PalantiriSecurity.com is an AI-driven security platform modeled on the seven palantíri — seven specialist agents that watch your network, endpoints, and data in concert. SOC telemetry, dark-web intelligence, ML threat hunting, immutable forensics, governance. Orchestrated. Always open. Never blinking.
Each agent is named for one of the seven palantíri of Middle-earth. Each sees a different part of your environment — together they form an orchestrated sight that no single pane of glass can match.
Osgiliath is where the other six stones report. Triage the day, correlate a breach, run a playbook, pull a compliance packet. All of it, without swivel-chair tooling.
Legacy stacks bolt SIEM, EDR, SOAR, NDR, DLP, GRC, and threat intel together with duct tape. PalantiriSecurity.com is built as one — seven specialist agents, one shared memory, one console.
Stones don't just raise alerts — they act. Contain a host, rotate a credential, quarantine a process, document every step.
What Amon Sûl sees on the wire, Orthanc correlates in process space, Ithil validates against leaked intel. No stitching.
Every observation is hash-chained in Elostirion the moment it's made. Ransomware can't rewrite your forensics.
Ithil watches paste sites, underground forums, and leak marketplaces. Your credentials show up — we know first.
Annúminas maps evidence to SOC 2, ISO 27001, NIST CSF, HIPAA continuously. Audit prep becomes "download packet."
Agent per endpoint, collector per subnet, API per cloud. Talks to what you already run — SIEM, EDR, IAM. No rip-and-replace.
Enter a URL and our stones will check your SSL, security headers, exposed directories, email authentication, and known vulnerabilities — in seconds.
Three stones (Amon Sûl, Annúminas, Ithil) are open-source and MIT licensed — no account, no limits, no throttling. Paid tiers add continuous monitoring, LLM-driven correlation, endpoint response, and compliance evidence packs on top of that foundation.
Amon Sûl + Annúminas + Ithil. Unlimited external scans. Severity-ranked findings with copy-paste remediation. Runs from your laptop — stdlib Python, zero pip deps. MIT licensed on GitHub.
No credit card. No account. Ever.
Everything in Free, plus: scheduled daily/weekly scans, scan diffing (alerts on new findings only), email + Slack webhook alerts, REST API access, 90-day scan history, CSV/JSON export, one-click remediation templates pre-filled with your domain.
Save 25% with annual billing → $441/yr
Everything in Watch, plus: Orthanc (Claude-powered correlation across findings), Anor (SOC rollup), authenticated scanning for logged-in areas, CVE correlation on banner versions, AI risk scoring, endpoint stack (ClamAV · YARA · osquery · Suricata · CrowdSec), SOC2 / PCI / HIPAA PDF evidence packs.
Save 25% with annual billing → $1,791/yr
Everything in Guard, plus: Elostirion (hash-chained forensic audit), Osgiliath (SOAR + remediation planner), cloud posture for AWS/GCP/Azure, SIEM / Jira / PagerDuty / EDR integrations, on-prem deployment option, SLA-backed incident response, dedicated Slack channel with a named engineer.
Typically $2–5k/mo depending on scope.
#waitlist below.Private beta opens Summer 2026. Request an invite — we're onboarding a small cohort of security teams who want to stop running seven tools to catch one attacker.