# Your SOC doesn't need another console. Your fleet needs an identity it can prove.

Detection tools stack up — each one another dashboard an analyst babysits, and none of them stops abuse that passes auth or a source that rotates across three clouds. Whisper isn't another console. It's one primitive — the address is the identity — expressed as three planes that plug into the VSOC you already run.

whisper verify --trustless — anchored at the IANA DNS root. Our own API is not in the trust path.

## Everything below derives from one line: the address is the identity.

A routable IPv6 /128 out of `2a04:2a01::/32` (announced by AS219419), deterministically derived from a key, DNSSEC-anchored, DANE-EE pinned, RDAP/WHOIS-registered — re-derivable and verifiable by anyone with `dig`.

Most security tooling starts from an observation — a packet, a log line, a source IP — and tries to infer who is behind it. Whisper starts from the other end: it gives the thing an identity that is its address, cryptographically bound to a key you already hold, and publicly verifiable without trusting the issuer. Point it at a vehicle, an ECU, or an AI agent, and the question "who is this?" stops being an inference and becomes a fact anyone can check. Three products fall out of that one primitive — not three integrations you wire together, three faces of the same address.

## One address, three jobs: who is this, who's really behind that, and what may talk to what.

Identity answers who is this, provably. The attribution graph answers who's really behind a source that rotates. Agent governance answers what may talk to what. Each plane is useful alone; together they close both gaps every fleet-API attack leans on.

## A device identity your backend authorizes on — not a bearer token anyone can present.

This is the plane that closes the gap Curry's fleet-API attacks live in: abuse that passes auth. Bind authority to the car, not to a secret that whoever holds it can replay.

Point the primitive at devices. Derive each vehicle's — or each ECU's — /128 from the hardware key it already holds: the secure element, the TPM, the IEEE 802.1AR IDevID, with the VIN or ECU serial as the domain separator. The private key never leaves the secure element; the address is a one-way function of its public half and the VIN. The backend then authorizes on the car's pinned identity, not a stealable token — and a stolen session with no leaf key behind it authenticates to nothing.

"A leaked API key or a valid dealer-portal session looks legitimate — how do you catch abuse that passes auth?"

You bind authority to the car, not the bearer. State-changing fleet commands terminate mutually-authenticated to the target car's /128 — the car co-signs — so a dealer or owner session can't reach a VIN it can't cryptographically address. A request that passes auth but can't prove the identity never had authority in the first place.

Attaches to what you already ship — 802.1AR IDevID/LDevID, SCMS for V2X, ISO 15118 Plug & Charge, TPM/HSM/eSIM — as the publicly verifiable, DNSSEC/DANE-anchored layer on top. No bespoke CA trust store to push to every vehicle; revocation at DNS-TTL speed instead of CRL/OCSP soft-fail. [Standards mapping →](/oem-security)

## Attribution that survives IP rotation — because it fingerprints the operator, not the exit.

This is the plane that closes the other gap: the attacker who rotates across Amazon, Google and Azure or a residential-proxy swarm until your VSOC only ever logs a meaningless last IP.

A live internet-infrastructure graph — 7.44B nodes and 39.3B relationships of fused BGP, DNS, WHOIS, TLS, hosting and threat intelligence, answering in under 300 ms — pulls two levers, kept honestly separate. For cloud rotation it clusters shared ASN, hosting and certificate lineage into one infrastructure genealogy. For a residential-proxy swarm — where a subscriber IP gives an infra graph nothing to grab — a `JA4/JA3` client fingerprint travels with the tooling regardless of the exit and collapses the swarm to one operator. The egress IP is the one thing this plane never relies on.

"When they rotate residential proxies and fresh cloud IPs, can you actually attribute them — or just rate-limit an IP and move on?"

Track them. Infrastructure genealogy collapses the cloud rotation; a JA4 client fingerprint collapses the residential swarm. Every answer returns a reproducible, replayable JSON evidence chain your VSOC, your auditors and a regulator can hand around.

### `identify(ip)`

Who really operates a host — even behind a CDN, across any cloud.

### `origins(prefix)` + `walk(node,depth)`

Cluster rotating IPs into one infrastructure genealogy.

### `history` / `watch`

A timeline of an operator and a standing sentinel — plus `variants(domain)` to catch typosquat OEM domains before they activate.

### read-only Cypher

Express "one source touching N distinct vehicle-identities in a window" as a query your agent runs — not a ticket your analyst files.

Additive to the VSOC and SIEM — the same fingerprints power external attack-surface mapping and dependency blast-radius (if a cloud region goes dark, which customers lose access). [Trace the full back-trace →](/fleet-api-abuse)

## The same primitive governs the AI agents your SDV is about to run.

Security leaders tell us that knowing where their AI agents go, who talks to what, and which external agents talk to theirs is "extremely hard." Today the answer is to close every door, open three, contract with the giants, and trust them. Whisper does it with identity instead of trust.

### Which agent did this is the source address

Every agent egresses from its own routable /128 — attribution, not a guess.

### Every query and connection is logged per-agent

Queryable live via `op:logs` — a per-agent record, not a shared firehose.

### Policy on every query

A graph-first resolver and bound egress enforce category, geography, ownership and routing — default deny, allow or block by name or subdomain. The three doors, except the doors are policy-defined and revocable, not hard-wired trust in a giant.

### Inbound agents are verifiable

FCrDNS, RDAP, `whisper verify` — "trust the bearer token / the description field" becomes a checkable fact. Per-agent budgets, a kill-switch, one `revoke`.

The SDV, connected-vehicle-API, MCP and LLM surface the incumbents are only now reaching for — governed by the same address-is-identity primitive, from day one.

## The three planes drop into the systems your fleet already runs — at the IP and cloud boundary, never inside the bus.

Whisper anchors the cloud, not the plug. Each row below is a proposed integration onto a system you already operate — the device-identity /128 is the one capability that is shipped and live today. Every one is additive: it complements whatever authenticates the message, and it never reaches into the closed, pseudonymous-by-design layers — SecOC, the V2X/SCMS air interface, the ISO 15118 charging handshake.

Read together, these are the doors the EU Data Act (in force since 12 Sep 2025) forces open to user-chosen third parties — exactly as UN R155's CSMS demands continuous monitoring and detection. The Data Act makes you open the doors; Whisper is the doorway that knows who walked through and can shut it on one — per-`/128` egress logs and the attribution graph become ready-made CSMS monitoring and forensic evidence, mappable to Auto-ISAC ATM techniques. [Standards mapping →](/oem-security)

## Five things you can't stand up overnight — and a competitor can't clone from a slide.

A platform is only as durable as what sits underneath it. Whisper's three planes rest on five load-bearing pillars, each a real, checkable fact rather than a claim on a roadmap.

### Real routable space, not a namespace we invented

AS219419 and `2a04:2a01::/32` are announced to the global routing table. You cannot allocate verifiable identities from address space you don't hold and can't announce — which is why this can't be reproduced with a database and a domain.

### A graph you accrete, not one you query once

7.44B nodes and 39.3B relationships of BGP, DNS, WHOIS, TLS, hosting and threat intel, built over years. Attribution across rotation is only as good as the history behind it, and history is the one thing you can't buy this afternoon.

### A per-identity CA, so blast radius is one

One deterministically-derived leaf per car, ECU or agent — DANE-EE pinned, never a shared intermediate. The single-CA-breach failure mode that has burned this industry before is removed by construction, not by policy.

### Registry-anchored and root-anchored

Every /128 is a real RDAP/WHOIS object, and the whole chain validates through DNSSEC to the IANA root. `whisper verify --trustless` checks an identity without trusting Whisper — public accountability and a trust anchor you already run.

"Auto-security vendors fail — one raised tens of millions and folded. Will you still be here in five years, and is this real or a checkbox?"

It's infrastructure, and it's built by people who ran the internet's plumbing. Real routable address space at AS219419, run by a team that operated one of the internet's regional address registries and one of its root DNS servers. The moat is real space, an accreted graph and open standards — not a slide. You can verify every claim on this page yourself, today, without an account.

## Exercise all three planes yourself — our API isn't in the trust path.

Two tiers, by design. No key: verify a car's identity — the identity plane, trustless, anchored at the IANA root. Your key: back-trace a suspicious host across any cloud, register a vehicle, govern its agents, revoke it worldwide.

```
`# plane 1 — re-derive and verify any car's identity, trustless $ whisper verify --trustless 2a04:2a01:1c0::c0de ✓ DNSSEC chain valid to the IANA root ✓ DANE-EE (TLSA) leaf matches the identity's key ✓ RDAP: registered under AS219419 · 2a04:2a01::/32 identity: VERIFIED — and our own API was never trusted # the address is the car — reverse DNS names it $ dig -x 2a04:2a01:1c0::c0de +short vin-wvwzzz1kz.fleet.example-oem.whisper.online. # plane 2 — with your key, attribute who really operates a host via the public graph API $ curl -s https://graph.whisper.security/api/query -H "X-API-Key: whisper_live_xxx" -H 'content-type: application/json' -d '{"query":"CALL whisper.identify(\"34.90.x.x\")"}' operator: <fingerprinted> · seen across AWS / GCP / Azure residential swarm collapsed by JA4: same tooling, 41 exit IPs → 1 operator`
```

```
`# plane 1 — give a car a name it can prove $ export WHISPER_API_KEY=whisper_live_xxx $ whisper register --vin WVW… --from-idevid → identity 2a04:2a01:1c0::c0de DNSSEC + DANE live # plane 3 — govern what its agents may reach, and read the per-agent log $ whisper policy set --default deny --allow api.oem.com,ota.oem.com $ whisper logs --identity 2a04:2a01:1c0::c0de --tail $ whisper revoke 2a04:2a01:1c0::c0de # worldwide, at DNS-TTL`
```

## Three planes, and all three exit into the stack you already run — not a new silo.

### Feeds your SIEM, not another console

A machine-readable feed into your SIEM: the Splunk, Microsoft Sentinel and OpenCTI connectors ship today. Findings map to CEF and ECS fields and arrive as a signed, replayable JSON evidence chain you can hand a regulator — STIX 2.1 over TAXII export on the roadmap.

### Speaks your compliance language

Maps to UN R155 / R156 and ISO/SAE 21434 evidence, and to the Auto-ISAC Automotive Threat Matrix — findings tagged to ATM tactics and techniques, with its machine-readable JSON export on the roadmap. Usable in TARA and type approval, not just a dashboard.

### In your auth path — and safe there

If your backend authorizes against the DANE/verify path, that plane is built to fail open: a Whisper outage never bricks a car — checks degrade to your existing anchors. Anycast on AS219419, no single node in the path.

### Flat, predictable pricing

Per-VIN/year and flat — not per-transaction, not usage-metered. Against 40-billion-API-call-a-month economics that's a line item you can forecast. [See pricing →](/pricing)

### On-prem or your own tenant

Data residency and GDPR by construction — the graph and the per-agent logs stay where your regulator needs them.

### Where it fits vs. what you run

Depth on top of your behavioral VSOC and threat-intel — it makes them sharper, it doesn't replace them. [See the comparison →](/compare)

## One primitive. Three planes. Give every car an identity it can prove.

Identity, an attribution graph that survives IP rotation, and per-agent governance — additive to your VSOC, mapped to your standards, priced so you can say yes. Keyless to try, one call to provision, one more to revoke.

Or run `whisper verify --trustless` right now.
