Why Blackhole
The mesh that runs without Cloudflare.
Every layer of our infrastructure — agent, healerd, mesh, relays, auth, dashboard, AI gateway — is built and operated by us. When you buy Blackhole, you're paying for actual independence.
The Tailscale Test
“If a customer evaluates us against Tailscale and sees a third-party dependency in our stack, do we lose the deal?”
If yes, we build it in-house. That's the law every Blackhole feature follows.
In-house WireGuard
In-house WireGuard fork
Cloudflare Tunnel (proprietary)
In-house ZeroTier protocol
In-house STUN + DERP relays
In-house STUN + DERP
Cloudflare edge
In-house roots
In-house healerd (boot, crash, IP rotation)
tailscaled (similar)
cloudflared + custom monitoring
zerotier-one daemon
In-house Gatekeeper (15 providers)
Not provided
AI Gateway (Workers)
Not provided
In-house AISP
Not applicable
Not applicable
Not applicable
In-house magic-link
OIDC (Google, Microsoft, GitHub, Okta)
(no first-party login)
Cloudflare Access (in-house)
In-house + OIDC
In-house monochrome web + desktop
In-house web
Cloudflare Dashboard
In-house web
$9/user/mo (mesh + AISP + Gatekeeper)
$18/user/mo Premium (mesh only)
$7/user/mo Zero Trust + per-AI-token AI Gateway
$5/device/mo Pro (mesh only)
Every layer in-house
Mostly in-house, runs on AWS
Cloudflare-native
Mostly in-house
The Dogfood Law
Every permanent fix extends our product.
We compete with Tailscale, Cloudflare, AWS, Twilio, Vercel, Auth0, Datadog. We don't use any of them as workarounds for our own gaps. Every internal pain point we solve becomes a marketing pillar.
When a problem appears, we check what we already own (WireGuard mesh, NATS cluster, AISP, healerd, RAT, JetStream KV, Capability tokens, DERP relays, Gatekeeper). The answer is usually here. If a primitive is missing, we build it as a first-class Blackhole feature — then ship it as a sellable capability.
Founder-led beta setup · post-proof subscription · bounded support