fleet-wide re-key

A compromised inverter is revoked worldwide at DNS-TTL speed — no re-flashing fielded units, no CRL you hope every device fetched. IEEE 2030.5's own certs are life-long, with no CRL and no OCSP; the alternative to one call is a truck-roll. The blast radius is one leaf key, never a shared root — the single-CA-compromise failure mode is structurally removed.

Grid, warranty and recall exposure

Catching fleet-scale enumeration before it becomes mass compromise is the difference between a revoke and a recall. Research models <2% of inverters (~4.5 GW) as enough to force EU grid load-shedding, and one platform pair coordinated ~195 GW — a flat line item hedges against a variable-cost, grid-scale catastrophe.

Audit effort you don't repeat

Findings arrive already aligned to NERC CIP-013 R1.2.3/R1.2.6 and CIP-005 R3.1/R3.2 vendor-remote-access controls, and map to NIS2 Art.21 and NISTIR 7628. The transparency log gives your regulator a non-repudiable issuance and revocation trail. The compliance artefact is a byproduct of the tool, not a separate consulting line.

Re-platform risk you avoid

The field already proposes DIDs/SSI for inverters, but no productized, DNS/DANE-anchored, one-call-revocable offering exists — and security vendors fold. Whisper is real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Longevity is the cheapest line in any TCO.

No shadow costs at renewal

No per-transaction true-up, no per-seat creep as your OT SOC grows, no data-egress fee. What you forecast in year one is what you sign in year three — the number a CFO can actually plan around, and defend in an audit.

A pricing model can be an attack surface. Ours isn't.

If security is metered, an adversary can run up your bill, and a defender rations their own hunt. We priced those failure modes out.

"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"

Never. The graph is unmetered on the keyed tiers — identify, walk, history and Cypher run as hard as the hunt demands. There is no per-query line for an attacker to inflate and none for a defender to fear.

"Does my bill spike when I'm under attack, or just when my fleet grows?"

Neither. The price is per-device, set once, for the term. A telemetry flood, a fleet-enumeration campaign, or adding a model line moves your risk — it doesn't move the invoice. The meter that would have peaked during the incident simply doesn't exist.

"Is the free tier a real capability or a trap that expires into a sales call?"

Real, and permanent. Keyless verify is anchored at the IANA root — our own API is not in the trust path, so we couldn't gate it if we wanted to. Verifying a DER's identity is a public check; charging for the truth would defeat the point.

Straight answers, before the call.

BILLING

What exactly is metered?

Nothing by usage. You pay a flat rate per device, per year. No per-API-transaction charge, no per-query graph fee, no per-analyst seat, no data-egress bill. The only variable is how many devices the program covers.

ENTRY

Can I try it without procurement?

Yes. The keyless checks need no account at all — run whisper verify --trustless today, and resolve, reverse-resolve and read RDAP for any /128. A free sign-up (still $0) then adds a handful of identities, so you can bind a few inverters to the LFDI they already carry and dig -x them. When you're ready to provision a slice, a Pilot is a fixed, time-boxed engagement.

GROWTH

What happens when my fleet grows?

The per-device rate holds; the total scales linearly and predictably with device count, quoted in writing for the term. No usage true-up, no renewal surprise, no penalty for a busy or attacked fleet.

STACK

Is this on top of my SIEM cost?

It's a feed into the SIEM and OT-detection you already run — the Splunk and Microsoft Sentinel connectors ship today — not a replacement and not a second console to staff. It makes the tools you already pay for sharper, and adds no inline OT chokepoint.

RESIDENCY

On-prem or hosted?

Either. The Enterprise tier runs on-prem or in your own tenant, so the graph and per-device logs stay where your regulator needs them — NIS2 and GDPR data residency by construction, at no metered premium.

EXIT

What if I stop?

Identities are DNSSEC/DANE objects you can verify independently, the transparency log is a public append-only record, and evidence exports are open formats (CEF, ECS; STIX and ISAC JSON on the roadmap). There's no proprietary lock on your own attestations or your compliance record.

Flat depth on top of the stack you already run — it doesn't replace a line, it de-risks the whole one.

You already pay for a behavioural OT SOC, a SIEM, and a DERMS that consumes the manufacturer's IEEE 2030.5 certificate, and you should keep them — Whisper is additive to all three. Where a rigid six-figure OT-module bundle makes you buy packages you don't need and a per-transaction cloud makes the bill unforecastable, a flat per-device line adds the two layers no one else owns — attribution across rotating clouds and residential proxies and publicly verifiable, revocable identity after auth — without a meter and without a new silo. It can even DANE-pin the same 2030.5 certificate your CSIP head-end already speaks.

Pricing modelForecastable?Meter spikes under attack?
Per-API-transaction / usage-metered cloudhardyes
Rigid multi-module OT bundle (six-figure floor)partlyn/a — over-scoped
Whisper — flat per-device / yearyesno

It makes the OT-detection and threat-intel investments you already carry sharper, as a machine-readable feed — not a thing they compete with. See the full comparison →

One flat number. Every device, covered.

Keyless verify is free forever — start there, no account. When you're ready, a fleet quote is one flat per-device/year figure you can forecast and defend. No meter, no surprise at renewal.

Or run whisper verify --trustless right now — it costs nothing.