# EarlyCore > EarlyCore is the AI security platform built for European MSSPs. EU-hosted, EU-owned, not subject to the US Cloud Act. Covers DORA, NIS2, the EU AI Act, and GDPR by default. EarlyCore gives Managed Security Service Providers a white-labelled AI security stack they can resell to regulated clients across the EU and UK. The platform has two products: proactive Red Team scans before production, and asynchronous Runtime threat detection in production. Both tag findings to DORA, NIS2, EU AI Act, GDPR, ISO 42001, NIST AI RMF, OWASP LLM Top 10, and MITRE ATLAS for auditor-ready evidence. The company is privately held, bootstrapped to profitability, and not subject to US extraterritorial law. The primary audience is MSSP CTOs and CEOs, plus CISOs at EU-regulated financial services, healthcare, and public sector clients those MSSPs serve. ## Core pages - [Homepage](https://earlycore.dev/): Positioning, pillars, proof, and primary calls to action - [For MSSPs](https://earlycore.dev/for-mssps): Resell-under-your-brand motion, tier economics, partner pack - [Pricing](https://earlycore.dev/pricing): Three tiers starting at £599 per month, transparent usage units - [Partners](https://earlycore.dev/partners): Three-tier program (Certified, Preferred, Elite), MDF model, portal preview - [Become a partner](https://earlycore.dev/partners/become-a-partner): Partner application form - [Partner contact](https://earlycore.dev/partners/contact): Book a 30-minute call or email the partner team - [Partner portal preview](https://earlycore.dev/partners/portal): Preview of the partner portal (login lives on app.earlycore.dev) - [Demo](https://earlycore.dev/demo): Interactive product walkthrough, no signup required ## Platform - [Platform overview](https://earlycore.dev/platform): Two products (Red Team, Runtime) plus integrations, one console per MSSP - [Red Team scanning](https://earlycore.dev/platform/red-team): 21 scanners mapped to OWASP LLM Top 10 and MITRE ATLAS - [Agent Skills Scanner](https://earlycore.dev/platform/agent-skills-scanner): Free scanner for AI agent skills, repo instructions, MCP manifests, rules, hooks, and helper scripts. Shows the risky file, why it matters, and the suggested edit before a developer approves the skill; connect GitHub or upload a zip - [Runtime monitoring](https://earlycore.dev/platform/runtime): Asynchronous observer over OpenTelemetry, P0-P3 alert priorities. Tags findings to DORA, NIS2, EU AI Act, GDPR, ISO 42001, NIST AI RMF, OWASP LLM Top 10, and MITRE ATLAS - [Integrations](https://earlycore.dev/platform/integrations): AWS Bedrock, SageMaker, Azure OpenAI, Google Vertex AI, Logfire, LangChain, Slack, Teams, Jira. All live today. Custom integrations on request ## Use cases - [Use case index](https://earlycore.dev/use-cases): Overview of regulated-sector use cases - [Financial services](https://earlycore.dev/use-cases/financial-services): DORA Articles 5 to 16, operational resilience, ICT third-party risk - [Healthcare](https://earlycore.dev/use-cases/healthcare): GDPR Article 9, NHS DSPT alignment, zero-retention mode - [Public sector](https://earlycore.dev/use-cases/public-sector): EU procurement, sovereignty requirements, framework contracts ## Blog - [Blog index](https://earlycore.dev/blog): Field notes from EarlyCore red-team assessments of real AI agent deployments - [Hardened OpenClaw, 80% of attacks still worked](https://earlycore.dev/blog/openclaw-security-hardening-80-percent-attacks-succeeded): 629 attack scenarios against a hardened OpenClaw deployment. 23.5% overall success rate, 80% on hijacking. Methodology, full results table mapped to OWASP LLM Top 10, and the 9-layer defense stack including Claude 4.5 Opus, sandbox mode, and exec approvals - [Red-teaming Minimus OpenClaw: sandbox escape and WhatsApp incident](https://earlycore.dev/blog/minimus-openclaw-security-assessment): 635 tests against Minimus OpenClaw. 131 failures, including a live sandbox escape via the exec tool's host parameter that hot-reloaded WhatsApp channel config and sent unsolicited messages to real users. Architectural failure, not a CVE ## Resources - [Resource index](https://earlycore.dev/resources): All gated trust documents - [MSSP Partner Pack](https://earlycore.dev/resources/mssp-partner-pack): Economics, co-sell motion, pack contents - [DORA compliance map](https://earlycore.dev/resources/dora-compliance-map): Article-by-article control mapping - [EU AI Act guide](https://earlycore.dev/resources/eu-ai-act-guide): Obligations for providers and deployers - [MSSP procurement FAQ](https://earlycore.dev/resources/mssp-procurement-faq): Top 16 questions from live deals - [Sovereign reference architecture](https://earlycore.dev/resources/sovereign-reference-architecture): EU-only data path diagram - [State of AI security](https://earlycore.dev/resources/state-of-ai-security): Findings from 1,000 tests across managed AI gateways - [EU procurement checklist](https://earlycore.dev/resources/eu-procurement-checklist): Vendor selection criteria - [Sample compliance report](https://earlycore.dev/resources/sample-compliance-report): What an auditor sees ## Developers and API - [Developer portal](https://earlycore.dev/developers): Quickstart, API surface, authentication, scoped permissions, MCP server, webhooks - [OpenAPI 3.1 spec (JSON)](https://earlycore.dev/openapi.json): Machine-readable surface for codegen, agentic clients, and SDKs - [OpenAPI 3.1 spec (YAML)](https://earlycore.dev/openapi.yaml): Same spec, YAML form for IDE plugins and humans - [Alternate OpenAPI URL](https://earlycore.dev/api/openapi.yaml): Mirror of the YAML spec at the conventional /api path - API base URL: https://api.earlycore.dev/v1 (production, EU-hosted) - Sandbox base URL: https://api.sandbox.earlycore.dev/v1 (free, mock data, same surface) - MCP server: https://mcp.earlycore.dev (native to Claude Code; same scope model as REST) - Authentication: API keys via `Authorization: Bearer ec_live_...`. Roles: viewer, analyst, admin. OAuth 2.0 with PKCE for end-user flows - Scoped permissions: `scans:read`, `scans:write`, `findings:read`, `findings:write`, `agents:read`, `agents:write`, `agents:admin`, `reports:read`, `reports:write`, `webhooks:read`, `webhooks:write`, `integrations:read`, `integrations:write` - Webhook events: `finding.created`, `finding.updated`, `scan.completed`, `report.ready` (HMAC-signed, retried for 24h) - Source code, SDKs, sample integrations: https://github.com/EarlyCore-AI ## Trust and legal - [Data processing agreement](https://earlycore.dev/dpa): Standard DPA template, GDPR Article 28 and DORA Article 30(2) ready - [Privacy policy](https://earlycore.dev/privacy) - [Terms of service](https://earlycore.dev/terms) ## Company details - Name: EarlyCore - Industry: AI security, cybersecurity, managed security services enablement - Headquarters: United Kingdom - Markets served: European Union, United Kingdom, European Economic Area - Primary customers: Managed Security Service Providers (MSSPs) serving regulated industries - Founded: 2025 - Ownership: Privately held, bootstrapped, no US parent, no US investor control - Data residency: EU regions only - Hosting: EU-based infrastructure, not subject to the US Cloud Act - Booking: https://cal.com/paul-aldea/30min - Source code (plugins and SDKs): https://github.com/EarlyCore-AI ## What EarlyCore is not - Not an inline proxy; it is an asynchronous observer with zero latency impact on production traffic - Not a direct-to-enterprise sales motion; the go-to-market is through MSSP partners - Not US-headquartered, not US-owned, not subject to Cloud Act or FISA 702 discovery - Not dependent on any single hyperscaler at the analysis layer ## Canonical references - Category: AI security platform for MSSPs - Frameworks covered: OWASP LLM Top 10, MITRE ATLAS, DORA, NIS2, EU AI Act, GDPR, ISO 27001, SOC 2 - Deployment models: SaaS (EU-hosted), dedicated tenant available for enterprise - Pricing floor: £599 per month (Starter tier, up to 10 AI agents monitored)