Security by default
What doesn't exist can't be breached. No open ports, no standing credentials, no shared keys — secure is the path of least resistance.
About
We're removing the attack surface from access
Subnomic gives teams Zero Trust SSH to every server without open ports or standing credentials — with session recording, RBAC and live metrics from a single lightweight agent.
Our mission
Most breaches don't start with a sophisticated exploit — they start with an exposed port or a leaked SSH key. We believe infrastructure access should be invisible to attackers by default: nothing to scan, nothing to steal, nothing to escalate. Subnomic exists to make that the easy path for every engineering team.
We pair that secure access with the observability teams actually need day-to-day — live CPU, memory, disk, process and network metrics — so the same agent that protects your fleet also tells you exactly what it's doing.
Why we started Subnomic
We spent years maintaining bastions, rotating SSH keys, juggling VPN configs and stitching together monitoring agents — and still couldn't answer simple questions like "who connected to this host last night, and what did they run?" Every tool solved one slice of the problem and added its own ports, credentials and blind spots.
So we built the tool we wanted: one agent that dials out over TLS, brings Zero Trust SSH, records every session, enforces least-privilege RBAC, and streams real-time metrics — without opening a single inbound port. That's Subnomic.
What we value
Principles that shape the product
Least privilege
Access is just-in-time, scoped and time-boxed. People and machines get exactly what they need, for exactly as long as they need it.
Auditable by design
Every session is recorded and replayable. Accountability isn't an add-on — it's built into how access works.
Lightweight & honest
One small Go binary under 30 MB RSS. We don't read your application data unless you explicitly grant it through a policy.
Own your data
Self-hostable control plane so metrics, recordings and audit logs can stay entirely within your own infrastructure.
Built for teams
From a three-host side project to a regulated fleet, the same model scales without rearchitecting your access.
Want to talk?
Book a demo to see Zero Trust access and observability in action, or join the waitlist for early access.