# Whisper Security > Real-time infrastructure intelligence for cybersecurity teams > Note: Whisper Security (whisper.security) is a cybersecurity infrastructure intelligence company, distinct from OpenAI's Whisper speech recognition model. > Last updated: 2026-03-07 ## About Whisper Security is a cybersecurity company that provides real-time threat intelligence through internet infrastructure monitoring. The platform is built on a semantic knowledge graph containing 45 billion interconnected data points, unifying routing, DNS, hosting, and ownership data into a single intelligence layer. - Website: https://www.whisper.security - Sign Up: https://console.whisper.security/sign-up - Product: https://www.whisper.security/product - Features: https://www.whisper.security/features - Solutions: https://www.whisper.security/solutions - Blog: https://www.whisper.security/resources/blog - Documentation: https://www.whisper.security/docs - About: https://www.whisper.security/about-us - Contact: https://www.whisper.security/contactus ## Company Facts - Founded: January 2025 - Headquarters: Europe - Funding: EUR 1.6M pre-seed - Emerged from Antler's fall 2024 program, top 0.41% of 8,000+ startups - Investors: Antler, Atlas SGR, Volve Capital, D11Z, Tioga Trust ## What Whisper Does Whisper builds the infrastructure intelligence layer for the internet. The platform monitors and analyzes internet infrastructure in real time, connecting data across routing (BGP), DNS, hosting providers, WHOIS/ownership, and SSL/TLS certificates. This unified view enables security and risk teams to detect, investigate, and respond to threats faster than traditional approaches. ## Whisper Knowledge Graph The core of Whisper is a knowledge graph that maps the global internet into a single queryable graph. Every entity on the internet becomes a node, every observed relationship becomes an edge. The graph is queried using Cypher via a REST API at https://graph.whisper.security. ### Node Types - DNS & Web: HOSTNAME, TLD, TLD_OPERATOR - IP & Routing: IPV4, IPV6, PREFIX, ASN, ASN_NAME, RIR - Registration: REGISTRAR, ORGANIZATION, EMAIL, PHONE - Geography: COUNTRY, CITY - Threat Intel: FEED_SOURCE, CATEGORY - BGP (live): REGISTERED_PREFIX, ANNOUNCED_PREFIX ### Key Relationships - DNS: RESOLVES_TO, CHILD_OF, NAMESERVER_FOR, MAIL_FOR, ALIAS_OF - SPF: SPF_INCLUDE, SPF_IP, SPF_A, SPF_MX, SPF_EXISTS, SPF_REDIRECT - Routing: BELONGS_TO, CONTAINS, ROUTES, PEERS_WITH - Registration: HAS_REGISTRAR, REGISTERED_BY, HAS_EMAIL, HAS_PHONE - Web: LINKS_TO - Threat Intel: LISTED_IN - Geography: LOCATED_IN, HAS_COUNTRY ### Threat Intelligence Nodes are enriched with threatScore, threatLevel, and flags: isC2, isTor, isMalware, isPhishing. The CALL explain() procedure gives full threat and reputation assessment for any IP, domain, ASN, or CIDR prefix. ASN nodes carry aggregate threat statistics across all routed prefixes. ### Historical Data The CALL whisper.history() procedure returns WHOIS and BGP routing history — registrar changes, nameserver changes, BGP origin changes, prefix announcements, and withdrawals over time. ## Key Capabilities - Real-time infrastructure monitoring across BGP, DNS, hosting, and WHOIS - Semantic knowledge graph with 45 billion data points queryable via Cypher - Predictive threat intelligence and early warning - Infrastructure change detection and alerting - Attack surface discovery and monitoring - Supply chain risk assessment - Incident investigation and forensics - Brand and domain protection - BGP hijack detection (multi-origin prefix analysis) - Email security posture auditing (MX, SPF chain analysis) - Takedown support (registrar, hosting provider, upstream network identification) ## Use Cases - Threat Intelligence Teams: Enrich indicators with infrastructure context - Security Operations Centers (SOC): Accelerate investigation and triage - Incident Response: Trace attacker infrastructure and pivot across data sources - Risk Management: Assess third-party and supply chain cyber risk - Brand Protection: Detect domain spoofing, typosquatting, and phishing infrastructure - Threat Hunting: Walk the graph from known indicators to discover unflagged related infrastructure - Domain Campaign Tracking: Cluster domains sharing registration patterns, nameservers, or hosting - Email Security: Audit MX records, SPF authorization chains, and sending IP reputation ## Differentiators - Only platform that unifies BGP, DNS, hosting, and ownership data in a single graph - Real-time monitoring (not periodic snapshots) - Cypher query API for programmatic graph queries at https://graph.whisper.security - Semantic graph enables relationship-based queries across infrastructure layers - Built by internet infrastructure veterans including former RIPE NCC CIO - Purpose-built for cybersecurity use cases - MCP server for AI assistant integration ## Documentation Technical documentation for the Whisper platform: - Introduction to Whisper Knowledge Graph: Overview of the Whisper Knowledge Graph — what it is, how it works, what data it contains, and what you can do with it.: https://www.whisper.security/docs/whisper-graph-intro - Cypher Query Guide: Complete guide to querying the Whisper Knowledge Graph using Cypher, including API reference, graph schema, and query patterns.: https://www.whisper.security/docs/cypher-query-guide - MCP Client Setup: Set up any MCP-compatible client to query WhisperGraph for internet infrastructure intelligence.: https://www.whisper.security/docs/mcp-guide ## Glossary - What Is Infrastructure Intelligence?: https://www.whisper.security/glossary/infrastructure-intelligence ## Full Documentation For comprehensive information, see: https://www.whisper.security/llms-full.txt