The internet,
queryable like a database
DNS, routing, ownership, threat intel, even the physical datacenters — every layer of the internet, pre-joined into one live graph.Query it like a database: one question crosses every layer, with the history behind it and the evidence behind every verdict.
The value isn't the data. It's the connections.
Plenty of tools hand you a WHOIS record or a BGP route. Whisper pre-joins every layer of the internet, so one query crosses from a domain to the datacenter behind it — the traversal flat lookups can't reach.
One query crosses every layer
One domain, expanded across every layer the graph connects: the IPs it resolves to, the nameservers and mail servers behind it, who owns it, the network announcing its routes, the peers that network talks to, and the datacenters it physically sits in. Each connection is another question you can ask — so the graph isn’t a lookup, it’s a starting point.
This is one starting point. The same graph powers dozens of investigations — start from an alert, a domain, or a whole network.
Show the one query that built this
A query language, not fixed pivots
Ask any pivot in Cypher — shared registrant, co-hosting, MOAS conflicts, peer ASNs. Not the handful a UI decided to expose.
The query languageBuilt for AI agents
Connect once over MCP and your agent walks the graph itself, with the exact feeds behind every answer.
Built for agentsAnswers in milliseconds
Most queries return in under a millisecond of server time — at billions of nodes, in one graph.
On performanceNever a stale snapshot
Dozens of threat-intel feeds, BGP, DNS and WHOIS refreshed through the day — plus the history of what changed and when.
On the live dataWhatever you’re chasing, the graph already connects it
Enrich an alert, map a campaign, trace an attack path, or ground an AI agent — every one runs live on the same graph. Start from your role, or from how deep you want to go.
Or jump straight into a flagship investigation:
Find the real infrastructure behind the CDN
One passive call reconstructs the likely true origin IPs behind a CDN — no scanning, no Censys keys, no managed-challenge false negatives.
Walk the investigationA threat verdict that shows its work
Not a black-box score: explain() returns the level, the factors behind it, and every source feed with first-seen and last-seen timestamps.
Walk the investigationLive typosquats that resemble my domain
Generate lookalikes with 14 algorithms, keep only the registered ones, then resolve them and name the network — a parked squat told apart from one on live hosting, in one pass.
Walk the investigationBuilt for where the market is going
- FCC submarine-cable security rules (2026)
- EU €347M Cable Security Toolbox
- NIS2 Art. 21 supply-chain risk
- DORA Art. 28–30 concentration risk
- RPKI now covers 60%+ of IPv4 prefixes
- OWASP Top 10 for Agentic Apps (2025)
One graph. Three ways in.
Whisper is the infrastructure layer your stack queries when it needs context — over the API, through your SIEM, or straight from an AI agent.
Available as cloud-hosted or on-prem deployment.
Built by internet infrastructure experts
Few security companies can say they helped build the thing they protect. Whisper comes from people who did — engineers with time at RIPE NCC and ICANN, working on internet governance down at the protocol level. Meet the team.
We built Whisper because no tool gave us what we needed: one queryable map of how the internet actually connects. What used to take a research lab, any security team can now have.
in internet infrastructure, DNS, BGP, PKI, and threat intelligence.
from 60+ internet data sources, cross-referenced and continuously updated.
Global coverage across every IP range, ASN, and top-level domain.
Start seeing infrastructure
Connect Whisper once, and every tool in your stack gets sharper.