Security for your fleet — and your logins.

One anomaly-detector instinct, pointed at two things: what's running on your servers, and who's signing in. The fleet sweep below installs in one line and runs on a timer. It found a miner running as root from a deleted /tmp binary for eight days — the kind of thing you usually learn about when your host emails you.

curl -fsSL picket.sh | sh

macOS (Apple silicon) and Linux (x86_64) ship prebuilt binaries; other targets build from source. Read-only by default. Read the docs →

fleet status

picket run swept 4 hosts · armed=false

build-host

✓ clean

load 0.11 · 6 checks

hetzner

✓ clean

load 2.54 · 12 checks

krawler

✓ clean

load 0.02 · 4 checks

⛔ contained — last run froze ./decoy (deleted) at 100% CPU in /tmp, snapshotted evidence, on build-host

how it works

sweep

A read-only POSIX-sh probe is pushed to each host over SSH — nothing installed. It looks for processes running from deleted binaries, CPU pegged from a scratch dir, egress to mining ports, rootkit hooks, and SSH-key drift.

route

Every finding is scored on the host, which has the live process context. The controller only narrows: it never upgrades a finding, and it never auto-acts on anything ambiguous.

contain

For a slam-dunk it snapshots evidence first — recovering the deleted binary from /proc — then freezes. A container gets stopped with restart off; a bare process gets SIGSTOP. Never SIGKILL.

deleted binary, off a non-system path, pegging CPU	slam-dunk → snapshot, freeze, alert
high CPU, an odd listener, a new SSH key	ambiguous → alert only, waits for you
a daemon swapped by an apt upgrade	benign → recorded, never surfaced

what it catches

# build.host, june 2026 — what started this
./BCZfwZZr (deleted)   root   784% CPU   8 days
  └─ tcp → mining pool :33333
  └─ exe self-deleted from /tmp after launch

An exploited app container mined Monero as root for eight days, and Spamhaus noticed before the dashboards did. picket runs the sweep that found it on a timer, so the next one gets frozen on its first pass.

the other surface — identity

The same instinct, pointed at the login instead of the host. picketd learns each user's signature and asks for step-up the moment a signin looks off — 2:14am, a residential proxy, a country and a browser they've never used — with a human-readable list of why. It's a better-auth plugin, one static binary, explainable to the reason.

stage one — scorer

Deterministic heuristics on the hot path: hour-of-day histogram, ASN / user-agent / JA4 set membership. Microseconds, no model, sorted reasons.

stage two — gaussian

An online multivariate Gaussian over each user's feature space flags the statistically off, with a per-feature breakdown and no training run.

stage three — judge

Only when the first two disagree: a prompt-injection-hardened LLM second opinion, weight-capped so it can never swing a decision on its own.