SpiderShield Cloud
SpiderShield doesn't sell an SDK — it sells Agent Security Intelligence. The SDK is the sensor network.
Runtime Guard SDK
Open source, free forever
The sensor network. Every SpiderGuard instance generates security telemetry locally — policy decisions, DLP findings, tool call patterns.
- ✓Policy engine + 3 presets
- ✓DLP scanning (PII, secrets, injection)
- ✓JSONL audit logs (local)
- ✓CLI: scan, guard, proxy, rewrite, harden
SpiderShield Cloud
SaaS — telemetry + storage + management
Centralized visibility into all your agents. The real product isn't the runtime — it's the telemetry, storage, and management layer.
- ✓Centralized cloud audit logs with long-term retention
- ✓Security dashboard (activity timeline, blocked calls heatmap, PII distributions, risk trends)
- ✓Visual policy editor — no YAML needed
- ✓Org-wide policy distribution with versioning + rollback
- ✓Canary rollout to agent groups
- ✓Alert rules + webhooks
- ✓Compliance-ready exportable reports (PDF/CSV)
Trust Registry
Network effect moat
Agents query trust status before calling tools. More agents = better threat intelligence = more accurate scores. A flywheel that can't be replicated.
- ✓MCP server reputation database (3,500+ servers scored)
- ✓Trust API: security score, grade, known vulnerabilities, last scanned
- ✓Real-time threat alerts for Enterprise (new exploits, 0-day patterns)
- ✓Custom trust policies ("block all servers below grade B")
- ✓Threat intelligence feed (prompt injection evolution, tool abuse patterns)
Enterprise Security
Central control + compliance + governance
What enterprise customers actually pay for: org-wide policy control, role-based access, compliance reports, and SIEM integration.
- ✓Org-wide policy management (pushed to all agents)
- ✓RBAC: per-team, per-agent, per-environment (dev/staging/prod)
- ✓SSO (SAML, OIDC)
- ✓SIEM forwarding (Splunk, Datadog, QRadar, Elastic)
- ✓Slack / PagerDuty / Jira integration
- ✓SOC 2 audit trail + incident history
- ✓Data residency (EU / US / APAC)
- ✓Dedicated account manager + SLA (99.9%)
Security Intelligence Flywheel
Proven Model
Open-source distribution layer + paid intelligence/management is the most successful model in developer tools.
| Company | Open Source | Paid Product | Valuation |
|---|---|---|---|
| Sentry | SDK | Event storage + dashboard | $3B |
| Datadog | Agent | Observability platform | $35B |
| Elastic | Elasticsearch | Cloud + security | $6B |
| Snyk | CLI scanner | Vulnerability DB + dashboard | $8B |
| HashiCorp | Terraform | Enterprise management | $5.5B |
| SpiderShield | Runtime Guard SDK | Security Intelligence | Building... |
Roadmap
Distribution
Now
- ●Open source SDK on PyPI
- ●Framework integration PRs
- ●GitHub Action
- ●Community growth
Cloud MVP
Q2 2026
- ●Telemetry API
- ●Cloud audit log storage
- ●Security dashboard
- ●Trust Registry v1
Enterprise
Q3–Q4 2026
- ●Org policy management
- ●RBAC + SSO
- ●Compliance reports
- ●SIEM integrations
Intelligence Network
2027+
- ●Real-time threat feed
- ●Pattern evolution tracking
- ●Industry security reports
- ●Custom trust policies
SpiderShield sells Agent Security Intelligence.
The SDK is just the sensor network.
Like Datadog's agent is a data collector and the real product is the observability platform — SpiderShield's Runtime Guard is a sensor, and the real product is the Security Intelligence Network.