Zen, your in-app firewall for peace of mind–at runtime

No, all checks are done in-app. No data is sent to any cloud to do security checks.

No! Unlike others, Zen by Aikido integrates directly into your application with no need for external agents. Deployment is as simple as adding a single line of code (importing a package), so you’re up and running in mere minutes. This approach is fast, lightweight, and far less intrusive!

User tracking is fully optional and off by default. Should you choose to track users, and share personal identifiable information (PII) rather than just IDs, you will be required to list Aikido Security as a subprocessor.

Yes. We run a yearly pentest on our platform and also have an ongoing bug bounty program to ensure our security is continuously tested by a wide range of experts.

Right now, Zen by Aikido works seamlessly with popular databases like MySQL, MongoDB, and PostgreSQL. It is compatible with ORMs and database drivers across different languages, such as TypeORM for Node.js and SQLAlchemy for Python. We have full support for Python and Node.js, and support for Ruby and PHP is coming soon. Have a specific language, driver, or package in mind? Let us know, and we’ll prioritize it.

Honestly, it's tiny. We're talking minuscule overhead for most apps. We're obsessed with performance and constantly benchmark Zen to make sure it stays lightning fast. Need hard numbers for your use case? Just run some tests based on our benchmarks.

You're not on your own. We have a growing community of developers and security folks using Zen. Don’t hesitate to open a GitHub issue – we're committed to making this project a success, and that includes support.

Seeing is believing. Zen logs blocked attacks with all the juicy details: what the attack looked like, where it came from, etc. We're working on dashboards and integrations to make this info even more accessible.

Monkey-patching gets a bad rap. Done right, it's a clever and efficient way to add functionality. Zen targets a very specific area of your code, monitoring all outgoing traffic to databases and 3rd party APIs. We've rigorously tested it to make sure it plays nice with common setups. We even tested with OpenTelemetry in the background, which didn't create any conflicts. Still worried? Try it in a test environment first.

Traditional WAFs are like security guards at the gate. They only see what comes in, not what goes on inside your building (your app). Zen is the security guard inside, watching both the front door AND how people move around once they're in. Because it sees the whole picture – the user input AND your app's database requests – it can tell the difference between a legitimate (but weird-looking) customer and a thief trying to be sneaky. Less false alarms, less real threats slipping through.

We get it. It sounds too good to be true. Zen’s magic is in three things:

1. it is a library inside your app,
2. it monitors both incoming user input and outgoing connections (to databases or 3rd party services)
3. it doesn't rely on giant rule lists. This laser focus lets it protect you with almost zero performance overhead.

Of course! When you sign up with your git, don’t give access to any repo & select the demo repo instead!