We're building runtime security you deploy on your Linux servers to protect the resources your workloads depend on, such as GPUs, databases, filesystems, and more.
Funded by Balaji Srinivasan former CTO of Coinbase and founder of the Network School.
Bomfather is a runtime security agent you deploy on your Linux servers to protect the resources your workloads depend on, such as GPUs, databases, and filesystems.
We realized that GPUs are fundamentally insecure and that there wasn't really a good solution for GPU or runtime security.
So we created Bomfather to fix three issues in existing solutions: speed, security, and simplicity.
Bomfather uses eBPF (extended Berkeley Packet Filter) to enforce policies. Unlike traditional protections, which are brittle and blind to kernel events, eBPF enables Bomfather to control what happens at the deepest level (the kernel). eBPF adds 1% to 3% overhead, while Confidential Computing adds anywhere from 10% to 4060% overhead depending on the workload.
There are many runtime security solutions, but most run in the userspace, rendering them vulnerable to tampering by other processes on the machine. The remaining solutions are vulnerable to policy manipulation and can be shut down by malicious actors. Bomfather’s solution is built with eBPF, so we run directly in the kernel and are constantly at the forefront of innovation in GPU and runtime security.
Bomfather is extremely easy to set up. You can write a really small policy file for your whole infrastructure, so you don't have to go through huge policy files trying to figure out what does what (watch our inheritance policy video for more information)! Running Bomfather is also really easy, it's a background process that requires no changes to your infrastructure or programs.