AI Security Service

Security that lives on your hardware.

Sky monitors your network, detects breaches, catches phishing, and automates your privacy — all running locally. No cloud. No monthly data uploads. No trust required.

Free tier available · runs offline · your data never leaves the machine.

100% local — nothing uploaded· Kernel-sandboxed· Tamper-evident audit trail· Web · Mobile · Terminal
The problem

Your security service is the security problem

Every major security product requires you to send your most sensitive data to someone else's server. That's not security — that's a transfer of risk.

Ring / SimpliSafe

Your camera feeds on their cloud

Law enforcement has requested footage without warrants. Employees have been caught watching feeds. The camera you bought watches for them, not you.

Incogni / DeleteMe

Give us your PII to protect your PII

To remove you from data brokers, they need your full name, email, home address, and SSN. You're trusting a middleman with everything you're trying to hide.

Cloud password checkers

Type your password into a website

Some breach-check services ask you to type your actual password into a web form. The irony writes itself.

Cloud antivirus

Upload your files to scan them

Cloud scanners upload your documents to their servers for analysis. That tax return you're scanning for malware? Now it's on someone else's infrastructure.

Sky Sentinel

The same protection — without the same trade-off

Sky's Sentinel engine does everything the cloud services do. The difference: your data stays on your hardware. Always.

Watches your network

vs SimpliSafe / Ring

Baselines the devices on your network and alarms the moment something new appears — or vanishes. No monitoring fee, no camera on someone else's cloud.

network_watch

Reclaims your privacy

vs Incogni / DeleteMe

Drafts and tracks data-broker deletion letters for you to send — so you remove yourself without handing your identity to a middleman.

privacy_sweep

Checks breaches privately

vs HIBP web form

Tells you if a password is breached using k-anonymity — only a 5-character hash prefix ever leaves the machine. Your actual password never does.

breach_check

Inspects threats safely

vs cloud scanners

Catches phishing links before you click, and inspects suspicious files statically — reading them without ever running them or uploading them.

link_check · quarantine
Built different

Not a dashboard you rent. A service you own.

Alive, with memory

Sky has a continuous identity and a memory that grows from your sessions — she carries what matters forward between conversations.

🛡

Always on watch

Sentinel runs on a schedule even when you're away — network, breaches, phishing, data brokers — and surfaces only what needs you.

Real agency, sandboxed

She acts through tools inside a kernel-enforced sandbox. Writes and network access are walled off unless you explicitly allow them.

🧠

Learns without the cloud

A tiered local brain that reflects and compounds lessons. No fine-tuning farm, no data sent off your machine, no API key expiring.

🔒

Tamper-evident audit

Every action is written to a hash-chained log. Edit or delete one line and she detects the break. You can verify her integrity at any time.

No keys, no metering

No OpenAI key, no per-query billing. Sky runs on a local model you already have. Offline-capable by design.

Everywhere you are

One Sky, three surfaces

The same living agent — persona, memory, and Sentinel — reachable however you work.

🌐

Web app

Full dashboard in the browser — chat, approvals, Sentinel. Installs as a PWA on any device.

📱

Mobile

Android app that reaches her over your private network. Built free via CI — no paid developer service.

▸_

Terminal

Her native home: sky in your shell, with live tool steps and permission prompts.

How it works

A tiered brain, entirely on your side of the wall

TIER 0

Local reflex

A local model answers instantly and privately — nothing leaves the machine.

TIER 1

Sandboxed hands

Tools run inside a kernel-enforced box; writes and network are blocked unless you allow them.

TIER 2

Deep brain

For the hard stuff she can escalate to a frontier model — only when you choose to.

ALWAYS

Sentinel

In the background she monitors, records a tamper-evident trail, and learns from each cycle.

Pricing

Security shouldn't cost your privacy — or your wallet

Start free. Upgrade when you want the convenience, not because we locked the features.

Monthly Annual Save 31%
Core
$0
Coming soon — open source
  • Self-hosted, open source
  • Terminal interface
  • Core Sentinel: network watch, breach check, link check
  • Tamper-evident audit log
  • Kernel sandbox
  • Web + mobile apps
  • Continuous monitoring
  • Privacy sweep automation
Request early access
Pro
$12/mo
Billed monthly
  • Everything in Core
  • One-click installer — no setup
  • Web app + mobile app
  • Full Sentinel suite + continuous monitoring
  • Privacy sweep automation (10 brokers)
  • Email + push alerts
  • Automatic updates
  • Priority email support
Get Pro
Team
$29/seat/mo
Billed monthly per seat
  • Everything in Pro
  • Multi-device fleet dashboard
  • Shared threat intelligence
  • Custom Sentinel rules
  • Admin controls + user management
  • Dedicated support channel
  • Onboarding assistance
  • SLA guarantee
Get Team
FAQ

Questions you should ask a security product

Does my data ever leave my machine?+
No. Sky runs entirely on your hardware. The only outbound request Sentinel makes is a 5-character hash prefix to check breaches (k-anonymity) — your password never leaves. Privacy sweep drafts letters for you to send; Sky doesn't send them on your behalf. Everything else is local.
What hardware do I need?+
Any Mac, Linux machine, or Raspberry Pi with Python 3 and at least 4 GB of RAM. Sky's local model (Qwen 2.5 Coder 3B) runs on modest hardware. The Pro installer bundles everything — including Ollama and the model weights — so you don't configure anything.
How is this different from antivirus software?+
Antivirus scans files for known signatures. Sky is a living agent: she monitors your network for new devices, checks your passwords against breach databases privately, catches phishing links structurally, drafts data-broker deletion letters, and inspects suspicious files — all while maintaining a tamper-evident audit trail. She's closer to a security team than a scanner.
What does "kernel-sandboxed" mean?+
On macOS, Sky's tool execution runs inside a Seatbelt sandbox — the same kernel-level confinement Apple uses for its own apps. Even if a command tried to write outside her workspace or access the network without permission, the operating system kernel blocks it. This is defense-in-depth: her own code checks permissions first, and the kernel enforces it second.
Can I verify she hasn't been tampered with?+
Yes. Every action Sky takes is recorded in a hash-chained audit log — each entry includes a SHA-256 hash of the previous entry. If anyone (including Sky herself) edits or deletes a log line, the chain breaks and she reports it. You can verify the chain at any time from the terminal, web app, or API.
What's the difference between Core and Pro?+
Core is the open-source version — fully functional, self-hosted, terminal-only. You set up Python, Ollama, and the model yourself. Pro adds the one-click installer (zero setup), the web and mobile apps, continuous background monitoring, privacy sweep automation, email/push alerts, automatic updates, and priority support. The security engine is the same in both.
Do I need an internet connection?+
Sky works offline for most functions — her brain, tools, and audit system are all local. Breach checking needs a brief outbound request (the 5-char hash prefix). Privacy sweep generates letters offline but you send them yourself. Network watch scans your LAN, which works without internet. She's designed for air-gapped environments.

Honest by design

  • network_watch detects devices joining/leaving your network — it's presence monitoring, not an intrusion-detection system.
  • breach_check covers passwords via k-anonymity; it deliberately refuses to send your email address in the clear.
  • quarantine inspects files statically and never runs them — it favors safety over catching runtime-only tricks.
  • Where a capability would need money or a key, Sky refuses the leaky path instead of pretending. That refusal is the product.

Your security shouldn't require your trust

Start with the free Core or get Pro for the full experience — either way, your data stays yours.

See plans → How Sentinel works