Partner Invitation

Cybersecurity Calibration: Design Partner Invitation

Become a design partner for the KAIROS cybersecurity adapter calibration

Scope
Cybersecurity adapter pilot
Updated
April 2026

How design partners help calibrate the KAIROS cybersecurity adapter against real production telemetry. What you contribute, what you get back, how we protect your data.

Why this matters

The KAIROS cybersecurity adapter is a structural reading layer for defended zones. It sits adjacent to your existing security stack — SIEM, EDR, XDR — and answers a different question. Per zone, per tick, how much pressure can still be absorbed before the weakest control collapses. Two operators replaying the same incident reach the same answer.

The adapter ships with a v1 synthetic baseline calibrated against the public cyber-defense literature (Verizon DBIR, NIST SP 800-53 / 207, CIS Controls v8, OCSF, LANL, DARPA). The full methodology debrief is on the Spindle: Calibrating the Cybersecurity Adapter.

Synthetic baselines have limits. The next step is calibration against real production traffic. That requires design partners.

Who this is for

The four zone archetypes map to the telemetry surfaces most enterprises already collect.

  • Identity plane — organizations with mature SSO / IdP / directory telemetry (Okta, Azure AD, Auth0, Active Directory). Strong fit if your SOC already monitors authentication and privilege-grant events at scale.
  • Edge device — organizations with EDR fleet coverage (CrowdStrike, SentinelOne, Defender). Strong fit if your endpoint posture telemetry is consistent across managed devices.
  • Internal segment — organizations with network-layer visibility (NetFlow, IPFIX, Zeek, Suricata). Strong fit if your network security team already monitors east-west traffic and segmentation enforcement.
  • Data plane — organizations with cloud audit logging (CloudTrail, GCP audit, Azure activity) and object-store access logs. Strong fit if your data-access governance program already captures sensitive-store queries.

If your environment has SOC-confirmed labels on contributed windows (an existing analyst workflow that distinguishes investigated-clean from unreviewed traffic) and at least 30 days of telemetry depth in one zone, the contribution shape works. Regulated verticals (financial services, healthcare, government) and cloud-native SaaS companies are the most common fit; the methodology is not vertical-specific.

What we’re asking for

A 30 to 90 day window of telemetry from one or two of your defended-zone archetypes — identity plane, edge device, internal segment, or data plane. Whichever your team has telemetry depth in.

The contribution shape:

  • The telemetry itself, redacted to remove sensitive content before it leaves your environment.
  • SOC-confirmed labels on the contributed windows (confirmed-benign / unreviewed / excluded-known-incident).
  • Disclosure of any incidents in the contributed window, including minor and suspected events, so the calibration doesn’t miscount.
  • Permission to publish the aggregate calibration result (not the raw events) in pilot collateral, co-authored with your team.

We provide the redaction tooling and a round-trip-fidelity test harness so your team can validate everything before any data extraction.

What you get back

  • A calibrated policy-positive rate per zone per hour measured against your own environment, with confidence intervals per zone archetype. Tells you where your structural margin sits on a real-environment baseline rather than a synthetic one.
  • Visibility into which of your zones run hot on attack-surface pressure and which sit comfortably in defense posture, under a deterministic policy floor you control.
  • Right-to-recall. If an incident is later identified inside a contributed window, the aggregate gets re-run and any public correction is disclosed to the audience the original number reached.
  • Co-authorship credit on the methodology output the contribution unblocks.
  • Early access to the cybersecurity adapter ahead of general pilot availability.

How we protect your data

  • Mutual NDA before any technical exchange.
  • Redacted exports are the only thing that leaves your environment. Raw events never leave the partner side in identifiable form.
  • Aggregate-only publication. The published number is a rate with a confidence interval, not a corpus.
  • You review any public output before release.
  • The full data spec — OCSF coverage matrix, redaction rules, labeling discipline, replay determinism, provenance manifest — is shared under NDA. It exists; the public page just does not lead with it.

Start a conversation

If you are running infrastructure in any of the four zone archetypes and the contribution shape above is feasible for your team, we would value the conversation. Contact us and reference this brief. We will respond directly with the redaction tooling, the round-trip-fidelity test, the full data spec, and a draft mutual NDA.

To start a conversation about contributing telemetry, redaction guidance, or the round-trip harness, reach out. Background on the structural-margin framing is on the Cybersecurity Rosetta page; the public debrief on the calibration methodology is on the Spindle.

Privacy Policy

Effective: February 2026

1. Data We Collect

When you sign up for early access or our newsletter, we collect your email address. We do not collect personal data beyond what you voluntarily provide.

2. How We Use Your Data

Your email is used solely to send product updates, early-access invitations, and research announcements from AnankeLabs. We do not sell, rent, or share your data with third parties.

3. Cookies & Analytics

This site does not use tracking cookies or third-party analytics. We may use server-side request logs for basic traffic monitoring.

4. Data Storage & Security

Submitted data is stored on secure, encrypted infrastructure. We retain your information only as long as necessary to provide the services you requested.

5. Your Rights

You may request deletion of your data at any time by contacting us. We will process deletion requests within 30 days.

6. Contact

For privacy inquiries, email [email protected].

Terms of Use

Effective: February 2026

1. Acceptance

By accessing this site, you agree to these terms. If you do not agree, discontinue use immediately.

2. Intellectual Property

All content, software, research, and materials on this site are the property of AnankeLabs. The KAIROS engine, Rosetta adapter layer, Spindle simulation framework, and Serious Gaming SDK are proprietary technologies. No license is granted except as explicitly stated in a signed agreement.

3. Early Access Program

Early access is provided on an as-is basis. AnankeLabs reserves the right to modify, suspend, or terminate early access at any time without notice.

4. Limitation of Liability

AnankeLabs provides this site and its materials "as is" without warranty of any kind. We are not liable for any damages arising from your use of this site or reliance on its content.

5. Simulation Outputs

KAIROS simulation outputs are analytical tools, not predictions. They should not be used as the sole basis for financial, military, policy, or safety-critical decisions.

6. Governing Law

These terms are governed by the laws of Sweden.

7. Contact

For legal inquiries, email [email protected].