About Bolwerk

We're building the security tool we wished existed when our domains got impersonated.

Why we started this

In 2023, a customer reported seeing a phishing email that looked like it came from us. The domain was nearly identical—just one letter off. By the time we found out, attackers had already issued SSL certificates and were actively impersonating our brand.

We spent days doing damage control. The whole time we kept asking: why didn't we know about this sooner?

The certificate was logged publicly hours before the first phishing email. The information was there. We just weren't looking.

Attackers have to register certificates before they can impersonate you. The logs are public. You can see them coming.

Security is backwards

We think security should be proactive. Not "here's what happened," but "here's what's about to happen."

Traditional: Alerts after damage
Bolwerk: Catches threats before launch

Our principles

The beliefs that guide how we build Bolwerk.

Public data, not surveillance

We only monitor certificate transparency logs—data that's already public. We don't track users or build profiles.

AI should explain itself

When our AI flags something suspicious, we show you why. Not just scores—reasoning.

Speed over perfection

We'd rather alert you in 5 minutes with 85% confidence than wait 2 hours to be 99% sure.

Simple tools win

Something you can check in 30 seconds, like email. No certifications required.

What we're building

Right now, Bolwerk monitors certificate transparency logs for your domains. When a new certificate looks suspicious—typosquatting, look-alikes, unexpected subdomains—we alert you immediately.

We're building toward a real-time threat intelligence platform that understands your brand's attack surface better than the attackers do.

Coming soon
  • Automated takedown workflows
  • Threat actor tracking
  • DNS, email, and web security integrations
  • Real-time attack surface dashboards

Who we are

A small team of engineers who've spent years building security infrastructure at companies that couldn't afford to get hacked.

We've seen phishing campaigns destroy customer trust. We've scrambled at 2am to take down impersonation sites.

Bolwerk is the tool we wished we'd had.

What we're not (yet)

We're early. We don't have all the features yet. Our AI will occasionally flag false positives. We're not a full security operations center.

What we can do is give you early warning. Think of us as a smoke detector, not a fire department.

We're transparent about our limitations because honesty matters more than marketing claims.

Want to help us build this?

We're looking for early customers who'll give us honest feedback and help us build the right thing.

Start monitoring your domains

Free tier available · No credit card required

Questions? [email protected]