Every claim has a receipt.

Each AI repair carries a Proof-of-Opus card: the exact model used, the Anthropic request-id, the per-call latency, and the cost on your account. Copy the JSON, hand it to Anthropic support — they can verify the request-id came from your call.

Below is the real Opus call counter from the last five minutes — the same widget that lives on the home page. If our primary tier is unavailable, this badge turns amber rather than going dark. We don't get to hide degradations.

Anthropic's own products (Claude Code, MCP servers, Claude SDKs) ship CVEs like everyone else. Live count from NVD — when one shows up, we want our customers to be the first to know.

Every state change in your org — repo connected, SBOM generated, CVE detected, repair started, patch deployed — is appended to a hash-chained audit log. Export the entire chain in one click; hand it to your SOC2 auditor.

Login required. Exports are scoped to your org by row-level security at the database layer.

Our detection and repair numbers come from a 200-CVE seed corpus across 8 languages, run against PatchOps Guard and competitors with the same harness. Every number is reproducible from this repository — no private API.

We are not yet SOC2 Type II certified — and we will not pretend otherwise. We have the controls in place (RLS, audit chain, encryption, sandboxed AI). Formal attestation is the next step. We will publish the report number here when issued.

Status: Type I scope locked, Type II window opens 2026-Q3.