Elsas

Verifiable security primitives for AI agents.

The atomic security questions an agent asks at decision time — is this CVE exploited? is this package vulnerable? what hits my lockfile? — answered in one call, each answer Ed25519-signed and verifiable offline. Unsigned CVE APIs ask you to trust them. We let you verify.

Atomic primitives from $0.001 per signed call in USDC on Base: is_exploited (CISA-KEV, $0.001), check_package (OSV, $0.002), check_cve (CVSS+KEV+EPSS, $0.01), search_cves (NVD keyword, $0.01), scan_dependencies (pay-per-vuln, free when clean), check_affected (curated advisory match, free when clear). Plus the daily digest get_today ($0.10 flat). Accountless: your wallet is your identity. No accounts, no keys, no subscriptions.

Every response is Ed25519-signed — verifiable offline against our public key. No other CVE intelligence API offers cryptographic verifiability. Cross-validation by an independent LLM judge provides a transparent quality metric. Why per-call & signed →

All tools served through https://elsas.it/mcp (MCP, Streamable HTTP). Free previews: sample report · MCP security status · full docs. Open-source verification kit: GitHub.