Most of the threat-intel platforms our customers compare us against quote between $30,000 and $150,000 a year. Dataminr, Zignal Labs, Echosec, Babel Street, Recorded Future — same shape. Annual minimums, multi-year contracts, seat-based pricing with hidden per-feed surcharges.
We don't price that way. Customers bring their own API keys for paid signal sources — Reddit, X, AccuWeather, Ticketmaster Partner, Downdetector, Brandwatch, whatever they've already licensed — and we run the fusion layer on top. They pay us for synthesis. They pay the underlying providers directly.
This post is the why.
The five-vendor problem
Walk into a major venue's security ops office and count the contracts. There's usually a weather contract (AccuWeather or IBM Weather), a social-listening contract (Brandwatch or Meltwater), a crisis-monitoring tool (NC4 or Everbridge or Dataminr), a scanner subscription (Broadcastify), and an ad-hoc OSINT setup someone's analyst built in Excel.
None of them talk to each other. The weather alert lands in one inbox; the X post lands in a Slack channel; the Downdetector hit shows up nowhere because nobody bought Downdetector Enterprise yet. The operator's job is to be the integration layer between five vendors that each charge enterprise rates for what is, structurally, a single fused brief.
The traditional vendor response is "consolidate on our platform." Buy Dataminr Pulse for $80K and it'll do all of it. Maybe. But you also throw out the AccuWeather contract you already trust, you lose the Brandwatch query builder your media-monitoring team spent two years tuning, and you're now locked into a single vendor's coverage gaps for three years.
What BYOK actually unwinds
When we let customers bring their own API keys, three things change.
First, the per-customer marginal cost on our side drops to near zero on the signal layer. We're not reselling X API access. We're not paying AccuWeather a wholesale rate and marking it up. The customer's quota is the customer's quota. That lets us price the fusion layer — which is where our actual work lives — at infrastructure prices instead of enterprise-license prices.
Second, the customer keeps their existing contracts. If you have a HERE traffic license, you keep it. If your team trained an analyst on Brandwatch's query builder, you keep them. You don't have to throw out two years of vendor-specific knowledge to get cross-pillar synthesis.
Third, the upgrade path is granular instead of cliff-shaped. You can start with free public feeds (we wire 23 of them by default), then BYOK AccuWeather when you outgrow the public NWS feed for outdoor events, then BYOK Reddit paid tier when chatter volume justifies it, then BYOK Downdetector when your venue starts seeing crowd-saturation cellular degradation. Each upgrade is a $30–$500/mo decision, not a $50K/yr decision.
What it costs us
Three things, mostly.
It costs us simplicity in the sales motion. "Bring your keys" is harder to explain than "give us a credit card." We've had prospects on calls ask "but what do I actually get from you, then?" — which is a legitimate question and one we answer by showing them the severity-scoring brief instead of the data-acquisition layer.
It costs us a chunk of vendor-relationship leverage. We don't bulk-buy X API access and resell at a markup. We don't have a sponsor relationship with AccuWeather. That's fine — we'd rather be honest about what we make than capture margin on data the customer is already paying for.
And it costs us in support load. We've built a credentials store, an envelope encryption layer, a rotation flow, and an error-banner UX (we keep getting better at this; the /integrations page is on its third major iteration). The infrastructure for accepting other people's keys is genuinely more work than running everything on our own keys.
Who BYOK is wrong for
BYOK isn't the right model for everyone. If you're a one-event-a-year consultant who needs a brief next Tuesday, you don't want to provision a Reddit OAuth app. You want a credit card and a result. We have a PAYG tier ($19 per scan) for exactly that case.
If you're an enterprise customer who genuinely doesn't have AccuWeather, doesn't have a chatter contract, and wants one invoice to one vendor, we have a managed tier where we provision keys on the customer's behalf and bill through. That's a real product. It's just not how most of our customers want to buy.
The BYOK model is right for the operator who already has three or four of these contracts and wants the fusion layer without the consolidation play. Which, in our experience, is most security teams that have been around for more than two budget cycles.
The deeper bet
The deeper bet here is that the synthesis layer is the durable product, and the data layer is a commodity that should be priced like one.
If we're right, the next decade of threat intelligence looks like cloud infrastructure: customers pick best-of-breed signal sources on their own contracts, and a thin synthesis layer fuses them into actionable briefs. The $100K/yr enterprise-license model that defined 2010–2025 in this category will look, in retrospect, like the way nobody buys databases anymore.
If we're wrong, we'll have made it easy for our customers to leave. Which is also fine. We'd rather earn the renewal every quarter than write it into a contract.
The mechanics live on /integrations and the pricing is at /pricing. Customers ask us about this model on every sales call. We figured it was worth writing down.