mallcop

Start free. Scale for donuts.

Full mallcop functionality at every tier. Bring your own API key for $0, or let us handle inference for less than you'd pay Anthropic directly.

How Donuts Work 🍩

Mallcop runs on donuts. Scanning and detection are free. Investigations cost donuts.

1🍩

Patrol

Quick check: is this finding normal or does it need a closer look?

Triage + basic investigation
8🍩

Call for Backup

Multiple guards coordinate to investigate a suspicious finding together.

Multi-agent investigation
15🍩

Check the Cameras

Deep dive across event history and cross-finding correlation.

Deep investigation
7-55🍩

Mallcop Academy

Mallcop drafts an improvement and tests it against your real history. A new rule costs ~7🍩. A prompt overhaul costs ~55🍩.

Self-improvement + validation. See breakdown

Plans

Connectors and events are unlimited on every tier. Scanning and detection are always free.

Mallcop monitors for anomalies. It does not guarantee detection of all security threats.

Mallcop is not SOC 2, ISO 27001, or FedRAMP certified. See Privacy and Security for our current compliance posture.

Model Sovereignty

You choose your comfort level. We route accordingly.

All models, including Chinese-origin models on the Open tier, run on AWS Bedrock in US regions. Your data does not leave AWS infrastructure.

TierMultiplierProviders

Investigation Depth

Every plan grants access to all three operation modes. How deep you go determines how many donuts each call consumes.

A quick patrol (triage) consumes donuts at the baseline rate. A standard investigation costs 2× per call. A deep heal-mode investigation costs 5×. These multipliers apply on top of your sovereignty tier (Open / Allied / US-only).

ModeMultiplierWhat it does
Patrol (triage)Quick check — is this finding normal or does it need a closer look?
InvestigationStandard investigation with full context and correlation.
HealDeep investigation that can propose parser fixes for log-format drift.

Example: a heal call on the Allied sovereignty tier costs 5× × 1.3× = 6.5× the base inference rate.

BYOK Cost Calculator

See what you'd pay on each tier vs. bringing your own Anthropic key.

$ /month

Managed tiers route to optimized models at lower cost per token.

Frequently Asked Questions

What's a donut? 🍩
One unit of mallcop compute. A patrol costs 1🍩, calling for backup costs 8🍩, checking the cameras costs 15🍩. Donuts cover tokens and model pricing so you think in operations, not API calls.
What happens when I run out of donuts?
Scanning and detection keep running. Those are free. Investigations pause until your next billing cycle. Findings still get flagged and delivered to your notification channel with full context. They just skip the investigation step. You can always add a donut pack mid-cycle if you need more capacity.
Can I switch tiers?
Yes. mallcop upgrade handles tier changes. Upgrade mid-cycle and your new donut allocation starts immediately. Downgrade takes effect at the next billing cycle.
Why is BYOK more expensive than Basic?
BYOK uses whatever model your API key connects to, typically Anthropic Sonnet at $3/$15 per million tokens. Managed tiers route to optimized models (GLM 4.7, Llama 4 Scout) at 8-40x lower cost. We route smarter, you pay less.
Is the free tier really free?
Yes. Full mallcop functionality. Unlimited connectors, events, detectors. You bring your own API key for investigations. Anthropic, OpenAI, Bedrock, or any OpenAI-compatible endpoint. Your tokens, your cost, your choice.
What about Chinese models? Are they safe?
The Open tier routes to the best price/performance model available, which sometimes means Chinese-origin models like GLM 4.7 or Qwen3. These models run on AWS Bedrock in US regions. Your event data does not leave AWS. If this still concerns you, Allied and US-only tiers exclude Chinese-origin models entirely.
Why donuts and not just tokens? 🍩
Tokens are meaningless to most users. "Your investigation used 12,847 tokens" tells you nothing. "Your investigation used 3🍩" tells you exactly how many investigations you have left this month. Donuts also let us improve pricing as model costs drop. We route to cheaper models and pass the savings along without changing your plan.