Kikimora

[ for mssps ]

Multi-tenant security operations,
billed the way MSSPs work.

Every client gets an isolated tenant with its own integration keys. Your analysts switch between them in one click. And the bill arrives month by month, based on the assets you actually assess per tenant: no annual lock-in to carry on a client’s behalf.

Talk to us Start Free

The agency math is broken

Most security platforms price for one company defending itself. Run twenty clients through that model and the problems compound: an annual license per tenant means you carry the commercial risk when a client leaves at month four. Onboarding a new client means weeks of procurement, agent rollouts, and VPN plumbing before the first finding. And day to day, your analysts hop between ten consoles per client, re-authenticating their way through the morning.

Kikimora was built with MSSPs in the room. The two things they asked for most: tenants that scale month by month, and context switching that costs nothing.

What multi-tenancy looks like here

01

Separate keys per client

Every client environment holds its own integration credentials. AWS keys for client A never touch the tenant of client B.

02

Server-side tenant isolation

Conversations, findings, assets, and reports are scoped to the tenant. There is no query that crosses client boundaries.

03

Instant context switching

Move between client environments in one click. No re-authentication, no console juggling, no mental context lost.

04

Onboard in hours

Create the tenant, connect the client tools through read-only APIs, start asking questions. No agents to deploy, no VPNs to stand up.

Billing that follows your clients

Your revenue from a client is monthly. Your platform cost for that client should be too.

01

Each tenant meters its own assets

Billing follows the assets you actually assess per client environment, nothing else.

02

The bill arrives month by month

No annual commitment per tenant. A client that leaves in March stops costing you in April.

03

Scale every tenant independently

Raise or lower each client’s assessed assets every month as their estate and your contract change.

What every tenant gets

18 integrations per tenant

14 user-activated tools (AWS, Azure, Cloudflare, GitHub and more) plus 4 built-in capabilities: Qualys WAS scanning, Shodan, Wazuh, and a locally deployable Network Scanner. No third-party licenses to buy for the built-ins.

Browse integrations →

Human-in-the-loop on every write

The agent proposes the fix; your analyst approves it. Every action is logged to an immutable audit trail you can hand to a client.

See how it works →

Compliance reporting on demand

ISO 27001, SOC 2, PCI-DSS, NIS2: ask for the evidence and the report in chat, per client, on whatever cadence their auditors expect.

Read the security whitepaper →

Under the hood, the AI models come from Google and Anthropic, served exclusively from Vertex AI endpoints in the EU region. Client data is never used to train models. Details in the security whitepaper.

FAQ

How is client data isolated between tenants? +

Each client environment is a separate tenant with its own integration credentials and server-side isolation. Conversations, findings, assets, and reports are scoped to the tenant they belong to, and no query crosses client boundaries. Your analysts switch context between tenants explicitly, in one click.

How does MSSP billing work? +

Month by month, based on the assets assessed in each tenant. There is no annual commitment per client: you can scale every tenant’s assets up or down each month, and a client that churns stops costing you the following month. Pricing for your client volume is agreed when we activate multi-tenancy for your account.

How fast can I onboard a new client? +

Hours, not weeks. You create the tenant, connect the client’s tools through read-only APIs with credentials scoped to that tenant, and the four built-in capabilities (Qualys WAS, Shodan, Wazuh, Network Scanner) work immediately with nothing to procure or install.

Do I need licenses for the built-in scanners? +

No. Qualys WAS web application scanning, Shodan attack-surface intelligence, Wazuh detection, and the locally deployable Network Scanner ship with the platform in every tenant. No third-party account, license, or API key is required for any of them.

How do I get multi-tenancy enabled? +

Contact us through the form on this page. We activate multi-tenancy for your account, walk through pricing for your client volume, and set up a demo and guided onboarding. We reply within one business day.

[ talk to us ]

Get multi-tenancy activated.

Multi-tenancy is enabled per account. Tell us about your clients and we will switch it on, walk through pricing for your volume, and set up a demo and guided onboarding.

Tell us about your clients and current tooling. We will activate multi-tenancy for your account, walk through pricing for your volume, and set up a demo and guided onboarding.

Email [email protected]