agentless · read-only · dev-first

Know who’s really hitting your app.

About half of web traffic is automated, and AI agents are the fastest-growing slice. To your dashboard, it’s all the same line on a chart. Vallhund reads the telemetry you already emit, names every actor at your door, checks the ones making claims, and barks only when something deserves your attention.

Start free Sign in

One read-only source · friend-or-foe in minutes · no card to start

watching api.yourapp.devlast 60s

14:02:11

GET /pricing

human · Chrome · macOS · 200

14:02:13

GET /docs/api

search crawler · Googlebot · rDNS verified ✓

14:02:14

GET /docs/quickstart

ai agent · GPTBot · reading docs

14:02:16

GET /.env

automation · python-requests · 404

14:02:17

GET /wp-login.php

automation · sqlmap · 404

14:02:19

HEAD /

unknown · no user-agent

▲ bark“Googlebot” from a hosting ASN failed rDNS verification: impostor crawler probing admin routes. Classified foe.

the gap

Same hour of traffic. Two very different readings.

your dashboard

requests48,211 ▲ 12%

error rate0.4%

p99 latency138 ms

✓ all systems normal

vallhund

Human23,904real browsers

Search crawler9,8122 verified · 1 impostor

AI agent8,377GPTBot, ClaudeBot, Perplexity

Automation4,871incl. one scanner: 412 probes

Unknown1,247worth shrinking

▲ 2 barksan impostor crawler and a correlated scanner, out of 48,211 requests.

No agent on every host, no kernel module, no procurement cycle.
Actor intelligence, derived from telemetry you already have.

what it catches

Named, verified, and watched.

Every request is attributed to one of five actor classes, at every endpoint. Claims get checked, not trusted. The patterns that matter become findings, not log noise.

HumanSearch crawlerAI agentAutomationUnknown

spoofed_crawler

Claims to be Googlebot. Forward-confirmed reverse DNS says it’s nobody Google knows. Flagged foe on the spot; reputation never silences an active attack.

198.51.100.9 · AS14061 (hosting) · rDNS ✗ → foe

web_exploit_probing

One scanner, four hundred log lines, one finding: who, from where, what they tried, what answered. Routes that answer strangers get mapped as open doors.

412 probes · /.env /.git/config /wp-login.php · all 404 ✓

ai_agent_sensitive

AI agents read your docs all day, and that’s fine. You can watch them do it. The bark comes the moment one crosses into something sensitive.

GPTBot · 214 req this week · /docs/* ok · watching /admin /billing

how it works

Up and watching in five minutes.

01

Connect a read-only source

Cloudflare, AWS, GitHub, Supabase, Vercel. A token or a one-click role, about five minutes.

02

Vallhund watches the door

Actors classified, claims verified, open routes mapped. Barks land in Slack or a webhook.

03

Hand the fix to your agent

Every actionable finding ships a paste-ready prompt. Your coding agent does the rest.

dev-first

Every bark ends in a fix.

Findings aren’t homework. Each actionable one ships with a paste-ready prompt, written against your actual stack. Drop it into Claude Code, Cursor, or whatever you ship with. Vallhund supplies the judgment; your agent does the work.

paste-ready prompt · open_endpointcopy

Open endpoint: GET /.git/config returns 200 because your
marketing catch-all answers for dotfile paths. Add an explicit 404 for
VCS and secret paths (/.git/*, /.env*) ahead of the wildcard
route, and add a regression test for both.

built to be trusted

Strong opinions about what a watchdog should never do.

Read-only, by construction. Tokens can’t write and nothing sits inline. It barks; it never bites.
Derive-and-drop. We store findings, never your raw traffic. That’s why the free tier is real.
An honest boundary. It watches network, app, identity, and config. It never claims to see host or kernel.

And don’t take our word for any of it: the judgment core is open source (AGPL). Read the detectors, run the oracle locally, then decide whether to connect.

connects toCloudflareGitHubAWSGCPSupabaseVercelZitadelnetworkappidentityconfig

pricing

Start free. Upgrade when it’s watching real traffic.

Metered on projects, history, and alert channels, never on traffic volume.

Free

$0 forever

Watch one app.

›1 project
›7-day history
›Full actor map + barks
›Community detections
›Read-only, derive-and-drop

Propopular

$19 / month

For devs shipping fast.

›Up to 10 projects (prod + staging)
›30-day history
›Slack & webhook barks
›GreyNoise + FCrDNS verification
›Managed connectors

Business

$49 / month

For teams.

›Unlimited projects
›90-day history
›More alert channels
›Everything in Pro
›Priority support

One plan, two products: your subscription also unlocks Swerver Pro, our x402 proxy that lets AI agents pay per request to use your API.

Find out who’s at your door.

Start free Read the engine on GitHub

Agentless · read-only · encrypted at rest · derive-and-drop