SEC.01 // 22°17′N 114°09′E PACIFIC STANDARD OPERATIONS

The fleet
doesn't take sides.
It takes security seriously.

A fleet of thirteen AI agents that keeps enterprises operational — in every environment, from any direction. Open source. Self-hostable. Auditable all the way down. Resilience without allegiance.

Request Early Access See how it works
LIVE SCOPE · T+00:00:03
● TRACKING 13 AGENTS
HK · SG · TPE · SHA
CMD 13°N 22°S 114°E 121°E COMMANDER
// live.fleet.ops T+00:03:47
Built for MAS TRM HKMA C-RAF iCAST GL20 Cap.653 ISO 27001 NIST 800-53
SEC.02 // 22°17′N 114°09′E // Threat Surface

The threat landscape
shifted. Permanently.

Three structural changes — not trends — have rewritten what enterprise security has to defend against. Each one is already happening in your environment. The only variable is whether you can see it.

01 / AI ● LIVE · right now

AI is already attacking you.

Adversaries run the same capabilities that power this platform. Automated reconnaissance. Adaptive evasion that rewrites itself mid-engagement. 4,700 payload variants per minute. Fighting AI with human analysts is the wrong ratio — and it's getting worse by the week.

Fleet response Agents that think at the same speed.
inbound · T+00:00:01 ▶ adversary.llm.reconnaissance ▶ payload.mutate(attempt=1) ▶ payload.mutate(attempt=47) ▶ payload.mutate(attempt=213) rate: 4,700 variants/minute
02 / NHI ◉ UNMAPPED · in your estate

Non-human identities now outnumber humans 45 to 1.

Service accounts. API keys. Machine tokens. AI agents authenticating 24 hours a day. Almost none governed with the rigour applied to human accounts. One compromised service account traverses your entire environment — silently, at machine speed, with legitimate credentials.

Fleet response Continuous identity mapping. Every token, every path.
45×
more non-human
than human identities
03 / CI ■ IT/OT · in force · Jan 2026

Physical systems are now reachable.

SCADA. ICS. PLCs. Operational systems designed for safety, not security — now bridged to IT networks via historians, remote-access VPNs, and cloud telemetry. Energy grids. Water utilities. Transport control. Hospital infrastructure. An attack on the network is now an attack on the physical world. And Cap.653 CoP v1.0 — in force January 2026 — just made operators statutorily liable for what happens next.

Fleet response IT/OT-aware monitoring. Regulator-native evidence.
IT NETWORK OT NETWORK BRIDGE Corp AD Email File Svr SaaS Historian VPN / Jump Remote Access PLC SCADA Sensor Actuator ↓ physical world attack path Cap.653 CoP v1.0 · IN FORCE · JAN 2026

Most platforms built for 2020's threats.
TyphoonFleet is built for the threats that are arriving.

SEC.03 // Meet the Fleet · 艦隊

Thirteen specialists.
One Commander.
Always on.

TyphoonFleet deploys a coordinated fleet of AI agents across your entire attack surface — automatically, continuously, without a dedicated security team. Each agent is a specialist. The Commander keeps them in formation.

CMD · COMMANDER SCOPE RED BLUE PURPLE CLOUD INTEL { } APPSEC HUNTER RESPONDER COMPLY REPORTER AUDITOR
CMD
CommanderOrchestrates the fleet. Routes findings. Owns outcomes.
active
SCOPE
Scope WardenAsset discovery. Attack-surface mapping.
active
RED
RedAdversary emulation via Sliver & Caldera.
active
BLUE
BlueDetection engineering across Wazuh, Zeek, Suricata.
active
PURPLE
PurpleDetection validation. MITRE ATT&CK coverage proofs.
active
CLOUD
CloudPosture via Prowler & ScoutSuite. AWS / GCP / Azure.
active
INTEL
IntelThreat feeds via MISP & OpenCTI. APAC-prioritised.
active
APPSEC
AppSecZAP, Semgrep, Trivy, Gitleaks — continuous SAST/DAST.
active
HUNTER
HunterProactive hypothesis hunting via Velociraptor & osquery.
active
RESPONDER
ResponderTriage, containment, L2 playbooks via TheHive.
active
COMPLY
ComplianceMaps findings → MAS TRM / HKMA / Cap.653 controls.
active
REPORTER
ReporterGenerates board packs, auditor evidence, exec briefs.
active
AUDITOR
AuditorVerifies every agent action — signed, hash-chained.
active
13
Specialist AI agents
running in formation
100%
Open-source tool stack
auditable end-to-end
0
Vendor lock-in
no API keys required
Core differentiator // 艦隊越戰越強

The fleet
compounds. 每一次交戰都更聰明

A pentest is a snapshot. Once a year, a team arrives, probes your estate, writes a report, and leaves. Whatever they learned leaves with them.

The fleet doesn't leave. Every reconnaissance, every finding, every path mapped, every false positive ruled out — stays. Tomorrow the fleet starts where yesterday ended.

Week twelve is sharper than week one. Year two is a different organism than year one.

Annual pentest
Point-in-time.
Resets to zero.
TyphoonFleet
Always on.
Never forgets.
SECURITY POSTURE → T+0 WK 12 WK 26 WK 52 YR 2 TIME → annual pentest resets ↻ +findings retained +surface mapped fleet compounds ↗ deploy
FIG.03 · POSTURE OVER TIME
SEC.04 // Operational Loop

From unknown threat
to board-ready evidence.
Automatically.

T+00:00 · Discover

Map every surface.

Scope Warden and Cloud agents inventory every host, endpoint, cloud resource, code repo, and SaaS tenant. Nothing is out of scope.

01
ASSETS // 1,847 HOSTS · 412 REPOS · 89 BUCKETS
[RED] T1078.004 · valid cloud accounts [RED] T1566.001 · spearphishing attachment → payload delivered via smtp relay [RED] T1059.001 · powershell execution [HNT] hypothesis #47 · lateral mv. ✓ containment feasible ——————————————————— 23 TTPs validated · 4 detection gaps
02
T+00:14 · Hunt

Probe like an adversary.

Red and Hunter agents execute real attacker techniques — mapped to MITRE ATT&CK — against your production estate, continuously.

T+00:37 · Detect

Validate the blue team.

Blue and Purple agents correlate every attack technique against your detection rules. Not theoretical coverage — proven coverage.

03
MITRE T1078.004 ✓ 89% MITRE T1566.001 ✓ 100% MITRE T1059.001 ! 38% MITRE T1021.002 ⚠ 72%
● INCIDENT-2026.0412.17 17:04 · detection fired · webshell 17:05 · responder · isolate host 17:06 · responder · snapshot disk 17:08 · contained · L2 handoff 17:09 · audit trail · signed ✓
04
T+00:58 · Respond

Triage. Contain. Document.

Responder handles the first ten minutes. L2 recommendations for your team. Every action signed, timestamped, and added to the audit trail.

T+01:00 · Evidence

Generate the regulator's pack.

Compliance maps every finding to MAS TRM / HKMA / Cap.653 controls. Reporter builds the board pack. Your auditor receives exactly what they asked for.

05
Q2 · TRM EVIDENCE PACK §4.2.1 Access Control ✓ §4.3.5 Vuln Mgmt ✓ §5.1.2 Pen Testing ✓ §6.4.1 Inc Response ✓ §7.1.3 Threat Intel ✓ §8.2.1 Audit Logs ✓ §8.2.2 Red Team ✓ COMPLIANT — 147/147 MAS TRM HKMA iCAST Cap.653
SEC.05 // Nothing to hide · 光明正大

Auditable
all the way down.

Every tool. Every agent action. Every finding. Open source, logged, explainable. No black boxes. No vendor dependency. No surprises for your regulator — or yours.

Every action, signed.
Every finding, chained.

Each agent action is cryptographically signed, hash-linked to the previous, and written to an append-only audit log. Tamper-evident. Regulator-verifiable. Zero-trust for your own security stack.

17:04:12Z 0x7a3f…e91c · RED · recon.cidr_scan signed ✓
17:04:47Z 0x9d22…41bd · INTEL · ioc.enrich signed ✓
17:05:03Z 0xc1e8…2744 · BLUE · detect.rule_fire signed ✓
17:05:29Z 0x4b60…880f · RESPONDER · contain signed ✓
17:06:11Z 0xff01…ae55 · AUDITOR · verify.chain signed ✓
SEC.06 // Choose your configuration · 部署

Deploy your way.
Own everything.

01 / CLOUD
Cloud Fleet
雲端艦隊
Managed control plane in ap-east-1 (Hong Kong) or ap-southeast-1 (Singapore). Edge agents on your infrastructure. Data never leaves your region.
control-plane ap-east-1
Best for: non-regulated mid-market.
Fast time to value.
02 / ON-PREMMOST POPULAR
Private Fleet
私有艦隊
Full stack in your data centre. Docker or Kubernetes. Air-gap capable. Your infrastructure. Your data. Your control — all the way down to the kernel.
your.datacenter k8s-master worker-01 worker-02 postgres vault object-store
Best for: regulated FSI.
Data sovereignty requirements.
03 / HARDWARE
Fleet in a Box
艦隊一體機
A 1U rack unit. HK-blue anodised aluminium. Plug in. Configure. Protect. The full security operations stack — in a box you own.
1U
Best for: SMEs without dedicated infra.
Branch locations. Offices.
No internet? No problem.

Air-gapped deployment available with local AI models and signed offline sync. Required for some mainland China and defense deployments.

SEC.07 // Born compliant · 合規而生

Your regulator wants evidence.
We generate it.

AUTO-MAPPED
SG · MONETARY AUTHORITY

MAS TRM

新加坡金融管理局
  • Annual pentest evidence
  • Vulnerability assessment
  • Security monitoring logs
AUTO-MAPPED
HK · MONETARY AUTHORITY

HKMA C-RAF / iCAST

香港金融管理局
  • iCAST phase outputs
  • Threat intelligence reports
  • Red team execution evidence
AUTO-MAPPED
HK · INSURANCE AUTHORITY

GL20

保險業監管局
  • Insurer cyber controls
  • Evidence mapping
  • Quarterly attestations
AUTO-MAPPED
HK · SECURITY BUREAU

Cap.653 CoP v1.0

保安局 · 關鍵基礎設施
  • CI operator obligations
  • Security audit artifacts
  • Incident reporting pack
AUTO-MAPPED
GLOBAL · ISO

ISO / IEC 27001

Annex A · 114 controls
  • Control evidence
  • Audit-ready documentation
  • Statement of Applicability
AUTO-MAPPED
US · NIST

NIST 800-53

Rev. 5 · Federal baseline
  • Framework alignment
  • Gap analysis reports
  • Continuous assessment

The fleet generates the evidence — automatically. The first security platform that produces MAS TRM and HKMA iCAST artifacts without a human writing a single line.

SEC.08 // Who built this
Harbour Chart · 海圖
12m18m 24m31m 46m52m 58m N 22°17′13″N 114°09′42″E CHART · HK.01 REV 2026-04
Know the water. Know the pressure.
Built for the world as it actually is.
Built by people who've
operated on both sides. 兩邊都實戰過

We've spent over a decade helping enterprises secure operations across the most complex regulatory environments in Asia. We've watched Western security tools fail to understand the region. We've watched local tools cut corners on the standards global organisations require. We've seen compliance frameworks that protect regulators, not operators.

TyphoonFleet is what we kept wishing existed.

A security operation that works in Hong Kong and Singapore. In a regulated FSI environment and an air-gapped data centre. In an organisation that answers to multiple regulators simultaneously — without asking you to choose.

We don't take sides. We protect operations.

— The TyphoonFleet practitioners · 颱風艦隊
SEC.09 // Private beta · T–7 days

颱風來襲 · The storm is here Deploy your fleet.
Stay up. Any direction.

TyphoonFleet is in private beta. We're onboarding security teams and enterprises operating across Asia's most complex environments. No SaaS sprawl. No vendor lock-in. Just a fleet that works.

APAC data residency No API key required Fully open source

Tweaks

Neutral
Threats
Fleet
Radar
Static
Gold
Red
Minimal