Tracebit unveils free community canary security platform

Cyber security start-up Tracebit has launched a free community edition of its cloud-based deception platform, opening its canary detection technology to individual developers and small teams.

The London-based company said the new edition makes its security canaries available without charge on an ongoing basis. Canaries are decoy digital assets that sit inside an organisation's infrastructure and trigger alerts when attackers attempt to access or use them.

Tracebit said it aims the product at a wide range of users. These include security enthusiasts, developers protecting personal devices, and early-stage companies that face many of the same threats as larger enterprises but often run with limited security tooling.

Security canaries typically take the form of realistic but fake credentials or tokens. Attackers who move through a compromised environment often attempt to harvest such details. Interaction with a canary generates a high-priority signal that indicates malicious activity.

Free community launch

The Community Edition allows users to deploy several types of canaries. These include AWS session tokens, SSH keys, browser session cookies, password manager credentials, email trackers and so-called LLM canaries planted in AI-related workflows.

All canaries are created and monitored through a single web console. The platform sends instant alerts when a canary triggers, which Tracebit said gives defenders a narrow, focused set of signals rather than broad behavioural or anomaly-based monitoring data.

The company said the community product will remain free. Users can unlock additional detection coverage through a referral-based programme that expands the number or variety of canaries available.

Tracebit launched in 2023 with a focus on automating the large-scale deployment and management of canaries. Since then, it has rolled out millions of canaries across thousands of customer environments, including at software companies such as Snyk, Docker and Riot Games.

'Assume breach' mindset

Tracebit positions canaries as a baseline control for organisations that take an "assume breach" approach. This security posture presumes that attackers will eventually bypass preventative controls and reach internal systems.

The company argues that the same intrusion techniques that affect large enterprises now also affect small teams and individuals. It points to AI-assisted attacks and software supply chain compromises as trends that increase the likelihood and scale of breaches.

Andy Smith, Chief Executive and Co-Founder of Tracebit, said the firm sees canaries as a standard part of security planning.

"We have built Tracebit Community Edition as we believe security canaries should be a foundation of every security program. Attackers need to go after sensitive resources in an attack. Instead of looking for attacker signals, which is time consuming and has false positives, we create canaries and strategically place them in an organization's environment. When an attacker interacts with a canary, defenders get a high-signal alert and can immediately respond. There is a secondary benefit that when attackers suspect the presence of canaries, they move more cautiously, second-guessing resources and giving organizations more opportunity to detect them," said Smith.

Growth and detection

Tracebit said its commercial platform has seen fast adoption since launch. The company reported that it has doubled its annual recurring revenue during the current quarter.

According to Tracebit, its canaries regularly pick up intrusions that other security products miss. Customers deploy the product in live production environments and often integrate it with their existing SIEM and SOAR tools. The company said the approach requires limited ongoing maintenance once set up.

Users have reported low false-positive rates from canary triggers. That is a key concern for security operations teams that manage high alert volumes from traditional tools, such as intrusion detection systems and endpoint monitoring platforms.

Riot Games, the video games developer, uses Tracebit in its security operations. "As our environment evolves and attacker behavior and knowledge evolves it's important that we stay ahead of the game, which is why we're excited to partner with Tracebit on even more advanced canaries as they build them out," said Chris Hymes, Chief Information Security Officer, Riot Games.

Container platform company Docker has also adopted Tracebit. It reported that the tool set fitted into its software delivery and monitoring stack without significant disruption.

"The deployment of Tracebit's solutions was seamless, integrating effortlessly into our existing infrastructure, deployment pipelines, and SIEM systems. We have observed a notably low false positive rate, which has significantly reduced the noise and allowed our team to focus on genuine threats," said Tim Welsh, Staff Security Engineer, Docker.

Tracebit said it has deployed more than two million canaries that protect over 750 cloud accounts for its customers. The company plans to expand the range and sophistication of the lures it offers as attackers change their methods and target new types of sensitive data.