SECURELINX · EARLY ACCESS 3 design-partner slots remaining for Q3 2026 launch · founder-led briefing under NDA Request a briefing →
SECURELINX · AGENTIC SECOPS · EARLY ACCESS Q3 2026

Agentic AI for security
observability.

SecureLinx — agents that read your traffic. Analysts that approve their calls.

SecureLinx watches your firewall policy against the traffic actually flowing through it — across DC, branch, cloud, and OT/IoT. When an unintended change drifts production toward dev, or a stale rule starts matching real flows, agents surface it with evidence. Analysts decide. No sampling, no thirty-second blind spots.

Request a briefing See use cases
FabricLinx-native · ships included Packet-level forensics Analyst-approved actions On-prem · air-gap ready
POLICY DRIFT · ENTERPRISE SCALE σ-2 · watching
4 ZONES · MONITORED CONTINUOUSLY DC Data Center BRANCH Multi-site CLOUD VPC / hybrid OT / IoT Critical TRAFFIC PLANE · FABRICLINX READS FIREWALL POLICY · INTENT RULE 12 DC ↔ Branch allow · ✓ RULE 14 Prod ↔ Dev allow · ✓ EDITED RULE 18 Cloud ↔ DC allow · ✓ RULE 23 OT ↔ DC allow · ✓ ⚠ INTENT ≠ REALITY σ AGENT σ-2 · DETECTED Policy drift · Rule 14 prod ↔ dev now matching 47 flows / hour ANALYST · APPROVAL ✓ Revert ✗ Accept ✓ REVERTED · rule 14 restored · 47 flow samples preserved · signed in audit ledger
4 zones · continuous policy reconciliation · 1 unattended change caught ~ 9 seconds · intent → reality → revert
DESIGN PARTNER PROGRAM · Q3 2026
7 design-partner slots · 4 taken · 3 remaining
briefing under NDA
Typical fit: enterprise SOC, regional telco, government CSIRT. Request a briefing →
WHY SECURELINX

Detection without
the packets isn't
detection. It's a guess.

Most security tools work from metadata — flow records, log summaries, sampled telemetry. When an analyst gets paged at 3 AM, the alert says "suspicious traffic" but the original packets are already gone. The team has to infer what happened.

SecureLinx works the other way. Because it reads through FabricLinx — which captures every packet at wire speed — every detection carries its evidence. An agent surfaces a lateral movement signature, and the analyst can replay the exact packets that triggered it. No inference, no guessing, no rebuilding the scene from logs.

The agents propose actions. The analysts decide. SOC team retains full control — but works from real evidence, not summaries of it.

USE CASES

Two flagship use cases at GA.

More on the roadmap. These are where FabricLinx + agent combination is most differentiated.
USE CASE 01

Lateral movement detection

SecureLinx watches East-West traffic for movement patterns that indicate post-compromise activity: rapid internal hops, unusual session counts, credential reuse across hosts. The agent correlates against your baseline and proposes containment — isolate the source at the access layer, open an IR ticket, preserve evidence.

↳ Detects: pivot, beacon, scan-and-pivot
↳ Median detection-to-containment: under 30s
↳ Containment requires analyst approval
Evidence preserved at detection
4,213 packets captured · 17 sessions traced
full replay through forensic console
chain-of-custody signed in audit ledger
USE CASE 02

Firewall policy drift

SecureLinx reads firewall configuration across PaloAlto, Fortinet, Cisco, and F5 — and compares it against the traffic FabricLinx actually observes. The agent surfaces three classes of drift: rules that no longer match anything, traffic patterns no rule covers, and policy that contradicts your intent (e.g. "production should never speak to dev").

↳ Continuous reconciliation: config ↔ traffic ↔ intent
↳ Generates PR-style change proposals
↳ Change requires security-engineer approval
Example findings, one week
14 stale rules with zero matches
3 traffic flows on undefined paths
2 intent violations (prod ↔ dev)
Firewall vendor coverage at GA
Policy drift detection works across four major vendors at launch. More on the integration roadmap.
PaloAlto Networks
✓ GA Q3 2026
Fortinet FortiGate
✓ GA Q3 2026
Cisco ASA / FTD
✓ GA Q3 2026
F5 BIG-IP
✓ GA Q3 2026
HUMAN IN THE LOOP

Agentic AI,
security-grade
caution.

SOC teams don't trust black-box AI to take security actions. We agree. SecureLinx's agents are designed around an explicit action ladder — each class of response has a defined gate. Some are auto-applied (logging only). Some require analyst review. The destructive ones require explicit approval.

Auto-approval is opt-in, scoped per action class, and always logged. You can turn anything off. You can never turn off the evidence.

L1 · OBSERVE Log anomaly · enrich with packet context · index for search auto
L2 · ANALYZE Correlate sessions · build forensic chain · propose classification auto
L3 · ALERT Page analyst · open ticket · attach evidence bundle review
L4 · ISOLATE Block host at access switch · update SIEM watch list approval
L5 · CONTAIN Push firewall rule · revoke credentials · trigger SOAR playbook approval
DEPLOYMENT

FabricLinx-native. Air-gap ready.

SecureLinx ships as an appliance with FabricLinx in the box. Deployed inline-free via optical tap or SPAN.
DEPLOYMENT

Out-of-band

SPAN port or optical tap. No inline insertion. No risk to production traffic. Zero blast radius if SecureLinx goes offline.

DATA

Stays on-prem

Packet evidence, agent reasoning, audit ledger — all stored on the appliance. Nothing leaves your environment. Air-gap deployments fully supported.

AI STACK

Our stack first

SecureLinx runs our own CPU-deployable reasoning stack — no GPU required. Optional integration with frontier LLMs (Bedrock, Vertex, Azure, vLLM, Ollama) for customers who want to augment analyst-facing reasoning.

FabricLinx tier required
SecureLinx ships on FabricLinx Pro for enterprise deployments and FabricLinx Carrier for telco/SP. The appliance arrives integrated — no separate procurement.
Read about FabricLinx →
EARLY ACCESS · Q3 2026

Three design-partner slots remaining.

SecureLinx opens early access in Q3 2026. We're working with seven design partners through GA — four slots already committed, three remain. Design partners get founder-led briefings, on-network benchmarks, and direct input on the GA feature surface.

Typical fit: enterprise SOC, regional telco, or government CSIRT running aggregated network traffic above 10 Gbps with packet-level visibility requirements.

5
6
7
4 of 7 slots taken

What you get

✓ Founder + lead engineer briefing under NDA
✓ Benchmark deployment on your network
✓ GA discount (carries through year 1)
✓ Direct input on detection roadmap
✓ White-glove deployment when GA ships
Request a briefing →
RELATED CAPABILITIES

SecureLinx pairs with AutoLinx for full audit posture.

Detection is one half of the security workflow. Continuous compliance — the audit trail that holds up to regulators — is the other. Together: detection + evidence in one platform.
AUTOLINX FEATURE 04
Compliance Audit

Continuous policy checks against the live network — SOC 2, ISO 27001, PCI-DSS, custom YAML. Drift surfaces in seconds. Evidence packs auto-generate as signed PDF for auditor review.

Proof: MoF Laos · 11 years Read →
PLATFORM
FabricLinx

The intelligent traffic layer that SecureLinx runs on natively. Wire-rate packet capture · sub-100µs flow detection · FPGA-accelerated ingest. The "see everything" layer that makes packet-level forensic evidence possible.

3 tiers · Lite to Carrier Read →
SOC + Audit, in one platform. Most enterprises buy detection from one vendor and compliance audit from another — then spend quarters reconciling their evidence chains. SecureLinx + AutoLinx Compliance share the same audit ledger, the same evidence format, and the same approval flow. Regulators see one trail, not two.
QUESTIONS

What people ask first.

How is this different from a SIEM or NDR product?
SIEMs work from logs. NDR products typically work from flow records or sampled metadata. SecureLinx works from full-fidelity packets because FabricLinx below it doesn't sample. Detection cites packet evidence directly; forensic replay shows the actual session, not a reconstruction. You can still send our events to your SIEM — many customers do.
Does SecureLinx replace our firewall vendor?
No. SecureLinx reads firewall policy and traffic from PaloAlto, Fortinet, Cisco, F5 — it doesn't enforce policy itself. You keep your firewall vendor. We tell you when its policy has drifted from the traffic actually flowing through it.
What happens when the agent makes a wrong call?
Destructive actions (L4 isolate, L5 contain) require analyst approval. The agent proposes; you decide. False positives are tracked and feed back into the baseline. The agent's confidence threshold is tunable per environment. We do not believe in autonomous response for security actions — even when the agent is right most of the time.
Can we run SecureLinx in air-gap?
Yes. Full air-gap deployments are supported with local LLM inference (vLLM or Ollama on the appliance or adjacent server). Government and defense customers run this configuration. License and update mechanisms work via signed offline bundles.
How is SecureLinx priced?
Pricing is by aggregate ingest throughput (FabricLinx tier) plus number of monitored segments. We don't price by event volume or analyst seat. Early access customers receive GA-discounted pricing carried through their first year. Specifics during the briefing.
When is GA?
Q3 2026, after three months of joint validation with design partners. The seven early-access slots are how we get GA right.