Alma Overview

Alma is an Application Detection & Response (ADR) platform.

It gives you runtime visibility, detection, and response without code changes.

It monitors live application traffic, data flows, and AI interactions at runtime.

The Alma Sensor

The Alma Sensor is a lightweight, runtime-native sensor.

It uses eBPF to observe live Layer 7 behavior.

No proxy. No sidecar. No code change.

It observes application behavior in any environment:

• Cloud and on-prem

• Virtual machines, containers, and Kubernetes

• Windows and Linux

• Serverless and managed services

The sensor captures signals from live interactions:

• APIs

• Data stores

• Third-party services

• Internal services

• Queues and messaging

• LLM endpoints, MCP servers, and agent workflows

This builds a real-time view based on observed behavior.

AI runtime coverage

Alma monitors AI-augmented applications in production.

It inventories AI components as they appear:

• LLM endpoints and MCP servers

• Agents, tool calls, embeddings, and vector stores

• Third-party AI providers and new integrations

It detects risky AI behavior in live Layer 7 traffic:

• Prompt injection and endpoint enumeration

• MCP tool exposure and excessive agency

• Scope drift across agentic workflows

It tracks sensitive data across AI workflows:

• PII, PCI, and PHI

• Secrets and credentials

• Prompt and response flows to external providers

AI findings use the same Alma finding model:

• Vulnerabilities

• Violations

• Incidents

Key Capabilities

Holistic application view See live dependencies, data flows, AI components, and service interactions.

Runtime threat detection Detect abuse, misuse, and logic attacks using behavioral analysis and profiling.

AI runtime detection Detect prompt abuse, MCP risk, agent drift, and unsafe tool exposure.

Dynamic threat modeling Adapt models to changing behavior and attack patterns.

Sensitive data tracking Detect regulated data, secrets, and credentials in live traffic and AI flows.

ADR workflows Correlate findings, prioritise risk, and drive response for SOC and DevSecOps.

How Alma detects

Alma combines six runtime engines in one detection stack.

• Behavioral Engine baselines Layer 7 behavior and surfaces first-seen drift.

• Application Intelligence inspects APIs, auth exchanges, model calls, and data access.

• AI Threat Intelligence correlates AI signals and reconstructs incident context.

• Offensive Validation confirms exploitability and validates fixes.

• Data Security Engine detects sensitive data in live traffic, including AI workflows.

• Exposure Context Engine adds reachability, posture, and component context.

Built for Every Environment

• Cloud & Multi-Cloud

• On-Prem & Hybrid

• Virtual Machines & Bare Metal

• Containers & Kubernetes

• Windows & Linux

• Serverless & Managed Services

Zero-Friction Deployment

• Auto-instrumentation with zero code changes

• Up and running in minutes (typical)

• Supports 95%+ of common application protocols

• Minimal overhead (~2% CPU, ~0.5GB RAM per cluster)