Pricing

Free for OSS.
Priced for teams.

No 6-tool duct-tape stack. No YAML archaeology. Nixer wraps everything, runs in CI, ships findings — not setup time.

Monthly Annual Save 20%
Free for OSS
$0
$0
Forever, for public repos.
Forever, for public repos.

5 scans/month on public repos. Full findings. Leaderboard badge. GitHub Action. All /learn modules.

Starter
$9 / mo
$86 / yr
1 repo · 100 scans/mo

was $108/yr — you save $22

Private repo scanning, CI integration, PR comments. Everything you need for one repo.

Most Popular
Pro
$29 / mo
$278 / yr
10 repos · 1K scans/mo

was $348/yr — you save $70

Private repos, CI gates, email alerts, full /learn library, priority detection rule updates.

Team
$79 / mo
$758 / yr
50 repos · unlimited scans

was $948/yr — you save $190

50 repos, unlimited scans. Built for teams shipping AI at scale.

Enterprise
Custom
Custom (annual available)
Named MSA. Dedicated detection engineer.

SSO, custom detection rules, dedicated detection engineer, on-prem scanner option, and an SLA that actually means something.

Why Nixer

Nixer vs running it yourself

The math on building your own AI security scanning stack — and why almost nobody actually finishes it. See also: detection rules catalog.

What you need to cover Nixer DIY open-source stack
Setup timeSemgrep + Garak + Promptfoo + custom glue ~5 minutes. One GitHub Action, zero config. 2–3 weeks to wire up all tools. Every tool has a different config format.
AI agent coverageLangChain, CrewAI, AutoGen, LlamaIndex ✓ Framework-aware rules. Detects agent-specific attack surfaces (tool routing, memory injection, recursive calls). Semgrep has no AI agent rules. Garak tests models, not agent orchestration. Gap is real.
MCP tool surface coverageModel Context Protocol ✓ mcp-tool-allowlist-missing, fetched-content-unsandboxed, tool-output-injection — 3 dedicated rules. No OSS tool has MCP-specific detection rules yet. You're writing them from scratch.
Prompt injection detectionGarak, Promptfoo ✓ 150+ probes. Direct + indirect + second-order variants. Runs in <60s. Garak config is arcane. Promptfoo requires per-model config files. No unified CI output.
Code-pattern analysisSemgrep (OSS rules) ✓ 17+ custom AI rules (prompt sinks, unsafe evals, MCP tool sprawl, RAG poisoning sinks). Semgrep OSS has zero AI-specific rules. You write them — or pay for Semgrep Pro.
CI integrationGitHub Actions, SARIF upload ✓ One Action, one SARIF file, PR comments with grade + top findings. Each tool emits its own format. You write the aggregator. Estimated: 3–5 days.
Maintained detection rulesOngoing rule updates ✓ New CVE rules ship automatically. Zero breaking changes. You own version pinning, rule updates, false-positive triage across 4+ tools.
SupportHumans, not docs ✓ Email support on Pro. Dedicated SE on Enterprise. GitHub issues for each tool. Garak maintainers are responsive — the rest, good luck.
Get Started

Talk to us

Tell us what you're scanning. We'll get back within one business day to set you up.

Start Starter, Pro, Team, or Enterprise

Starter is $9/mo (1 repo), Pro is $29/mo (10 repos), Team is $79/mo (50 repos), Enterprise is custom. Fill this out and we'll reach out within one business day.

No spam. Your details go directly to the founders.

Questions

FAQ

How does the pricing scale? +
Starter is $9/mo for 1 repo and 100 scans — a solo founder with one AI product. Pro is $29/mo for 10 repos and 1,000 scans — small teams shipping AI fast. Team is $79/mo for 50 repos with unlimited scans — teams that have AI everywhere. Enterprise is custom. Annual billing saves 20% across Starter, Pro, and Team.
Do you store our code? +
No. Nixer clones your repo into an ephemeral container, runs the scan, then discards the source. We retain only the findings (file path, line number, rule ID, severity) and scan metadata. Nothing else leaves the container. On-prem scanning (Enterprise) means even findings stay inside your perimeter.
How is this different from Snyk? +
Snyk finds known CVEs in dependencies. Nixer finds AI-specific attack surfaces — prompt injection sinks in your code, MCP tools with excessive permissions, RAG corpus poisoning risks, CI workflows that let pull requests exfiltrate secrets, and hardcoded model API keys. There's essentially zero overlap. Many teams run both: Snyk for the dependency layer, Nixer for the AI layer. See the full detection rules catalog.
Can we self-host? +
Yes — Enterprise tier only. The Nixer scanner ships as a self-contained container image. No data leaves your network; findings are written to your own database. Reach out via the form above to discuss architecture. FedRAMP High and CMMC customers typically prefer this option — see the defense page for the compliance crosswalk.
What's the free tier limit? +
Free tier is 5 scans/month on public repos. The one restriction: private repos require Pro. Free also gets you the full leaderboard badge, the GitHub Action (for public repos), and all /learn training modules — nothing held back.
Do you support GitLab / Bitbucket? +
GitLab is on the roadmap for Pro. Bitbucket is planned for Enterprise. Today, the GitHub Action and CLI work against any Git repo URL — if you can clone it, Nixer can scan it. The CI integration (PR comments, SARIF upload to Security tab) is GitHub-specific today. Mention your platform in the contact form and we'll prioritize accordingly.

Still on the fence?

Run a free scan on any public repo right now — no account, no credit card. Results in under 60 seconds.

Scan a repo free → See the leaderboard AI security training