TachyonicPlatform Guide
Using the Tachyonic dashboard for scan management, findings review, and team collaboration
Overview
The Tachyonic platform at platform.tachyonic.co provides a dashboard for managing security scans, reviewing findings, and tracking your AI systems' security posture over time.
Sign Up
Create an account at platform.tachyonic.co/sign-up. Sign up with email/password or Google/GitHub OAuth. An organization and default workspace are created automatically.
Targets
Targets represent the AI endpoints you want to scan. Create a target with:
- Name — descriptive label
- Endpoint — the URL of the LLM API (e.g.,
https://api.openai.com/v1/chat/completions) - Provider — which LLM provider (determines request/response format)
Domain Verification
For dashboard-initiated scans, external targets must be verified. After creating a target:
- Go to target settings and click Verify
- Choose DNS or HTTP verification:
- DNS: Add a TXT record at
_tachyonic-verify.yourdomain.com - HTTP: Serve a JSON file at
https://yourdomain.com/.well-known/tachyonic-verify.json
- DNS: Add a TXT record at
- Click Check to confirm
Known providers (Anthropic, OpenAI, Google, etc.) are auto-verified.
CLI and API key scans bypass domain verification.
Scans
Submit a Scan
From the dashboard:
- Select a target
- Choose attack categories
- Set max attacks (optional)
- Click Start Scan
Scans run on Tachyonic's infrastructure. Progress updates stream in real-time.
Scan Status
| Status | Description |
|---|---|
| Queued | Waiting for runner capacity |
| Running | Attacks in progress |
| Completed | Finished with results |
| Failed | Runner error (check logs) |
| Cancelled | Stopped by user |
Cancel a Scan
Click Cancel on a running scan to terminate it immediately.
Findings
Each finding includes:
- Attack name — which attack triggered the finding
- Category — OWASP LLM Top 10 mapping
- Severity — critical, high, medium, low, info
- Verdict — confirmed, probable, suspicious, dismissed
- Confidence — 0.0 to 1.0
- Evidence — what the model response contained
- Payload — the adversarial input sent
- Response — the model's actual response
- Reproduction steps — how to reproduce
Runtimes
For scans that need region pinning, budget caps, approval gates, or egress allowlists — typically when testing MCP servers, agent stacks, or production endpoints with sensitive data — start a runtime instead of a plain scan. A runtime is a region-pinned, budget-capped execution with isolation guarantees:
- A region pin (
aws-us-east-1oraws-eu-west-1) honoring your workspace's data-residency setting. - A budget envelope — wall-clock minutes plus a model-token cap. The metered inference endpoint returns HTTP 402 once the token cap is reached.
- Approval gates — tools matching
policy.approvals.require_beforepause and create a pending approval the operator reviews. - Egress allowlist — a sidecar enforces the host allowlist before any HTTP/HTTPS leaves the pod.
Starting a runtime
From the dashboard:
- Go to Runtimes → New Runtime.
- Choose the target endpoint, region, model, and budget.
- Click Start Runtime to start a live runtime — or Create Plan for a dry-run that validates the runtime bundle without spending budget.
The runtime appears on /runtimes with live status streamed via SSE. Click through for the runtime detail page: state-transition timeline, events, artifacts, findings, and the approval inbox.
The same surface is available from the CLI under tachyonic runtime …. See Runtimes for the full command reference and the manifest schema.
API Keys
Create API keys at Settings > API Keys for CLI and CI/CD integration. Each key is scoped to your workspace with configurable permissions.
Billing
| Plan | Price | Scans/month | Rate limit |
|---|---|---|---|
| Free | $0 | 5 | 10/min |
| Pro | $99/mo | 50 | 60/min |
| Team | $299/mo | Unlimited | 120/min |
| Enterprise | Custom | Unlimited | 300/min |
Upgrade at Settings > Billing.