AI-NATIVE · LOSSLESS · REAL-TIME
Catch what your SIEM misses.
AhanaAI detects anomalous logs, events, and payloads using compression-theoretic entropy scoring — catching structurally anomalous patterns that statistical ML models routinely miss.
⚠️ Outputs are probabilistic triage signals. Human review required before automated action.
The Numbers
Competitors Don't Want You to See
ROC-AUC · Recall · Latency Benchmarks · www.ahanaanomaly.com/vs
¹ Competitor figures from public documentation (2024–2025). AhanaAI results reproduced via open fixed-seed harness (seed=42). Full report →
Bits Per Byte (BPB) — The Measurement Behind the Score
BPB (Bits Per Byte) is a compression-entropy metric: normal text compresses to a low BPB baseline; anomalous or attack-pattern strings compress poorly (high BPB), creating a universal, training-free anomaly signal.
- DNS exfiltration vs baseline queries (T1048) — BPB delta: +8.2
- SQL injection vs normal HTTP traffic (T1190) — BPB delta: +6.7
- SQL injection (T1190)
- credential dumping (T1003)
- C2 beaconing (T1071)
- DNS exfiltration (T1048)
- ransomware precursors (T1486)
- obfuscated PowerShell (T1059)
- pass-the-hash (T1550)
ACP Entropy Detection
ACP measures how surprising your data is — not by pattern-matching rules, but by compression-theoretic entropy. A log your model has learned looks normal compresses low. An anomalous one compresses high.
Build Your Baseline
Send representative normal traffic to POST /v1/anomaly/baseline/learn. The neural model learns your data's entropy distribution — no labels, no training pipeline needed.
Score Everything
Stream logs, API calls, auth events, sensor readings through POST /v1/anomaly/score. Get bits-per-byte, z-score, anomaly probability, MITRE ATT&CK hint, and CVE correlation.
Route Alerts
High-score events auto-route to Splunk HEC, Elastic, QRadar, syslog, or your custom webhook. Your SOC analyst sees prioritized signals, not noise.
from sdk import AhanaAnomalyClient
client = AhanaAnomalyClient(api_key="acp_pro_your_key")
result = client.anomaly_score("Failed login from 198.51.100.42 | 847 attempts in 60s")
print(result.anomaly_score) # 0.97
print(result.severity) # "critical"
print(result.mitre_hint) # "T1110 · Brute Force"
print(result.bpb) # 10.868Deploy What You Need
AhanaAI is the only anomaly detection platform with runtime-configurable modules. Enable or disable features via environment variables — no code changes, no redeployment required.
Continuous host-level anomaly detection. Streams log lines, auth events, and system metrics through the ACP neural scorer. Auto-routes critical events to your SIEM with MITRE ATT&CK and CVE correlation.
Detect AI-generated content using compression entropy. Low gzip BPB signals structured, predictable text — the fingerprint of language models. Per-sentence scoring.
Score TCP/UDP flows from PCAP files or live capture using entropy analysis. Detect C2 beaconing, DNS tunneling, and data exfiltration by their compression signatures.
Per-user rolling behavioural baseline. Detect off-hours logins, volume spikes, scripted command sequences, and new host access using compression-based entropy.
// Fetching live module status from anomaly.ahanazip.com…
Try It Now
Paste any log line and see the neural entropy score. No account required — demo limit: 10 requests / 10 minutes.
9 Capabilities. 0 Competitors Match Them All.
Verified against 11 enterprise SIEM/anomaly vendors including Darktrace, CrowdStrike, Splunk ES, MS Sentinel, Wazuh, Elastic, Vectra AI, Exabeam, LogRhythm, Snort/Suricata, Huntress.
BPB Entropy Signal
Bits-per-byte compression scoring. No other vendor uses it. No false-negative path on structural anomalies.
AI-Text Detection
Detect LLM-synthesized log injection, prompt injection, AI-ghost-written phishing. First-to-market.
Billing Fraud Detection
Entropy-scored billing event streams catch fraudulent patterns invisible to rule-based guards.
Release Regression
Detect when a new deployment changes your log entropy baseline — catch production errors first.
Single / Batch / Stream
One item, thousands, or NDJSON streaming — same endpoint family. No other vendor supports all three.
Domain-Agnostic
Logs, API calls, financial transactions, sensor data — no domain-specific retraining required.
$299/mo Self-Serve
Only vendor with transparent self-serve pricing at this tier. No sales call, no 6-month evaluation.
RapidAPI Marketplace
RapidAPI listing ready. Accessible to 4M+ developers immediately upon publish.
Zero Training Data
No labels, no historical incidents, no data export. Baseline learned from live traffic Day 1.
Connect in Minutes
All SIEM connectors, webhooks, and reporting included on every paid plan. No professional services required.
Transparent, No Surprises
All paid plans include: neural scoring API, Python SDK, SIEM connectors, UEBA velocity, PDF reports, CVE correlation, webhook dispatch, MITRE mapping.
- 100 scores/day
- zstd fallback scorer
- Basic severity labels
- REST API + Python SDK
- No SIEM connectors
- No UEBA
- No PDF export
- 10 GB/day log analysis
- Neural scorer (v4 micro)
- Splunk + Elastic SIEM
- MITRE ATT&CK mapping
- CVE correlation
- No UEBA velocity
- No custom baselines
- 100 GB/day log analysis
- All SIEM connectors
- UEBA velocity detection
- ContentSentry — AI-text detection
- NetScope — network flow scoring
- Batch + stream scoring
- 99.5% SLA
- No dedicated Slack channel
- Private VPC or on-prem deployment
- Air-gap compatible Docker delivery
- All SIEM connectors included
- Custom retention and data-boundary control
- Direct architecture onboarding
- Priority implementation support
- Annual commercial license
- Unlimited log analysis
- All modules enabled
- Custom neural baselines
- Multi-tenant + white-label
- SOC 2 Type II (in progress)
- 99.9% SLA
- Dedicated Slack channel
Built for High-Trust Procurement
Security buyers need explicit claim boundaries, auditable evidence, and compliance-grade infrastructure before any POC sign-off.
Transparent Benchmarks
Fixed-seed reproducible test harness. All metrics independently verifiable. No NDA required to evaluate.
No Data Retention
Scored payloads are never stored on our infrastructure by default. HMAC-signed audit logs on your side.
Self-Hosted Option
Deploy our Docker image in your VPC. Air-gap compatible. Your data never leaves your perimeter.
5 Provisional Patents
USPTO provisional filings cover BPB entropy scoring, neural weight compression, PUZZLE-AUTH, and cross-modal compression.
Human Review Guardrail
Every API response carries an explicit disclaimer. Scoring is triage signal — never autonomous verdict.
Open API Contract
OpenAPI 3.0 spec, Python SDK, CLI, MCP server — all publicly documented with zero vendor lock-in.
Get Access
Free keys are issued instantly. Basic, Pro, and Self-Hosted plans redirect to Stripe Checkout. Enterprise and MSSP requests stay sales-assisted.
⚠️ Outputs are probabilistic indicators only. All decisions require human analyst review before operational or disciplinary action.