company · about · the premise

Why oknek exists.

Every small business is now running AI agents — on a VPS, in a CI runner, on a developer's laptop, inside a customer-support pipeline. None of them have runtime defense for what those agents do. Code scanners catch issues at dev-time. Network monitors watch the wire. Cloud-posture tools audit config. No one was watching the agent's runtime — the layer between the model's decision and the kernel. That's the lane we built oknek in.

the premise

The runtime layer was empty until we built it.

In November 2025, Anthropic publicly disclosed the first AI-orchestrated cyber-espionage campaign — a state-sponsored group used Claude Code to autonomously execute 80–90% of operations against ~30 global targets. By April 2026, Adversa Research had documented a deny-rule bypass in Claude Code (CC-643) that lets any sufficiently long bash command escape policy enforcement. By March 2026, Sysdig had published a piece on AI coding agents running on developer machines without runtime visibility — and explicitly admitted their Falco rules don't cover prompt injection inside inference, behavioral profiling, MCP URL drift, settings.json semantic analysis, or subcommand-chain detection.

Those are the exact things oknek catches. Rules R1 through R7. Each one maps to a real, named CVE or research disclosure from 2025–2026. We publish the catalog on /threats/. CISOs can audit our coverage before they buy — something a black-box detection corpus, by definition, cannot offer.

The category is real. The threats are real. The buyer — the indie SaaS founder running Claude Code on a VPS, the AI agency selling client work, the small dev shop with five engineers all running Cursor, the e-commerce shop with an AI-driven customer support pipeline — is real. We built oknek for them, not for the Fortune 500 IT department.

how we build · what we hold

Five principles.

  1. 01

    Open auditable rules.

    Every detection rule is versioned YAML, available to licensed customers under NDA, with citations to the CVE or disclosure it covers. The incumbent EDR detection corpus is a black box; ours is something a CISO can read on a Sunday morning.

  2. 02

    Speed of rule shipping is the moat.

    When a new AI-agent CVE drops, our rule is in main within 24 hours. Contractual SLA at Pro tier and above. Operational excellence as a strategy.

  3. 03

    Built for AI agents from commit 1.

    Our threat model is AI-agent-native. Not retrofitted EDR. We don't sell a 2013 endpoint stack with AI marketing on top; we built the runtime sensor for the era we're in.

  4. 04

    Premium and proprietary.

    oknek is proprietary and commercial. Licensed customers can audit every detection rule under NDA — auditable, not a black box. You pay for the engine and the operation: the daemon, the cloud control plane, the hourly threat-intel feed, forensic replay, compliance overlays, support, SLAs.

  5. 05

    Dogfood publicly.

    We use Claude Code every day to build oknek. We use oknek to watch Claude Code. The recursion is the proof point. The day we stop trusting our own dev environment is the day the product we built becomes most necessary.

who we are

Small. Technical. Building in public.

oknek is in active development, built by a small team shipping runtime defense for AI agents — the same install footprint (AI agents running on personal and small-business VPSes) our wedge market shares. talk to us →.

Want to know more?

Read what we catch. See our pricing. Or request access — we'll scope a pilot for your fleet.

request access → see what we catch → contact →