Infrastructure intelligence

The internet,
queryable like a database

DNS, BGP, WHOIS, hosting, threat intel, even the physical datacenters — every layer of the internet, joined into one graph.One query does what used to take five tools and a day of pivoting.

Get a free API keyRead the docs
Why Whisper

The value isn't the data. It's the connections.

Plenty of tools hand you a WHOIS record or a BGP route. Whisper joins every layer of the internet into one graph, so a single query runs from a domain all the way to the datacenter behind it.

7.4B
nodes
39.2B
edges
43
threat feeds
12.5M
threat listings
Live · graph.whisper.securityrefreshed 3m ago
The cross-layer pivot

One query crosses every layer

One domain, expanded across every layer the graph connects: the IPs it resolves to, the nameservers and mail servers behind it, who owns it, the network announcing its routes, the peers that network talks to, and the datacenters it physically sits in. Each connection is another question you can ask — so the graph isn’t a lookup, it’s a starting point.

DNSWebMailWHOISGeoIPRoutingPhysicalone query
Live · graph.whisper.security
One indicator, every connected layer
github.com expanded across DNS, web links, mail, ownership, GeoIP, routing, and the datacenters behind it
Domain · WebDNS · WHOIS · MailGeoIP · RoutingNetworkPeers · Physicalgithub.com34c3ctf.ccc.ac10xse.academyns-421.awsdns-52.c…ns-520.awsdns-01.n…dns1.p08.nsone.net140.82.121.3githubaspmx.l.google.comalt1.aspmx.l.googl…Frankfurt, DE140.82.121.0/24AS36459GitHub, Inc.AS1299AS2914AS3257Equinix AshburnEquinix Frankfurt
WebDNSMailWHOISGeoIPRoutingPhysical
Show the one query that built this
MATCH (h:HOSTNAME {name:"github.com"})-[:RESOLVES_TO]->(ip)
-[:ANNOUNCED_BY]->(:ANNOUNCED_PREFIX)-[:ROUTES]->(a:ASN)
WITH h, a, ip LIMIT 1
OPTIONAL MATCH (ip)-[:LOCATED_IN]->(c) // GeoIP
CALL { (h)<-[:NAMESERVER_FOR]-(ns) collect[0..3] }
CALL { (h)<-[:MAIL_FOR]-(mx) collect[0..2] }
CALL { (h)-[:REGISTERED_BY]->(o) collect[0..1] }
CALL { (h)-[:LINKS_TO]->(w) limit 2 }
CALL { (a)-[:PEERS_WITH]->(peer) collect[0..3] }
CALL { (a)-[:AS_PRESENT_AT]->(dc) collect[0..2] }
RETURN ip, prefix, asn, asn_name, geo, ns, mx, o, peer, dc
17 nodes across 7 layers · 194 msRun it
Open, not fixed

A query language, not fixed pivots

Ask any pivot in Cypher over REST — shared registrant, co-hosting, MOAS conflicts, peer ASNs. Not the handful a UI decided to expose.

See the API
Agent-native

Built for AI agents

Connect once over MCP and your agent walks the graph itself, citing the exact feeds behind every answer.

Set up MCP
Fast at scale

Answers in milliseconds

Sub-millisecond server time across ~7.4B nodes. A three-hop hosting lookup lands in about 110 ms; P99 stays near 236 ms under load.

How it works
Always live

Never a stale snapshot

43 threat-intel feeds across 25 categories, refreshed continuously. Freshly resolved domains stream in every few minutes.

About the data
See how Whisper compares
Use cases

What security teams are doing with Whisper

When your tools have a complete map of the internet infrastructure, steps that took days can be taken in seconds.

Threat investigation & response

Enrich an indicator, cluster a campaign, and map a compromise — every dimension and connection joined in one traversal, not stitched from point lookups.

Attack surface & exposure

Hot

Inventory everything an org exposes, then trace the route an attacker takes through it across every layer — and the choke point that severs it. Internal tools stop at the perimeter.

Routing & BGP security

Catch BGP hijacks and audit routing health — MOAS conflicts, RPKI coverage, and the threat-listed space behind a network — on the same rows.

Internet research

Map any organisation or network across the open internet — its complete digital footprint, or a whole ASN’s routes, peers, and the buildings it sits in.

Brand & domain protection

Catch live lookalike and typosquat domains before they phish — generated, filtered to the registered ones, then resolved and scored in a single pass.

Compliance & posture

Audit the postures regulators and frameworks ask for — RPKI route-origin coverage and DNS/email authentication (SPF, DMARC, DNSSEC) — crossed with live infrastructure.

Run any of these from your own AI agent

WhisperGraph speaks MCP — connect once and your agent writes its own Cypher across the live graph. Every use case has a copyable prompt and an AI-prompt tab.

Set up MCP
See all use cases
Access & integration

One graph. Three ways in.

Whisper is the infrastructure layer your stack queries when it needs context — over the API, through your SIEM, or straight from an AI agent.

Splunk
Microsoft Sentinel
OpenCTI
Cortex XSOAR
Claude
OpenAI
Cursor
VS Code
Windsurf
Antigravity
Splunk
Microsoft Sentinel
OpenCTI
Cortex XSOAR
Claude
OpenAI
Cursor
VS Code
Windsurf
Antigravity

Available as cloud-hosted or on-prem deployment.

Our foundation

Built by internet infrastructure experts

Few security companies can say they helped build the thing they protect. Whisper comes from people who did — engineers with time at RIPE NCC and ICANN, working on internet governance down at the protocol level. Meet the team.

We built Whisper because no tool gave us what we needed: one queryable map of how the internet actually connects. What used to take a research lab, any security team can now have.

W
Whisper Security Team
Internet infrastructure researchers
0+Years of experience

in internet infrastructure, DNS, BGP, PKI, and threat intelligence.

0BData points ingested

from 60+ internet data sources, cross-referenced and continuously updated.

0+Countries mapped

Global coverage across every IP range, ASN, and top-level domain.

Start seeing infrastructure

Connect Whisper once, and every tool in your stack gets sharper.

Explore the graphConnect your AI agentTalk to us