Akira is an open-source security framework, based on Tirreno.
Akira helps understand, monitor, and protect your product from threats, fraud, and abuse. While classic cybersecurity focuses on infrastructure and network perimeter, most breaches occur through compromised accounts and application logic abuse that bypasses firewalls, SIEM, WAFs, and other defenses. Akira detects threats where they actually happen: inside your product.
Akira is a few-dependency, "low-tech" PHP/PostgreSQL application. After a straightforward five-minute installation, you can ingest events through API calls and immediately access a real-time threat dashboard.
- SDKs & API Integrate Akira into any product with SDKs. Send events with full context in a few lines of code.
- Built-in dashboard Monitor and understand your product's security events from a single interface. Ready for use in minutes.
- Single user view Analyze behaviour patterns, risk scores, connected identities, and activity timelines for a specific user.
- Rule engine Calculate risk scores automatically with preset rules or create your own customized for your product.
- Review queue Automatically suspend accounts with risky events or flag them for manual review through threshold settings.
- Field audit trail Track modifications to important fields, including what changed and when to streamline audit and compliance.
Akira supports tracking multiple applications from a single dashboard. Each application gets its own Tracking ID (API key), and events are completely isolated between applications.
Navigate to the API page to manage your applications. Enter a name and click Add to create a new application with its own unique Tracking ID.
Use the Application dropdown in the sidebar to switch between applications. Each application has its own isolated data, so switching applications will redirect you to the dashboard.
Note: When integrating, ensure you use the Tracking ID (API key) that corresponds to the application you want to track. Events are routed based on the API key used, so using the wrong key will send events to the wrong application.
- Monitor multiple products or applications from one Akira instance
- Isolate different client projects or business units
- Separate development, staging, and production environments
Account takeover Credential stuffing Content spam Account registration Fraud prevention Insider threat
Bot detection Dormant account Multi-accounting Promo abuse API protection High-risk regions
- Self-hosted, internal and legacy apps: Embed security layer to extend your security through audit trails, protect user accounts from takeover, detect cyber threats and monitor insider threats.
- SaaS and digital platforms: Prevent cross-tenant data leakage, online fraud, privilege escalation, data exfiltration and business logic abuse.
- Mission critical applications: Sensitive application protection, even in air-gapped deployments.
- Industrial control systems (ICS) and command & control (C2): Protect, operational technology, command systems, and critical infrastructure platforms from unauthorized access and malicious commands.
- Non-human identities (NHIs): Monitor service accounts, API keys, bot behaviors, and detect compromised machine identities.
- API-first applications: Protect against abuse, rate limiting bypasses, scraping, and unauthorized access.
git clone https://github.com/CSPF-Founder/akira-docker.git
cd akira-docker
cp .env.example .env
nano .env # set a strong database password
docker compose up -dThen visit http://localhost:8585/install to complete setup.
See akira-docker for details.
- PHP: Version 8.0 to 8.3
- PostgreSQL: Version 12 or greater
- PHP extensions:
PDO_PGSQL,cURL - HTTP web server:
Apachewithmod_rewriteandmod_headersenabled - Operating system: A Unix-like system is recommended
- Minimum hardware requirements:
- PostgreSQL: 512 MB RAM (4 GB recommended)
- Application: 128 MB RAM (1 GB recommended)
- Storage: Approximately 3 GB PostgreSQL storage per 1 million events
- Download the latest version of Akira.
- Extract the archive to the location where you want it installed on your web server.
- Navigate to
http://your-domain.example/install/index.phpin a browser to launch the installation process. - After the successful installation, delete the
install/directory and its contents. - Navigate to
http://your-domain.example/signup/in a browser to create administrator account. - For cron jobs setup insert the following schedule (every 10 minutes) expression with
crontab -ecommand or by editing/var/spool/cron/your-web-serverfile:
*/10 * * * * /usr/bin/php /absolute/path/to/akira/index.php /cron
Akira is an open-source security framework that embeds protection against threats, fraud, and abuse right into your product.
Akira is based on Tirreno, which started as a proprietary system in 2021 and was open-sourced (AGPL) in December 2024.
This fork is maintained by the Cyber Security and Privacy Foundation.
If you've found a security-related issue with Akira, please report it responsibly. Submitting the issue on GitHub exposes the vulnerability to the public, making it easy to exploit.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License (AGPL) as published by the Free Software Foundation version 3.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see GNU Affero General Public License v3.
Original Work: Copyright (C) Tirreno Technologies Sàrl (https://www.tirreno.com) Licensed under AGPL-3.0 Source: https://github.com/TirrenoTechnologies/tirreno
Modifications: Copyright (C) Cyber Security and Privacy Foundation (https://cysecurity.org) Licensed under AGPL-3.0