TAPION is a personal cybersecurity experimentation project. It is not commercialised and is not intended for production use. The site is kept online as a technical demonstrator while I figure out what comes next.
TAPION
LIVE Internal audit done · EU-hosted · May 2026

Your servers protected
against cyberattacks.
Operational from day one.

Most tools see. TAPION acts. Automatic detection on known attack patterns, immediate blocking, immutable audit log. EU-hosted, GDPR compliant.

see it in action →
// technical demonstrator

Personal cybersecurity experimentation project. Running in production since April 2026. Internal audit done.

~/tapion · soc-prod-eu1 · 142x38
LIVE
$ docker compose logs -f tapion-agent
[boot] threat feeds loaded
[boot] detection scenarios active
[boot] agents online: 3/3
[boot] monitoring channel open
─── live event stream ─────────────────────────
events/s
blocked
latency p99
posture
active
// simulation — representative activity from an isolated demo cluster

You don't need to be a security expert
to know whether your business is protected.

01

You'll know when something is wrong, without looking for it.

When an intrusion attempt occurs, you receive a clear summary. Not hundreds of notifications — just what actually matters.

02

Your business keeps running, even under attack.

TAPION isolates the compromised machine before the issue spreads. You don't have to do anything manually.

03

Your data stays with you, in Europe.

No third-party cloud. No transfer to external servers. TAPION runs on your infrastructure, under your full control. EU-hosted, GDPR compliant. Contributes to NIS2 art. 21 requirements (incident management and cryptography).

// concretely, here is what changes compared to classic tools.

Classic tools see everything.
They do nothing. TAPION acts.

// the old way

Alert. Triage. Wait.

A classic tool generates hundreds of alerts. You read a few. Meanwhile an attack progresses, and no one moves.

  • × unqualified alerts
  • × you must act yourself, every time
  • × no automatic blocking
// the TAPION way

Detect. Block. Report.

TAPION monitors your infrastructure against known attack patterns. When a host is compromised, it is isolated automatically. Come back Monday and read the activity log.

  • you read summaries, TAPION acts
  • automatic blocking of known threats
  • timestamped activity log
EU
data in Europe
self-hosted
your infra, your uptime
AES-256
security ↗
10
attack scenarios monitored

From attack to closure,
you don't intervene.

prod-server-eu-3 / SSH log ATTACK IN PROGRESS
step 1 / 5 elapsed 0.00s

Detection

A server receives repeated connection attempts within seconds. TAPION sees it in real time.

Analysis

TAPION compares the observed behaviour against known attack patterns. The IP address is cross-referenced with threat intelligence feeds. A match is found. The threat is qualified.

Decision

The threshold is reached. TAPION blocks automatically. No support ticket. No phone call.

Block

The IP is blocked across all your monitored endpoints. You receive an alert with the full incident detail.

Audit trail

The incident is recorded in the activity log, timestamped and traceable. If you are ever audited, you have a complete trail.

// auto-cycles every 12s

Right now,
someone is trying.

Simulation of threats observed on real infrastructures. Each point illustrates a type of intrusion that TAPION detects and blocks automatically.

live feed live
// local simulation, representative data, not connected to your infrastructure
main attack
SSH brute force
simulated agents
3