Pricing & Tiers
SPNT is packaged across four tiers. Each tier unlocks additional modules, intelligence layers, and deployment options. All tiers share the same substrate architecture — the difference is which capabilities are active.
Free
Limited-scope detection for evaluation and personal use.
- Web application and infrastructure detection with limited scope
- Substrate-first architecture
- No OSINT enrichment, telemetry, or reasoning outputs
- No SLA or support
Best for: Evaluating the detection engine on a small scope before committing to a pilot.
Commercial
Full detection, hardening, and governance — without offense verification or telemetry.
- Full detection (web, API, infrastructure, cloud)
- Hardening with continuous drift detection
- Governance across 35 frameworks and 3,144 obligations
- OSINT Intelligence Layer
- All five structured reasoning outputs
- Standard support
Best for: Security teams that need detection, hardening, and compliance in one substrate — without exploit verification or cloud telemetry.
Enterprise
Full platform including offense verification, operational telemetry, and the autonomous research engine.
- Everything in Commercial
- Offense Verification (NAPAD) — bounded exploit verification
- Operational Telemetry Layer — cloud-audit and identity-platform validation
- Autonomous research engine
- Preferred-provider LLM override
- Priority support
Best for: Security teams that need exploitability-aware prioritisation and control-validation telemetry.
Sovereign
Enterprise tier plus EU-hosted inference, self-hosted LLM option, and contractual data-residency guarantees.
- Everything in Enterprise
- EU-hosted inference enforcement — no data crosses the EEA for reasoning operations
- Self-hosted LLM option — all inference on customer infrastructure
- EU data-residency SLA — contractual guarantee naming specific regions
- Air-gapped deployment option
- Government-procurement documentation package
- Data Processing Agreement with full sub-processor list
Best for: Financial services under DORA, government agencies, critical infrastructure operators, and any organisation with regulatory or contractual EU-only data-processing requirements.
Capability matrix
| Capability | Free | Commercial | Enterprise | Sovereign |
|---|---|---|---|---|
| Detection (ODBRANA) | Limited | Full | Full | Full |
| Hardening (POSTAVA) | — | Full | Full | Full |
| Governance (REGULATIVA) | — | Full | Full | Full |
| Offense Verification (NAPAD) | — | — | Full | Full |
| OSINT Intelligence Layer | — | Full | Full | Full |
| Operational Telemetry Layer | — | — | Full | Full |
| Structured reasoning outputs | — | Full | Full | Full |
| Autonomous Research Engine | — | — | Full | Full |
| Preferred-provider LLM override | — | — | Full | Full |
| EU-hosted inference enforcement | — | — | — | Full |
| Self-hosted LLM option | — | — | — | Full |
| EU data-residency SLA | — | — | — | Full |
| 35 compliance frameworks | — | Full | Full | Full |
| Air-gapped deployment | — | — | — | Full |
How pricing works
SPNT pricing is based on:
- Asset scope — number and type of assets in scope (domains, IP ranges, cloud accounts, repositories, services).
- Capability tier — which tier the organisation operates on.
- Usage profile — for capabilities with usage-based components (reasoning, OSINT, telemetry).
- Contract term — annual is standard; multi-year terms are available.
Pricing is provided in a proposal after the technical review. Contracts start from annual; tier upgrades preserve existing substrate data, findings, evidence packets, and configuration — there is no re-onboarding.
Get a proposal for your environment
Pricing is organisation-specific. A 90-minute technical review produces a scoped proposal with 30/60/90-day pilot success criteria.