Your middleware has
a blind spot.
Prompt injection. Data leakage. Exposed secrets. Runaway AI costs. Every request is a potential breach — and right now, nobody is watching.
Live scan simulation
Sub-0ms
Zero latency impact on your users
0 rules
Covering OWASP Top 10 injection vectors
Born from the ▸March 31, 2026 Claude Code exposure. Built to make sure it never happens again.
How it works
Three moves. Zero surprises.
Drop one middleware line in, forget about it, and read a clean dashboard when something shows up. Hover any card for plain English — tap it for the short version.
Drop the middleware
Edge-safe pattern matching runs on every request — URL, headers, body. 13 rules across 4 scanners. Sub-5ms overhead.
Kai scans every request
Findings stream to Watchman via fire-and-forget telemetry. Network failures never delay your app's response.
Your command center lights up
Filterable dashboard with commit, branch, and environment context. Severity triage, suppression rules, per-session drill-down.
Threats
4
Blocked
1
| Severity | Rule | Target |
|---|---|---|
| critical | prompt-injection | /api/chat |
| high | pii-detected | /api/assistant |
| medium | rate-exceeded | /api/chat |
This is what your command center looks like after one scan. Deploy Kai and it's yours.
Protection
Eleven scanners. One middleware line.
AI Integrity
Catches prompt injection before it reaches your model
Secrets Shield
Flags exposed keys in transit. One-click rotation. Zero-knowledge vault for scheduled rotation
PII Shield
Stops SSNs, credit cards, and health data from entering AI context
Dependency Watch
Scans for known CVEs in your dependency tree
watchman-core@0.2.0 next@14.2.35 — ✓ clean supabase-js@2.x — ✓ clean 19 deps scanned. 0 CVEs. "We eat our own cooking." — Kai
Rate Shield
Per-user AI budget enforcement. No more surprise inference bills
Output Shield
Scans AI responses for leaked credentials, PII, and system prompts
Session Integrity
Detects token replay, IP shifts, and session hijacking
Vibe Code Shield
Catches security antipatterns in AI-generated code
AI Memory Guard
Blocks memory poisoning and context manipulation
SBOM Watcher
Continuous dependency monitoring with real-time CVE alerts
Agent Sentinel
MCP tool call inspection and agent behavior enforcement
next@14.2.35 ✓ clean react@19.0.0 ✓ clean @supabase/supabase-js@2.49 ✓ clean 47 deps scanned. 0 CVEs. "Stack is clean." — Kai
60 seconds from zero to protected.
Step 1 · Install
npm i @kairosinternational/watchman-nextjsStep 2 · Drop in
import { withWatchman } from "@kairosinternational/watchman-nextjs";
export default withWatchman();
export const config = { matcher: ["/((?!_next|static).*)"] };Step 3 · Watch
Open your command center at watchman.guide/dashboard
Kai starts scanning the moment your first request hits the middleware.
Free forever · 100 scans/month · No credit card
Pricing
Start with Recon. Kai watches for free.
Upgrade when your stack demands it. Every subscription funds the Kai'Ros International orphanage in Kumasi, Ghana.
RECON
Free
“Kai watches. You decide.”
- ✓11 scanners — all active
- ✓500 scans/month
- ✓1 project
- ✓Guided secret rotation
- ✓Kai personality + onboarding
OPERATOR
$19/mo
“Kai briefs you daily.”
- ✓Everything in Recon
- ✓25K scans/month
- ✓10 projects
- ✓Auto-rotation (Stripe, OpenAI +)
- ✓Kai Max AI assistant
- ✓Custom rules + weekly digest
COMMAND
$79/mo
$59/mo billed annually
“Kai runs your security posture.”
- ✓Everything in Operator
- ✓Unlimited scans + projects
- ✓Zero-knowledge vault
- ✓Agent Sentinel early access
- ✓White-label + priority processing
Why Kai exists.
Every subscription feeds a child.
One hundred percent of Watchman revenue funds the Kai'Ros International orphanage in Kumasi, Ghana. Every scan you run, every threat we catch, every dollar you pay — it becomes a meal, a school book, a bed, a future.
“Son of man, I have made thee a watchman unto the house of Israel.”