Skip to main content
Calseta is under active development. Documentation and APIs are evolving. We welcome feedback and contributions on GitHub.

​
What Calseta Is

Calseta is an open-source, self-hostable data layer for security AI agents. It ingests security alerts from any source, normalizes them to a common schema, enriches them with threat intelligence and identity context, and delivers clean, context-rich payloads to AI agents — so agents spend their tokens on reasoning, not plumbing. Calseta is not an AI SOC product. It does not build, host, or run AI agents. It is the data infrastructure layer that makes customer-built agents fast, accurate, and cost-efficient. Tagline: The data layer for your security agents. License: Apache 2.0 — fully open source, self-hostable.

​
The Problem Calseta Solves

Security teams building AI agents for alert investigation consistently hit the same walls:
  • Context gap. Agents lack access to organizational knowledge — detection rule documentation, runbooks, IR plans, SOPs, and workflow documentation. Without this, agents produce generic output that doesn’t reflect the organization’s environment.
  • Integration burden. Investigating a single alert requires calling 5+ external APIs (SIEM, threat intel, identity provider, ticketing). Each integration is custom code that’s expensive to build and fragile to maintain.
  • Token waste. Raw API responses are verbose and unstructured. Agents stuffing them into context windows burn tokens and produce worse output. Pre-normalized, pre-enriched data reduces token consumption and improves reasoning quality.
  • No deterministic layer. Tasks like IOC enrichment, normalization, and alert routing are deterministic — they should never consume LLM tokens. Today, agents often perform these tasks themselves because no purpose-built infrastructure handles them.

​
Who It’s For

Primary — Digital-native organizations (50–500 employees)
SaaS, fintech, and high-growth tech companies where software is core to the business. Small or no dedicated security team. Technical staff responsible for responding to security alerts. Actively experimenting with agentic AI workflows. Secondary — Security-forward organizations (500–2000 employees)
Dedicated security engineering or small SOC team. Active interest in building internal AI tooling. Frustrated with black-box AI SOC vendors. The builder persona: Technical enough to clone a repo, run Docker Compose, and write a Python script that calls an API. Wants control over AI tooling and has the skills to exercise it.

​
What Calseta Is Not

  • Not an AI SOC product — we do not build, host, or run AI agents
  • Not a SIEM — no raw log storage, no detection or query capabilities
  • Not a SOAR — no visual playbook editor, no proprietary automation runtime
  • Not a multi-tenant SaaS — single-tenant, self-hosted