Private beta — invite only

Know the moment
a credential leaks.

Tripwire plants canaries across your stack — working credentials that look and authenticate like the real thing, but lead to a decoy environment we run. The instant one is used, we page you with who, from where, and what they touched.

Request access See a real alert →

Works with

AWSGCPAzureGitHubGitLabSlackAnthropicOpenAIPostgresDNSDocuments+ more

Coverage

Plant a canary anywhere a real credential lives.

The hard part of detection isn't the alert — it's putting credentials where attackers actually go.

Code & repos

Canaries that read like real config in your repos, deploy scripts, and example env files. The first clone or read fires the alert.

CI / CD

Canaries sit alongside real secrets in GitHub Actions, CircleCI, Buildkite, and Jenkins. Any pipeline that leaks one tells on itself.

Engineer laptops

Canaries live in dotfiles, keychains, and local profiles — the first place credential-stealing malware looks.

Cloud & storage

Canaries drop into buckets, metadata services, and config endpoints across AWS, GCP, and Azure. We watch audit logs and network traffic for any reach.

SaaS & comms

Canaries pin into Slack DMs, Notion pages, Confluence, and shared inboxes — the places real credentials get pasted, screenshotted, and forwarded.

AI agents & vendors

Canaries sit inside agent prompts, tool configs, and documents shared with vendors. We page the moment something downstream reads one back.

The alert

When a canary fires, this lands in your inbox.

tripwire · alert · 2026-05-11 14:22:08 UTCCanary used

{
  "canary":       "deploy-scripts repo secrets",
  "type":         "github_pat",

  "actor": {
    "ip":         "185.220.101.42",
    "asn":        "AS208294 — known Tor exit",
    "country":    "RO",
    "client":     "git/2.43.0"
  },

  "action": {
    "verb":       "clone",
    "target":     "decoy repository",
    "outcome":    "logged — decoy data only"
  },

  "planted": {
    "location":   "github.com/acme/deploy/.env.example#L14",
    "by":         "anna@acme.com",
    "at":         "2026-04-02"
  }
}

Who, and from where.

Actor IP enriched with ASN, geo, and known-bad signals. The Tor and cloud-hosting cases that matter come pre-flagged.

What they did.

The exact action they took against the decoy. The canary authenticated, returned plausible data, and recorded every step — none of it touched anything real.

Which canary, planted where.

The file, line, and engineer who planted it. The on-call already knows where the credential leaked — they only have to answer how.

Approach

Engineered so every alert is real.

The edge isn't a smarter classifier. It's that the signal is unambiguous by construction.

Zero false positives

A canary is a credential nothing legitimate ever touches. If it fires, an attacker is on the other end. Alert volume scales with adversary activity, not your traffic.

Real access, decoy world

Every canary authenticates and returns plausible data, so an attacker spends time on it instead of discarding it. The world behind it is a sandbox we run — read-only mirrors and decoy resources isolated from your real systems. They explore. You watch.

One schema, every surface

Whether the canary sits in a repo, a laptop, a Slack DM, or an agent prompt, alerts land in one feed with one schema. Route to Slack, PagerDuty, or your SIEM once.

Sources

One stream. Every surface attackers reach for.

Source	What fires
Cloud providers	Any API call with the canary credential across AWS, GCP, or Azure.
Source control	Any use of the canary token — clone, read, fork, push.
Workspace & SaaS	Any call against the canary token in Slack, Notion, GitHub, GitLab, and similar.
AI providers	Any completion or API call against the canary key — Anthropic, OpenAI, and more.
Databases	Any connection or auth attempt against the canary database host.
Internal HTTP APIs	Any request to the decoy endpoint with the planted bearer.
DNS	Any query against the canary label, with resolver, region, and timing captured.
Documents	First open or first embedded-asset fetch on a canary DOCX, PDF, or spreadsheet.

Every signal pages in seconds. Severity is set per-event, not per-source.

FAQ

What buyers ask first.

What about false positives — my pentester, a curious engineer, an LLM coding agent?+

A canary is a credential nothing legitimate should ever touch. If your pentester finds one, page them — that's a successful pentest. If an LLM coding agent reads it from disk and uses it, that's exactly what you want to know. Every fire is worth investigating, because by construction nothing innocent should ever reach for one.

How is this different from Canarytokens.org or Thinkst Canary?+

Canarytokens.org issues passive file and DNS tokens, free, hosted by Thinkst. Thinkst Canary is a network sensor appliance you install. Tripwire is the managed control plane for live, multi-source canaries across your real stack — what you'd otherwise spend a quarter building yourself. The three compose; many customers run all three.

Won't a real Tripwire-issued credential expand my blast radius?+

No. A canary authenticates against a decoy environment we run — not your infrastructure. Cloud keys belong to Tripwire-owned accounts, source-control tokens map to decoy organizations, database URLs point at read-only mirrors. An attacker who picks one up explores, queries, and probes — all inside a sandbox isolated from your real systems. Even a 'successful' action never crosses over.

How much does it cost?+

We're in private beta with custom pricing tiered by canary volume and surface coverage. Once you're in, we send a quote within a business day. No procurement gauntlet, no card on file.

Where does the decoy environment live?+

In Tripwire-owned infrastructure that mirrors yours in shape — same vendors, same surface patterns, same credential formats. That isolation is what makes the safety guarantee absolute. We feed every event into your SIEM with full context, so your audit trail stays unbroken.

If Tripwire goes down, do my canaries silently stop alerting?+

No. Every source is monitored end-to-end with a self-test canary that fires on a schedule. If a fire goes missing, you get a heartbeat-failure alert on the same channel as real ones. Silent failure is the threat model we're paid to prevent; we don't get to have it ourselves.

How do I get this in front of my SOC2 auditor?+

Tripwire is SOC2 Type II audited. We act as a sub-processor; the DPA, security questionnaire, and architecture diagram are available on request. We store alert events and canary metadata — never your application data, because canaries don't carry any.

Where do alerts go?+

Slack, PagerDuty, webhook to your SIEM (Panther, Datadog, Splunk), or email. The schema is stable and includes everything in the example above. Filter, route, and enrich at your end.

Plant your first canary
this week.

Tell us where you want coverage. We send back a plan, plant the canaries, and wire the alerts into your channels. The whole thing is async — no meetings, no demo gauntlet, no procurement loop.

Request access hello@tripwire.so

How it ships

You tell us where you want coverage.
We plant the canaries and route the alerts.
Live in days. Async throughout. No card on file.

Know the momenta credential leaks.