Kysira Documentation¶
Kysira hunts and kills attacks in milliseconds using AI-powered intent analysis before it can touch your application, data, or customers.
How it works¶
Every inbound request is scored by a combination of ML models and an advanced processing layer covering the full OWASP Top 10 and Zero days. The score drives one of two actions:
- Shadow mode — request passes through; score and reason are logged and surfaced in the dashboard. Safe for initial rollout with zero traffic risk.
- Active mode — requests above the kill threshold are blocked with a 403 before reaching your application.
Deployment models¶
Kysira integrates at whichever layer makes sense for your infrastructure:
| Model | Best for |
|---|---|
| Standalone proxy | Any stack — sits in front of your app, no infra changes required |
| Istio ext_proc | Istio mesh — zero extra hop, Envoy sidecar handles inspection |
| Standalone Envoy | Envoy API gateway / Contour — configure the filter in envoy.yaml |
| nginx auth_request | nginx — thin adapter sidecar, no custom nginx build required |
Get started¶
- New here? Follow the Quickstart — local and minikube paths, under 10 minutes.
- Deploying into a customer cluster? See the Client deployment guide.
- Already running Grafana or Datadog? See Observability — Kysira is discoverable with a single values flag.
Components¶
| Component | Language | Role |
|---|---|---|
kysira-inference | Python / FastAPI | Scores requests using ML models + regex detectors |
kysira-ext-proc | Go | Envoy external processing (gRPC) integration |
kysira-proxy | Go | Standalone reverse proxy |
kysira-nginx-auth-adapter | Go | nginx auth_request target |