Why we started this
In 2023, a customer reported seeing a phishing email that looked like it came from us. The domain was nearly identical—just one letter off. By the time we found out, the attackers had already issued SSL certificates, set up email servers, and were actively impersonating our brand.
We spent days doing damage control. Contacting hosting providers. Filing abuse reports. Warning customers. The whole time we kept asking: why didn't we know about this sooner?
Turns out, the certificate was logged publicly in the Certificate Transparency logs hours before the first phishing email went out. The information was there. We just weren't looking.
That's when we realized: attackers have to register certificates before they can impersonate you. The logs are public. You can see them coming. But nobody was watching.
Security is backwards
We think security should be proactive. Not "here's what happened," but "here's what's about to happen."
Our principles
The beliefs that guide how we build and run Bolwerk.
Use public data, not surveillance
We only monitor certificate transparency logs—data that's already public by design. We don't collect personal information, track users, or build profiles. If it's not in the CT logs, we don't see it.
AI should explain itself
When our AI flags something as suspicious, we show you why. What pattern triggered it? What similar attacks have we seen? We don't just give you scores—we give you reasoning.
Speed matters more than perfection
In security, being early is better than being perfect. We'd rather alert you to a potential threat in 5 minutes with 85% confidence than wait 2 hours to be 99% sure.
Simple tools, used daily, win
Security tools fail when they're too complex to use. We're building something you can check in 30 seconds, like email. No certifications required. No week-long training.
What we're building
Right now, Bolwerk monitors certificate transparency logs for domains you care about. When a new certificate is issued that looks suspicious—typosquatting, look-alike domains, unexpected subdomains—we alert you immediately.
But we're building toward something bigger: a real-time threat intelligence platform that understands your brand's attack surface better than the attackers do.
- Automated takedown workflows (report to registrars, hosts, CDNs)
- Threat actor tracking (who's targeting you? what patterns do they use?)
- Integration with DNS, email, and web security tools
- Real-time dashboards showing your entire domain attack surface
The goal is simple: if someone tries to impersonate your brand online, you should know about it before your customers do.
Who we are
We're a small team of engineers who've spent years building security infrastructure at companies that couldn't afford to get hacked.
We've seen phishing campaigns destroy customer trust. We've scrambled at 2am to take down impersonation sites. We've written too many "we're sorry" emails to customers.
Bolwerk is the tool we wished we'd had in those moments.
We're based remotely across time zones, obsessive about response times, and believe good security should feel invisible until you need it.
What we're not (yet)
We're early. We don't have all the features yet. Our AI will occasionally flag false positives (we're training it to get better). We're not a full security operations center. We can't stop every attack.
What we can do is give you early warning. Think of us as a smoke detector, not a fire department. We'll tell you when something suspicious is happening with your domains. What you do with that information is up to you.
We're transparent about our limitations because we think honesty matters more than marketing claims.
Want to help us build this?
We're looking for early customers who'll give us honest feedback, tell us when we screw up, and help us build the right thing.
Start monitoring your domainsFree tier available • No credit card required
Questions? Ideas? Want to tell us we're wrong about something?
Email us at [email protected]