Version 1.0 — Architecture Phase — magatama.dev

Unified Security Platform

勾玉

Every independent AI security company has been acquired. The market is fractured across six domains with zero correlation. MAGATAMA is the first platform that changes that.

215Features
52Unique Capabilities
<30msAI Detection
30+Compliance Frameworks
Code
Cloud
Mind
Strike
Guard
Comply

The Problem

The security industry sold you six separate tools for six separate domains. Six vendors. Six consoles. Six contracts. And when an attack crosses the boundary between them — no one sees it.
43%
of MCP server implementations have critical injection flaws. No existing tool scans them. We do.
100%
of standalone AI security vendors — Lakera, CalypsoAI, Protect AI, Prompt Security — have been acquired. The independent market is gone.
0
platforms correlate application vulnerabilities, cloud misconfigurations, and LLM attacks into a single kill chain. Until now.
215
Total Features
101
Launch-Ready
52
Unique to MAGATAMA
30+
Compliance Frameworks
<30ms
AI Detection Latency
6
Security Pillars

The six powers
of the jewel.

Teal border = capability no competitor offers. Every pillar is a production-grade module.

MAGATAMA CODE
FU — The Seal
Replaces: Snyk, Checkmarx,
SonarQube, Semgrep, GitGuardian

Nine scanners unified under a five-layer noise reduction engine. The reachability analysis engine eliminates 95% of false positives by tracing call graphs from every vulnerable function to actual entry points. Unique AI Code Scanner detects unsafe LLM integrations and insecure MCP configs before they reach production.

SAST — Opengrep (3.15× faster) SCA + EPSS Scoring Reachability Analysis Secrets Detection (Trie) IaC Scanning Container — Trivy SBOM — CycloneDX + SPDX Supply Chain / Malware Code Quality AI Code Scanner ★ DAST — Nuclei + ZAP API Security Testing 5-Layer Noise Reduction ★ AutoFix PR Generation DeepCode AI Fix IDE: VS Code, Cursor, JetBrains License Compliance Custom Rule Engine (YAML/DSL) Monorepo Support Git + CI/CD Integration CodeReduce Context ★ Binary / Firmware Analysis
MAGATAMA CLOUD
AMI — The Net
Replaces: Wiz, Orca,
Prowler, ScoutSuite

CSPM with 200+ CIS checks, graph-based toxic combination detection (the Wiz model), and LLM-powered self-healing remediation. Country-specific CERT feeds auto-configured per license geography. Defensive deception layer deploys canary tokens and honeyfiles without manual configuration.

CSPM — AWS, Azure, GCP CIS Benchmarks (200+ checks) Security Graph — Toxic Combos ★ Agentless Scanning CIEM — IAM Entitlements KSPM — Kubernetes Network Security Analysis Threat Intel Feeds (17+) Country-Specific CERT ★ Canary Tokens + Honeyfiles Health Monitoring Self-Healing Remediation ★ Remote Bridge — SSH Cloud Asset Inventory Attack Path Analysis Container Runtime Security Multi-Cloud Dashboard DSPM — Data Security Posture EPSS + Context Prioritization
MAGATAMA MIND
SHIN — The Heart
Replaces: Lakera, Prompt Security,
CalypsoAI — all acquired

The deepest AI/LLM defense pipeline on the market. 12 layers, sub-30ms end-to-end. MCP Server Security is first-to-market — no other platform scans tool descriptions, validates permissions, and detects rug-pull attacks. Full OWASP LLM Top 10 2025 and OWASP Agentic Top 10 2026 coverage simultaneously.

12-Layer Pipeline (<30ms) ★ MCP Server Security — First ★ OWASP Agentic Top 10 2026 ★ OWASP LLM Top 10 2025 KeywordTrie L1 — O(n) ★ Semantic Embedding L2 — Qdrant Multi-Turn Tracking L3 MITRE ATLAS L4 — 84 techniques Confidence Gate L5 Promptware Kill Chain L6 ★ Constitutional Scanner L7 IFC Barrier L8 — SecAlign+ MCP Guard L9 ★ Agent Security L10 ★ Self-Learning Engine L11 ★ Self-Healing L12 Red Teaming — promptfoo + garak LLM Firewall API Model Inventory Embedding Integrity Monitor ToolHijacker Defense ★ Log-to-Leak Prevention ★ Benchmark Suite (bipia, tensortrust)
MAGATAMA STRIKE
DAN — The Cut
Replaces: Pentera, NodeZero,
HackerOne PTaaS

Four autonomous agents — Recon, Exploit, Validate, Fix — that chain findings across all pillars. A Code vulnerability chained with a Cloud misconfiguration and weak auth is a full compromise path that no single-pillar tool would detect. Active honeypots attract real attackers and feed intelligence back to MIND automatically.

Recon Agent — Nuclei Exploit Agent — OWASP Top 10 Validate Agent — Proof-of-Exploit Fix Agent — AutoFix PR ★ Cross-Pillar Kill Chain ★ Continuous Pentest — on push Scheduled Campaigns — cron On-Demand + CLI Red Team Mode — AI-guided App Layer — OWASP Full Infrastructure Layer AI/LLM Pentesting ★ Active Honeypots + TTP Feed ★ Exploited-Only — Zero FP Audit-Grade Proof-of-Exploit PDF Business Logic Flaws API Fuzzing — REST/GraphQL/gRPC Credential Stuffing Test Lateral Movement Simulation
MAGATAMA GUARD
GO — The Shield
Replaces: Aikido Zen, Falco,
WAF solutions

Embedded firewall SDK for 6 languages and 12+ frameworks. Rust-compiled SQL parser runs as WASM for zero-overhead protection. LLM call monitoring built into the SDK — tracks every LLM call, token count, prompt, and cost at the application layer. eBPF kernel monitoring with less than 1% overhead.

SQL/NoSQL Injection — Rust WASM Command Injection SSRF Protection Path Traversal XSS + CSRF Protection Bot Protection — AI scrapers Rate Limiting — User-Aware Geo-Fencing API Discovery — Auto-OpenAPI LLM Call Monitoring SDK ★ eBPF Kernel — <1% overhead Container Escape Detection Privilege Escalation Detection SDK: Node.js, Python, Go, Rust, PHP, Java Frameworks: Express, Fastify, Django, Gin… WAF Mode — Reverse Proxy Request / Response Audit Log TraceSafe Integration eBPF-PATROL — ML Anomaly
MAGATAMA COMPLY
RITSU — The Order
Replaces: Vanta, Drata, Sprinto

30+ frameworks across EU, USA, Asia, Latin America, Africa, and the Middle East. Auto-evidence collection from all six pillars simultaneously. Cross-framework mapping means one check satisfies multiple standards. Unique: BSI C5:2026, EU AI Act, KRITIS, APPI/ISMAP, NDPR, NESA. 24-hour NIS2 incident notification fully automated.

ISO 27001:2022 SOC 2 Type II GDPR Art. 32 NIS2 Directive BSI C5:2026 ★ EU AI Act ★ BSI IT-Grundschutz NIST CSF 2.0 PCI DSS 4.0 OWASP LLM + Agentic ★ MITRE ATT&CK MITRE ATLAS — 84 AI techs ★ KRITIS — BSI-KritisV HIPAA + CMMC APPI + ISMAP (Japan) ★ LGPD (Brazil) ★ PDPA (Thailand / Singapore) POPIA (South Africa) ★ NDPR (Nigeria) ★ NESA (UAE) ★ UK GDPR + PIPEDA (Canada) Cross-Framework Mapping Auto-Evidence — all 6 pillars ★ 24h NIS2 Notification ★ Post-Quantum Crypto Check ★ Audit-Grade PDF Reports Gap Analysis Dashboard Policy-as-Code — OPA

Market Landscape

No one else covers all six.

Aikido comes closest with five. Zero AI/LLM security. No cross-pillar kill chain. No MCP security.

Platform AppSec Cloud AI/LLM Pentest Runtime Compliance MCP Security Kill Chain
Aikido
SnykPartial
WizPartial
CrowdStrikePartial
Pentera
Lakera / CalypsoAI
MAGATAMA

Competitive Edge

What only we have.

52 features with no equivalent elsewhere. These twelve define the category.

01 / 12
6-Pillar Unified Platform
The only tool combining AppSec, Cloud, AI/LLM, Pentesting, Runtime, and Compliance natively in one system. No vendor comes close to all six.
52 unique capabilities total
02 / 12
MCP Server Security — First to Market
43% of MCP implementations have critical injection flaws. MAGATAMA scans tool descriptions for poisoning, detects rug-pull attacks, validates permissions in real-time. No other platform does this.
Invariant Labs research, 2025
03 / 12
12-Layer AI Detection at <30ms
Deeper than Lakera (5 layers, 50ms, now acquired by Check Point). Covers OWASP LLM Top 10 2025 and OWASP Agentic Top 10 2026 simultaneously. The complete AI defense stack in one pipeline.
Fastest AI defense pipeline on market
04 / 12
Cross-Pillar Security Graph
Correlates Code vulnerabilities + Cloud misconfigurations + LLM attacks + Runtime events into unified kill chains. One attack spanning five pillars that no single-pillar tool would ever see.
Graph-DB powered — Wiz model extended
05 / 12
Self-Learning Bio-Immune System
Learns from every attack, auto-generates new detection rules, evolves across all six pillars simultaneously. Zero manual rule updates. Ever. The platform gets stronger with every threat it absorbs.
Cross-pillar pattern evolution
06 / 12
AI Code Scanner
Detects unsafe LLM integrations, insecure MCP configurations, and prompt injection vectors directly in source code before they deploy. Static analysis for AI-specific vulnerabilities — a new attack class no existing SAST tool covers.
New attack class coverage
07 / 12
LLM Pentest Agent
Autonomous prompt injection campaigns against your deployed AI endpoints. MCP server exploitation. Agent manipulation testing. No pentest tool on the market does this. The AI attack surface is real and unaddressed.
First automated AI red-team platform
08 / 12
Active Honeypots with AI Feedback Loop
Deploy realistic decoy services to attract real attackers. Analyze their TTPs. Automatically feed intelligence back into MAGATAMA MIND's self-learning engine. Turn adversary behavior into defense improvements.
Attacker intelligence → defense learning
09 / 12
Geo-Based Auto-Compliance
Select your license country at activation. MAGATAMA automatically pre-configures all relevant compliance frameworks, CERT feed integrations, and regulatory controls. Germany activates NIS2 + BSI C5 + GDPR + KRITIS. Japan activates APPI + ISMAP.
KeyCode per country
10 / 12
Federation API for Global Enterprises
Couple multiple MAGATAMA instances across countries. Trigger remote remediation. Aggregate global compliance scores from one federation hub. Manage all locations from a single pane of glass while maintaining per-country data residency.
/api/federation/connect · findings · remediate
11 / 12
BSI C5:2026 + Post-Quantum Readiness
The only unified security platform covering Germany's most demanding cloud standard — 168 criteria across 17 areas — including quantum-vulnerable algorithm assessment required by the 2026 revision. European compliance advantage no US competitor can match.
BSI C5:2026 · IT-Grundschutz · KRITIS
12 / 12
OWASP Agentic Top 10 2026
Future-proof coverage for AI agent threats: goal hijacking, tool misuse, identity abuse, memory poisoning, insecure inter-agent communication. The 2026 standard. No other platform has mapped it to a detection engine.
Published 2026 — already covered

CLI — Unified Commands

One CLI. All six pillars.

A single command surface for the entire security stack. Ship it in CI/CD or run on-demand from your terminal.

magatama scan — full pipeline
$ magatama scan --all ./src [符] CODE ··················· 9 scanners [網] CLOUD ··················· checks: 214 [心] MIND ··················· pipeline: OK [護] GUARD ··················· SDK: active [律] COMPLY ·················· NIS2 ✓ ISO ✓ ✓ 3 critical findings — AutoFix PRs ready └─ CODE/C04: Log4Shell reachable from /api/upload └─ CLOUD/I03: IAM + open port = lateral movement path └─ MIND/M11: MCP tool "browser" — rug-pull pattern
magatama comply report
$ magatama comply report --framework NIS2 License: DE-2026-001 (Context-X) Country: Germany → NIS2 + BSI C5 + GDPR Evidence auto-collected from: CODE CLOUD MIND GUARD Art. 21 (a) Risk analysis ····· PASS Art. 21 (b) Incident handling · PASS Art. 21 (c) Business continuity PASS Art. 21 (d) Supply chain ······ 2 gaps Art. 21 (e) Procurement ······· PASS Report: /reports/NIS2-2026-04-10.pdf Overall score: 94% compliant

Regulatory Coverage

Every regulation. Every country.

30+ compliance frameworks pre-mapped and auto-configured by license country. One check satisfies multiple standards simultaneously via cross-framework mapping.

European Union & Germany
ISO 27001:2022 ISO 27701:2025 GDPR Art. 32 NIS2 Directive BSI C5:2026 EU AI Act BSI IT-Grundschutz KRITIS — BSI-KritisV ENISA Guidelines CIS Benchmarks
United States
SOC 2 Type II NIST CSF 2.0 NIST 800-53 PCI DSS 4.0 HIPAA CMMC (DoD) FedRAMP CCPA
Asia-Pacific
APPI (Japan) ISMAP (Japan) PDPA (Thailand) PDPA / PDPC (Singapore) ISMS (Korea) CSL (China) IRAP (Australia)
Americas
LGPD (Brazil) PIPEDA (Canada) LFPDPPP (Mexico)
Middle East & Africa
NESA (UAE) SAMA (Saudi Arabia) NCA ECC (Saudi Arabia) POPIA (South Africa) NDPR (Nigeria) PDPA (Kenya)
UK & Universal Frameworks
UK GDPR + DPA 2018 OWASP Top 10 (Web) OWASP LLM Top 10 2025 OWASP Agentic Top 10 2026 MITRE ATT&CK MITRE ATLAS (84 AI techniques)

Deployment & Licensing

Deploy anywhere. License by country.

Per-country KeyCode licensing with automatic compliance pre-configuration. Federation API for global enterprise deployments across multiple jurisdictions.

KeyCode Licensing
Every license generates a unique KeyCode bound to company name and country. Activation is automatic. Multiple countries require separate licenses for data residency and compliance isolation.
Per-CountryAuto-ActivationKeyCode
Geo-Based Auto-Compliance
Select headquarters country at setup. MAGATAMA pre-selects all relevant frameworks, CERT feeds, and regulatory controls automatically for your jurisdiction. No manual configuration required.
DE → NIS2+BSI+GDPRUS → NIST+SOC2JP → APPI+ISMAP
Federation API
Couple multiple MAGATAMA instances across global locations. Trigger remote remediation, aggregate compliance scores, and view all findings from a single federation hub dashboard.
/federation/connect/findings/remediate
Self-Hosted / Air-Gap
Deploy on your own VM or Kubernetes cluster. Full air-gap support for regulated industries. Local Ollama LLM for triage and remediation. Your data never leaves your infrastructure.
VM / Docker / K8sAir-GapLocal LLM

Integrations

Fits into your workflow.

Native integrations across the entire DevSecOps toolchain — no glue code required.

Version Control & CI/CD
GiteaGitHubGitLabBitbucket GitHub ActionsGitLab CIGitea ActionsJenkins
Cloud Providers & Registries
AWSAzureGCP Docker HubAmazon ECRHarbor Terraform CloudPulumi
Ticketing & Collaboration
JiraLinearAsana SlackMicrosoft TeamsDiscord PagerDutyOpsGenieServiceNow
IDE & Developer Tools
VS CodeCursorJetBrainsWindsurf npmPyPIcrates.ioGo ModulesMaven
Identity & Observability
Azure ADOktaKeycloakGoogle Workspace SplunkElasticDatadog HashiCorp VaultCortex XSOAR
LLM Providers
Ollama (local)OpenAIAnthropic Azure OpenAIGoogle GeminiMistral

Pricing

All six domains. One price.

Aikido charges €350–1050/mo for five pillars with no AI security. Wiz charges €5000+/mo for cloud only. Pentera charges €50K+/year for pentesting alone. MAGATAMA covers everything — for less than the cost of one domain-specific tool.

Early Access starts 1. Mai 2026 — Jetzt registrieren und Gründungspreis sichern. / Register now to lock in the launch price.
Solo
Free forever
Freelancers, 1 project
CODE — 5 scans/month
MIND — 1,000 req/month
CLI access
Community support
Team
€349/mo
Startups, 5–20 developers
CODE + CLOUD + MIND + GUARD
Unlimited scans
Slack + Jira integration
Email support
Most Popular
Business
€899/mo
Mid-market, 20–100 developers
All 6 pillars
5 projects
Security Graph
Audit-grade PDF reports
Priority support
Enterprise
Custom
100+ devs, compliance-heavy
Unlimited everything
On-premise + Air-gap
Federation API
Dedicated SLA
Onboarding + training

Competitors per domain: Snyk €500–1,200/mo (AppSec only) · Wiz €5,000+/mo (Cloud only) · Vanta €2,500+/mo (Compliance only) · Pentera €50K+/year (Pentest only)
MAGATAMA Business: all six domains for €899/mo

Technology Stack

TypeScript-first. Rust where it counts.

Local LLM via Ollama. Your data stays in your infrastructure. Purpose-built stack with no unnecessary abstractions.

TypeScript Rust (→ WASM) Node.js 22 Fastify 5 PostgreSQL 17 TimescaleDB Qdrant Ollama Opengrep Trivy Grype Nuclei OWASP ZAP promptfoo garak Tetragon (eBPF) Prowler CycloneDX Solid.js PM2 + Docker + Helm