# Pricing — Whisper for Automotive · flat, predictable, per-VIN

> Security you pay *more* for the moment you're attacked is priced backwards.
> Whisper is flat, per-VIN, per year — not per transaction, per query, or per seat.
> Keyless verify is free forever, attribution is never metered. A line item you can forecast.

Usage-metered tooling bills per API transaction, per query, per analyst seat — so the
invoice climbs as your fleet grows and spikes exactly during the incident, when you can
least afford to ration a hunt. Against 40-billion-API-call-a-month economics, a meter is a
number you cannot forecast. **We price the other way.**

`whisper verify --trustless` costs nothing and needs no account — our own API is not in the trust path.

- **$0** — Keyless verify, resolve and back-trace, free forever, no account
- **1×** — One flat per-VIN/year figure — not per-transaction, per-query or per-seat
- **40B** — API calls a month is the economics a meter refuses to make predictable
- **0** — usage meters on attribution; never ration a hunt mid-incident
- **1** — revoke replaces a fleet-wide password reset
- **~£50M** — the production-halt exposure one incident can cost — pricing you forecast against

---

## The pricing principle

**A meter that climbs with your fleet — and spikes when you're attacked — isn't a price.
It's a risk.** Two curves. One rises with every VIN you add, every API call, every query
your analysts run chasing a rotating adversary — and peaks precisely during the incident.
The other is a flat line you set once and forecast for years.

```
annual cost
  ▲
  │                                             ╱ usage-metered
  │                                        ╱╱      (per transaction · query · seat)
  │                                  ╱╱          ◀── under attack: billed most when it hurts most
  │                          ╱╱╱
  │                ╱╱╱╱
  │        ╱╱╱╱
  ├──────────────────────────────────────────── Whisper · flat per-VIN / year
  │        (set once · forecast for years · attribution never metered)
  └──────────────────────────────────────────────▶ fleet growth · API volume · incident load
       the gap between the lines is the overage a flat price never charges
```

- **Per-VIN, not per-transaction** — priced to the thing you govern, the vehicle, so a busy fleet or a noisy incident never moves the invoice.
- **Attribution is never metered** — run `identify`, `walk`, `history` and Cypher as hard as an incident demands; no per-query tax means analysts never ration a hunt.
- **Additive, not another bill** — it sits on top of the VSOC, SIEM and threat-intel you already own as a feed; no per-seat licence, no data-egress fee, no new console to staff.

---

## Three tiers · one primitive

Start keyless and free. Prove it on a slice. Roll it across the fleet — flat the whole
way. POC → pilot → enterprise, exactly the path a security program buys on. Every tier
speaks the same *address-is-identity* primitive; you only widen how much of the fleet it
covers, never re-platform.

### Verify — free, forever · **$0**

No account. No card. No key. The keyless half of the platform — trustless, anchored at the
IANA root, our API never in the path:

- `whisper verify --trustless` any car identity
- Resolve and reverse-resolve a /128, read its RDAP
- Back-trace a suspicious /128 to the car behind it — reverse-DNS + RDAP, no key

### Pilot — flat engagement · fixed scope

A bounded fleet slice, time-boxed, one flat price. Everything in Verify, keyed to a defined
VIN count so a program owner can prove value before the board:

- Provision device identities from IDevID for the slice
- Full attribution graph — unmetered during the pilot
- Machine-readable feed into your SIEM: Splunk & Microsoft Sentinel today (STIX 2.1 / TAXII on the roadmap)
- R155 / ISO 21434 evidence export · Auto-ISAC ATM tagging

### Fleet — flat per-VIN / year · fleet quote

One rate, quoted to your fleet size. It doesn't move. The whole program, all three planes,
across every VIN — the way a CISO buys defence-in-depth:

- Identity, attribution graph and agent governance, fleet-wide
- Unlimited attribution — no per-query meter, ever
- On-prem or your own tenant — GDPR / data-residency by construction
- Enterprise support and SLA, supplier interface agreements

**Why a quote, not a sticker.** A fleet price is one number, but the right number depends on
fleet size, on-prem vs tenant, and the standards evidence you need — so we quote it flat and
in writing, and it holds for the term. No usage true-ups, no surprise line at renewal.
Get a fleet quote → <https://console.whisper.security/sign-up>

---

## What each tier includes

The keyless verification a customer, a regulator or a researcher needs to check a car's
identity is free at every tier — on principle. The keyed tiers widen coverage and feed your
stack; they never gate the ability to *verify*.

| Capability | Verify | Pilot | Fleet |
|---|---|---|---|
| Trustless verify / resolve / RDAP (`whisper verify --trustless`) | ✓ | ✓ | ✓ |
| Trace a /128 to the car behind it (reverse-DNS + RDAP) | ✓ | ✓ | ✓ |
| Full attribution graph (`identify`, `origins`, `walk`, `history`, Cypher) | — | fleet slice | unlimited |
| Device-identity provisioning (register /128, DANE-EE, `revoke`) | — | fleet slice | fleet-wide |
| Agent governance (per-agent /128, policy, `op:logs`) | — | fleet slice | fleet-wide |
| SIEM feed: Splunk & Microsoft Sentinel connectors today · CEF/ECS | — | ✓ | ✓ |
| R155 / ISO 21434 evidence · Auto-ISAC ATM tagging (JSON export on roadmap) | — | ✓ | ✓ |
| On-prem / own tenant (data residency, GDPR) | — | — | ✓ |
| Enterprise support & SLA · supplier interface agreements | — | pilot support | ✓ |
| Metered by usage (per transaction / query / seat) | never | never | never |

---

## Where the flat number pays for itself

The ROI isn't a promise — it's four costs the flat line takes off your books. A predictable
figure is only half the case; the other half is what it removes: analyst hours, incident
blast radius, audit effort, and re-platform risk.

- **Analyst hours you stop burning.** Correlating a rotating, meaningless *last IP* across Amazon, Google and Azure is manual and never converges. The graph collapses the rotation to one operator with a replayable evidence chain — and the meter never punishes analysts for looking harder.
- **Warranty, recall and breach exposure.** Catching fleet-scale enumeration before mass compromise is the difference between a revoke and a recall. One incident can mean a production halt near **£50M a week**, 800k customers notified, or fleet geolocation resold — a flat line item hedges a variable-cost catastrophe.
- **One revoke, not a fleet-wide reset.** A compromised car is `revoke`d worldwide at DNS-TTL speed — no fleet-wide password reset, no CRL you hope every vehicle fetched. The blast radius is one leaf key, never a shared root; the DigiNotar failure mode is structurally removed.
- **Audit effort you don't repeat.** Findings arrive mapped to R155 / ISO 21434 evidence and tagged to the Auto-ISAC ATM, exportable as machine-readable JSON straight into TARA and type-approval packs. The compliance artefact is a byproduct of the tool.
- **Re-platform risk you avoid.** Auto-security startups fail — one raised roughly **$60M** and folded. Whisper is real routable address space (AS219419), run by people who ran the internet's regional address registry and operated one of its root DNS servers. Longevity is the cheapest line in any TCO.
- **No shadow costs at renewal.** No per-transaction true-up, no per-seat creep as your SOC grows, no data-egress fee. What you forecast in year one is what you sign in year three.

---

## A pricing model can be an attack surface. Ours isn't.

If security is metered, an adversary can run up your bill, and a defender rations their own
hunt. We priced those failure modes out.

> **"If attribution is metered, do my analysts have to ration lookups in the middle of an incident?"**
> Never. The graph is unmetered on the keyed tiers — `identify`, `walk`, `history` and Cypher
> run as hard as the hunt demands. There is no per-query line for an attacker to inflate and
> none for a defender to fear.

> **"Does my bill spike when I'm under attack, or just when my fleet grows?"**
> Neither. The price is per-VIN, set once, for the term. A traffic flood, an enumeration
> campaign, or adding a model line moves your risk — it doesn't move the invoice.

> **"Is the free tier a real capability or a trap that expires into a sales call?"**
> Real, and permanent. Keyless `verify` is anchored at the IANA root — *our own API is not
> in the trust path*, so we couldn't gate it if we wanted to. Verifying a car's identity is a
> public check; charging for the truth would defeat the point.

---

## The questions procurement always asks

- **What exactly is metered?** Nothing by usage. A flat rate per VIN, per year — no per-transaction charge, no per-query graph fee, no per-seat licence, no data-egress bill. The only variable is how many VINs the program covers.
- **Can I try it without procurement?** Yes — the Verify tier is free and needs no account. When you're ready to provision, a Pilot is a fixed, time-boxed engagement on a fleet slice.
- **What happens when my fleet grows?** The per-VIN rate holds; the total scales linearly and predictably with VIN count, quoted in writing for the term. No usage true-up, no renewal surprise.
- **Is this on top of my SIEM cost?** It's a feed *into* the SIEM and threat-intel you already run — the Splunk and Microsoft Sentinel connectors ship today — not a replacement and not a second console to staff.
- **On-prem or hosted?** Either. The Fleet tier runs on-prem or in your own tenant, so the graph and per-agent logs stay where your regulator needs them — at no metered premium.
- **What if I stop?** Identities are DNSSEC/DANE objects you can verify independently, and evidence exports are open formats (CEF, ECS; STIX and Auto-ISAC ATM JSON on the roadmap). No proprietary lock on your own attestations or compliance record.

---

## How it sits next to what you already buy

**Flat depth on top of the stack you already run — it doesn't replace a line, it de-risks the
whole one.** You already pay for a behavioural VSOC, a SIEM, and a threat-intel subscription,
and you should keep them — Whisper is additive to all three. Where a rigid six-figure module
bundle makes you buy packages you don't need and a per-transaction cloud makes the bill
unforecastable, a flat per-VIN line adds the two layers no one else owns — attribution across
rotating clouds and forge-proof identity after auth — without a meter and without a new silo.

| Pricing model | Forecastable? | Meter spikes under attack? |
|---|---|---|
| Per-API-transaction / usage-metered cloud | hard | yes |
| Rigid multi-module bundle (six-figure floor) | partly | n/a — over-scoped |
| Whisper — flat per-VIN / year | yes | no |

It makes the Recorded Future, Mandiant and Sentinel investments you already carry sharper, as
a machine-readable feed — not a thing they compete with. [See the full comparison →](/compare)

---

## One flat number. Every car, covered.

Keyless verify is free forever — start there, no account. When you're ready, a fleet quote is
one flat per-VIN/year figure you can forecast and defend. No meter, no surprise at renewal.

Get a fleet quote → <https://console.whisper.security/sign-up> · [For OEM security →](/oem-security)

Or run `whisper verify --trustless` right now — it costs nothing.

---

*Whisper for Automotive · Identity on the wire for connected vehicles · AS219419 · 2a04:2a01::/32*
*© viaGraph B.V. (dba Whisper Security)*
