H7 BCA · eBPF · Ed25519 · Offline-Verifiable

What TLS does for Network Identity,
Pulsaride-H7 does for Software Behavior.

Prompt-injection filters and EDR tools share a fundamental blind spot: they cannot observe what an agent does at the kernel layer — only what it says. Pulsaride-H7 watches the syscall layer via eBPF and emits cryptographic, offline-verifiable attestation certificates .cal signed in Ed25519 — without prompt scanning, content inspection, or network callbacks.

Apply for a Pilot →Clone Demo Kit (10 min) ↗Read the white paper →
Kernel capture
eBPF
Signature
Ed25519
Runtime
Rust no_std
CPU overhead
< 0.4%
Verification
Fully offline
CI/CD Agent Compromise — April 2026Realistic scenario — reproducible in 10 min with the demo kit

CI/CD pipeline compromise — detected and certified in 4.8 seconds

A third-party CI runner integrated into a cloud deployment pipeline was compromised via supply-chain injection. The attacker used only legitimate syscalls — invisible to EDR and prompt-injection filters alike.

H7 detected the behavioral drift within 4.8 seconds and emitted a .cal certificate — a non-repudiable forensic artifact satisfying DORA Art. 17 incident reporting requirements.

See the detection scenario →
h7.kernel.log — 2026-04-21 (demo scenario)
03:14:22.001[h7] agent:ci-runner-49 BASELINE_ESTABLISHED
03:14:27.318[h7] syscall_seq: execve→openat→mmap (expected)
03:14:29.441[h7] DRIFT_DETECTED: behavioral_entropy_threshold_crossed
03:14:29.441 unexpected: ptrace→process_vm_readv
03:14:29.443[h7] ALERT: LIVING_OFF_THE_LAND — agent:ci-runner-49
03:14:29.443 action: emit .cal certificate + notify operator
03:14:29.451[h7] .cal signed sha256:a7f3...d9c1 (Ed25519)
03:14:29.451 DORA artifact: incident-2026-04-21.cal ✓
Demo Kit · 10-min replay

See an agent compromise detected and certified — in 10 minutes

01
Clone
git clone the demo kit — no signup, no cloud account required. Linux + Docker + sudo.
02
Run the attack scenario
Execute a shell-spawn, silent exfiltration, or ptrace scenario. Watch H7 detect at the kernel layer in real time.
03
Verify .cal offline
Verify the emitted .cal certificate with the bundled Ed25519 public key — no network, no CA, no SaaS.
Pulsaride H7 — demo kit (make attack-vercel)
H7 end-to-end demo: living-off-the-land detection, agent isolation, and .cal certificate verification
Design Principles

Technical transparency, by design

Every H7 design decision is auditable. No hidden network calls, no opaque SaaS dependency, no trust requirement beyond a cryptographic key you control.

Zero allocator

Rust no_std

The H7 probe runs as a Rust no_std eBPF program — no heap, no kernel module, no OS dependency beyond the Linux kernel itself.

< 0.4%

CPU overhead

Measured under sustained production load. The kernel sismograph adds no perceptible latency to the agent workload under observation.

Air-gap ready

Fully offline

Verification of any .cal certificate requires no network access, no external CA, no SaaS. The Ed25519 public key is the only dependency.

Design Partner Program — Cohort 1 open

Shape the DORA-ready AI agent attestation standard.

We're onboarding regulated EU finance teams as founding partners — H7 in your environment at cost, direct engineering access, and a signed DORA audit package.

Learn more →
6-Week DORA Pilot

From proof-of-concept to DORA-ready in 6 weeks

A fixed-scope engagement: H7 deployed on your agents, .cal certificates in production, and your team fully autonomous on attestation workflows.

6 weeks · Production or staging environment
H7 deployed on target agents
.cal certificate workflow
DORA incident report template
Team knowledge transfer session

Custom pricing available for enterprise contracts. Contact for MSSP and reseller terms.

Deadline
August 2026 EU AI Act deadline
High-risk AI Act provisions take effect before August 2026. A 6-week pilot started now lands with margin to spare.
Apply for a Pilot →
Regulatory Compliance

One .cal bundle. Three regulatory frameworks.

The same attestation certificate satisfies DORA, NIS2, and the EU AI Act — without requiring separate tooling, separate processes, or separate evidence trails.

In force — Jan 2025

DORA · Art. 17

Digital Operational Resilience Act

DORA mandates documented, reproducible evidence of ICT incident timelines. H7 .cal bundles provide timestamped, cryptographically-signed kernel traces that satisfy Art. 17 incident reporting with a single artifact.

Timestamped incident timeline
Cryptographic non-repudiation
Third-party agent attribution
In force — Oct 2024

NIS2 · Art. 21

Network & Information Security Directive 2

NIS2 requires organizations to implement supply-chain security measures and demonstrate continuous monitoring. H7 provides behavioral attestation of third-party agents across the full software supply chain.

Supply-chain agent monitoring
Continuous behavioral baseline
Exportable compliance reports
High-risk provisions — Aug 2026

EU AI Act · Art. 9

EU Artificial Intelligence Act

The EU AI Act imposes strict logging and audit-trail requirements on high-risk AI systems. H7 .cal certificates serve as the opposable forensic record for autonomous agent runtime behavior demanded by Art. 9.

Agent runtime audit trail
Offline-verifiable proof chain
High-risk AI system runtime audit trail
Apply for a Pilot →