Know. Respond. Get Proactive.
Three tiers, one intelligence engine. Pick where your team is today. Mallory scales with you.
Community
Know first.
For solo analysts, researchers, and consultants. Triage threats, vulnerabilities, and IoCs without standing up a platform.
For individual use. Available by request.
- Seats1
- Per-Seat Model CapacityLimited
- ModelManaged
- DeploymentHosted
- Stories, threats, vulnerabilities, IoCs
- Limited lookup API
- Single seat, rate-limited
Team
Know first, Act first.
Make every analyst on the team 10x. Morning CVE triage in minutes instead of hours. Investigation Automation that hunts while your team focuses on the work that matters.
- SeatsProvisioned
- Per-Seat Model CapacityStandard or Max
- Scheduled Agent Routines25 per seat
- ModelManaged
- DeploymentHosted
Everything in Community, plus:
- Full threat intelligence library
- Intel API (rate-limited, internal use)
- Investigation Automation
- BYO intelligence feeds (up to 5)
- SSO / SCIM
Enterprise & Service Providers
Know first, Act first, Get Proactive.
Continuous exposure reduction across your full environment. Intelligence correlated to your assets, your adversaries, and your exposure. Agents handle scoping through remediation against a persistent asset corpus.
Starting from $50k/yr. Scoped to your organization.
- SeatsUnlimited
- Per-Seat Model CapacityCustom allocation
- Scheduled Agent RoutinesUnlimited
- ModelBYOM or Managed
- DeploymentHosted or BYO Cloud
Everything in Team, plus:
- Scope-to-remediation automation
- Bulk API + commercial reuse license
- BYOM, BYO Cloud, MSSP / multi-tenant
- Dedicated CSM, named SLA, custom governance
Save 10% on annual purchases.
Compare Plans
| Feature | Community | Team | Enterprise |
|---|---|---|---|
| Positioning | |||
| Best for | Triage threats | Investigate as a team | Reduce exposure continuously |
| License Type | Commercial | Commercial | Commercial |
| Intelligence | |||
| Stories | ✓ | ✓ | ✓ |
| Cyber intel (actors, advisories, malware, TTPs) | ✓ | ✓ | ✓ |
| Vulnerability and exposure intel | ✓ | ✓ | ✓ |
| Observables (IoCs) | ✓ | ✓ | ✓ |
| Third-party risk intel (breaches, organizations) | — | ✓ | ✓ |
| Software package intel | — | ✓ | ✓ |
| Integrations | |||
| Enrichment Integrations | ✓ | ✓ | ✓ |
| Ticketing and Communication integrations | — | ✓ | ✓ |
| Investigation integrations | — | ✓ | ✓ |
| MCP integrations | — | ✓ | ✓ |
| Asset & Attack Surface Contextualization | |||
| Basic Contextualization | ✓ | ✓ | ✓ |
| Intelligence Ingest | — | ✓ | ✓ |
| Asset Ingest | — | — | ✓ |
| Agents and Automation | |||
| Mallory Agent | ✓ | ✓ | ✓ |
| Intelligent Alerts | — | ✓ | ✓ |
| Investigation Agents | — | ✓ | ✓ |
| Customizable Skills | — | ✓ | ✓ |
| Scheduled Agent Routines | — | 25 per seat | Unlimited |
| API & MCP Access | |||
| Entity lookup API | ✓ | ✓ | ✓ |
| Observable lookup API | ✓ | ✓ | ✓ |
| MCP Server | ✓ | ✓ | ✓ |
| BYO Asset & Intel APIs | — | ✓ | ✓ |
| Redistribution / Resale | — | — | Licensed |
| Automation | |||
| Model | Managed | Managed | BYOM or Managed |
| Per-Seat Model Capacity | Limited | Standard or Max | Custom allocation |
| Agent schedules | — | Hourly | Hourly |
| Deployment | Hosted | Hosted | Hosted or Bring Your Own Cloud |
| Platform | |||
| Seats | 1 | Provisioned | Unlimited |
| Workspaces | 1 | 3 per seat | Unlimited |
| Team management | — | ✓ | ✓ |
| SSO / SCIM | — | ✓ | ✓ + custom IdP |
| Dedicated CSM, named SLA | — | — | ✓ |
| MSSP / multi-tenant operation | — | — | ✓ |
| Governance: custom RBAC, data residency, compliance | — | Standard | Custom |
Team API rate limits are sized for analyst workflows. Bulk export, streaming, and commercial reuse are Enterprise — talk to us if that's the use case.