Pricing — Working Draft

We Charge for Proof, Not Promises

There are no prices on this page yet. We're designing pricing in the open, with exclusive-access teams, for a world where agents buy security outcomes the way they call APIs. Here's the thinking so far.

The Metering Principle: Cross the Gate, Then Pay

Scanners bill for noise. We don't charge for raw leads — only for what Kloudle proves. Every issue moves through the gate: lead → blocked or disproven → proven → fixed and verified. Money changes hands on the right side of the gate.

Output

Charged?

Why

Lead

An agent or check raised it, but nothing has proven it yet. Not trustworthy enough to bill for.

Blocked

No, or minimal

Useful inside the loop, but not customer-output-grade.

Disproven

Killing a false alarm builds trust. It should never feel punitive.

Proven issue

Yes — evidence-run quota

This crossed the proof gate. It's promotable truth your factory can act on.

Verified fix payload

Yes — premium

A signed, accepted fix is the scarce artifact. The moment of maximum intent.

Accepted risk record

Included

Governance value, not a remediation event.

Machine-Payable, by Design (x402)

Your agents don't open procurement tickets. With x402 — the payment protocol built on HTTP's long-dormant 402 Payment Required — an agent pays for an evidence run or a verified fix at the moment it requests one. Outcome-based pricing stops being a contract clause and becomes an API response.

That's the future we're building toward: your factory buys proof per unit, machine to machine, inside the loop. The annual license covers the plane; the outcomes meter themselves.

To be precise about who pays how: x402 is the agent-native rail, not the contract. Your company pre-funds credits or buys an annual commit the normal way — your agents spend those credits through x402-style flows.

Proposed Packaging

Five pieces. One annual anchor, the rest metered or modular. All of it draft — tell us where it's wrong.

Sovereign Posture Plane

Annual self-hosted platform license

Pays for deployment, integrations, the cross-plane graph, the evidence ledger, and the control plane.

Evidence Runs

Included quota, then metered

Your agentic pipelines evaluate posture as often as they ship — without a new enterprise negotiation each time.

Verified Fix API

Charged per accepted, signed fix payload

You pay when a fix crosses the gate, not when a scanner makes a list.

Public Bake-Off

Paid proof assessment, credited toward an annual contract

Run Kloudle against Prowler and ScoutSuite on your own infrastructure. Skepticism is healthy; proof settles it.

MCP / Neocloud Modules

Premium add-ons

The greenfield planes — MCP servers, neoclouds — land as focused modules before full cloud parity.

The Verified Fix API Prices by Fix Class

Not by severity alone. A critical issue with a one-command fix is not the same work as an IAM redesign that needs context.

Fix class

Example

Pricing logic

Command fix

Disable public access, rotate a token, update a policy flag

Lower per fix

IaC patch

A Terraform or CloudFormation diff

Mid-tier

Agent prompt / workflow fix

A guardrail for your CI/CD or MCP factory line

Mid to high

Compound attack-path fix

MCP server → leaked token → cloud write → public exposure

Premium

Governance artifact

Exception, compensating control, audit evidence

Included

Frequently Asked Questions

So what does it cost today?

We haven't published numbers, on purpose. Exclusive-access teams are helping us calibrate evidence-run quotas and fix-class prices against real factories. This page is the shape of the model; the numbers come from running it.

What is x402?

HTTP has had a 402 Payment Required status code since the 1990s, reserved for a future that never arrived — until agents. x402 is the open protocol that puts it to work: a machine pays for a request at the moment it makes it. An agent in your factory can pay for an evidence run or a verified fix the same way it calls any other API, with no procurement cycle in the loop.

Why not charge per asset or per seat?

Because the factory breaks both meters. Agents make seats meaningless, and your estate grows at machine speed — charging on raw volume punishes the factory for working. We meter the thing that holds its value: proof.

What counts as a verified fix payload?

A fix the gate accepted: a signed change — command, IaC diff, or workflow guardrail — that resolved a proven issue and passed retest. Priced by fix class, not just severity, because a critical issue with a trivial safe fix is not the same work as an IAM redesign.

Can I still sign up and scan?

Self-serve signup is closed and the hosted product is not being sold. The way in is the exclusive-access waitlist: self-hosted deployment, your database, and the posture-layer capabilities as they land.

How does the bake-off work?

We deploy Kloudle next to Prowler or ScoutSuite on infrastructure you own and compare what crosses the proof gate: issues proven with evidence versus raw output. The assessment is paid, and the fee is credited toward an annual contract if you proceed.

Put a Posture Layer in Your Factory

Self-serve signup is closing. Exclusive access opens issue gating across your MCP-connected apps — built on the 1,890 checks that run today.

Get Exclusive Access

Or explore Self-hosted deployment and Agent tools