AhanaAI uses neural compression entropy (ACP v4) to catch threats that statistical models miss β with ROC-AUC 1.0, 100% Recall, and 2.2 ms inference. Domain-agnostic. No labeled data. Ship on Day 1.
Jeremiah Β· jeremiah@ahanazip.com Β· www.ahanaanomaly.com Β· March 2026
β οΈ Outputs are triage signals. Human review required before automated action.
Enterprise security operations face a triple crisis: alert overload, analyst burnout, and zero-day blindness. Existing ML-based SIEM systems don't solve the structural anomaly problem.
Splunk, QRadar β catch known signatures but blind to novel attacks. Alert fatigue from 10,000s of low-quality rules. Costly to maintain.
Darktrace, Vectra β require weeks of labeled training data, expensive professional services, and still average 18β22% false positive rates in production.
Novel attack payloads β novel log structures, AI-generated injection, novel exfiltration encodings β are structurally anomalous but pass all statistical models and rule sets.
ΒΉ Enterprise Security Group (2024). Β² Gartner/ISC2 (2025).
We measure how surprising a log or event is β using compression-theoretic bits-per-byte (BPB). If the neural model has learned what normal traffic looks like, anomalous traffic compresses poorly and scores high. No labels. No training pipeline. No retraining on new attack types.
POST /v1/anomaly/score{
"anomaly_score": 0.97,
"bpb": 6.84,
"z_score": 17.3,
"severity": "critical",
"mitre_hint": "T1110 β Brute Force",
"cve_ids": ["CVE-2021-40444"],
"baseline_bpb_p95": 1.744,
"latency_ms": 2.1,
"disclaimer": "Probabilistic signal.
Human review required."
}
The SIEM market is in structural disruption. Legacy vendors are losing mid-market to developer-centric alternatives. AI-native detection is the new moat.
Developers and DevSecOps engineers who need anomaly detection via API β not a 6-month enterprise evaluation cycle. We land in the same market Stripe landed in for payments: instant self-serve, transparent pricing, world-class docs.
From a single API call to a full enterprise SOC stack β all built, all tested, 99/99 passing.
Score, batch, stream, UEBA, incidents, alerts, reports, SIEM forward, platform state, SOAR stub β all live.
Sync + async client, dataclass responses, auto-retry, streaming generator, CLI bundled. Published to PyPI.
89.2% hit rate on 10 attack categories. CVE auto-correlation. MITRE ATT&CK hints on every score response.
SHA-256 verified PDF incident reports. CSV export. Full audit trail with SLA timestamps and timeline.
Splunk HEC, Elastic/OpenSearch, IBM QRadar, RFC-5424 syslog. <0.1Β΅s fast-path when not configured.
Namespace manifests, Cloudflare tunnel, rolling deploy, health checks. Self-hosted or managed SaaS.
Burst detection, velocity scoring, new-principal detection. 6/6 scenario coverage, <2ms evaluation.
Model Context Protocol integration for Claude Desktop, Cursor, VS Code Copilot. First-in-market.
Ranked against 11 vendors across 7 feature categories. AhanaAI ranks #3 on breadth, #1 on developer experience and novel signal.
| Capability | AhanaAI | Darktrace | CrowdStrike | Splunk ES | MS Sentinel | Wazuh | Elastic |
|---|---|---|---|---|---|---|---|
| BPB entropy signal (unique) | β | β | β | β | β | β | β |
| AI-generated text detection (unique) | β | β | β | β | β | β | β |
| Zero training data required | β | β | β | β | β | β | β |
| $50β$500/mo self-serve tier (unique) | β | β | β | β | β | β | β |
| Single / batch / stream scoring API (unique) | β | β | β | β | β | β | β |
| Unsupervised anomaly detection | β | β | β | β | β | β | β |
| SIEM connectors | β | β | β | β | β | β | β |
| Kubernetes deployment | β | β | β | β | β | β | β |
| ROC-AUC on benchmark | 1.0000 | ~0.82β0.87 | NDA | ~0.79β0.84 | ~0.80β0.85 | N/A | ~0.76β0.82 |
Competitor ROC-AUC estimates from publicly audited documentation and academic publications (2024β2025). AhanaAI result from open fixed-seed benchmark (seed=42, n=200).
Four tiers from free to MSSP. 92% gross margin. Break-even at Month 4 (1 Enterprise customer). LTV/CAC ratios of 63β78x on Enterprise.
100 scores/day. Converts to Analyst via self-serve checkout.
SMB security teams, individual SOC analysts. Churn 4%/mo.
Mid-enterprise SOC teams. 100 GB/day. All SIEM connectors. Churn 2%/mo.
CISO-level. Unlimited. Custom baselines. SOC 2. Churn 0.8%/mo.
Infrastructure cost is GPU inference (~$0.001/1000 calls at scale). Scoring is compute-light per request.
$50/mo hosting + $417/mo amortized SOC 2 = $467 burn. 1 Enterprise customer covers it with 10x headroom.
Patent filing ($320), RSA conference ($500), SOC 2 Type II ($5,000), legal SLA template ($500).
This is not a prototype. The full production stack is built, tested, benchmarked, and deployed. Every claim is verifiable from an open fixed-seed test harness.
Conservative projections based on verified industry CAC/churn benchmarks. Break-even Month 4 with single Enterprise customer. See the interactive dashboard for the full 36-month model.
| Period | Customers | MRR | ARR |
|---|---|---|---|
| Month 4 (break-even) | 14A Β· 3T Β· 1E | $11,481 | β |
| Month 6 | 22A Β· 5T Β· 2E | $22,469 | β |
| Year 1 (Month 12) | 38A Β· 11T Β· 4E Β· 1M | $54,952 | ~$245K |
| Year 2 (Month 24) | 75A Β· 30T Β· 12E Β· 5M | $186,000 | ~$1.32M |
| Year 3 Target (Month 36) | 100A Β· 45T Β· 18E Β· 8M | $152,000 | ~$1.7M |
| Year 3 Bull (Month 36) | 140A Β· 60T Β· 24E Β· 12M | $225,000 | ~$2.7M |
A=Analyst($299), T=Team($1,499), E=Enterprise($4,999), M=MSSP($9,999)
| Gross Margin | 92% |
| LTV/CAC β Analyst | 62x |
| LTV/CAC β Team | 75x |
| LTV/CAC β Enterprise | 42x |
| Monthly burn (pre-revenue) | $467 |
| Total one-time capex | $6,320 |
| CAC payback β Enterprise | 3 months |
Interactive Chart.js dashboard with scenario planning, customer cohort waterfall, and unit economics.
The core stack is built and benchmarked. What remains is distribution, compliance, and expansion into adjacent verticals.
24/7 human SOC response (Managed tier) β intentionally deferred. All other competitive gaps are closed.
AhanaAI is founder-led with deep technical conviction. The compression-theoretic anomaly signal isn't a marketing claim β it's backed by 5 patent filings, working code, and benchmark-verified results.
π§ jeremiah@ahanazip.com Β· πΊ AhanaAI (Delaware, 2026) Β· Honolulu, Hawaii
The BPB entropy signal is mathematically grounded in Shannon's source coding theorem (1951). It is not an approximation β it is a fundamental information-theoretic bound. No competitor can replicate it without building the neural compression engine first, which itself requires compressing enwik8 at >87% to achieve competitive BPB scores.
We're raising a small pre-seed to hire the first sales engineer, fund SOC 2 Type II, cover RSA Conference, and accelerate MSSP channel development. Everything else is already built.
Jeremiah Β· Founder & CEO
π§ jeremiah@ahanazip.com
β οΈ Forward-looking projections are illustrative and not a guarantee of future results. All financial figures are based on internal models. Anomaly detection outputs are probabilistic triage signals requiring human review.
Β© 2026 AhanaAI (Delaware Corporation). All rights reserved. 5 provisional patents pending.