This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
API security without agents, code changes, or cloud proxies. ORCA passively observes traffic from a network mirror - discovering shadow APIs, mapping every endpoint and consumer, and catching DNS exfiltration, fully on-premises, zero latency. If you can configure a mirror port, you're done.
I'm Giorgi, founder of ORCA. I've spent years in cybersecurity - pentesting, teaching it at university, and consulting for companies in regulated industries. One pattern kept repeating: nobody actually knows what their APIs are doing.
Every audit, the story was the same. The OpenAPI spec says 40 endpoints; the wire says 120. Deprecated services still answering requests. Internal APIs quietly exposed. And when I'd suggest API security tooling, the answer from banks and government clients was always: "We can't install agents on production, and we definitely can't send traffic to someone's cloud."
So I built ORCA to work the way a network engineer would: from a mirror port. It passively observes traffic - no agents, no SDKs, no proxies, nothing touching production. It reconstructs your full API landscape, surfaces shadow and zombie endpoints, and even catches DNS exfiltration that API-only tools miss. Everything runs on-premises, so it works in environments where data genuinely cannot leave the building.
If you've ever discovered an API in production that nobody on the team remembers building, I'd love to hear that story. 😄
Happy to answer anything about the architecture, passive traffic analysis, or why I think agentless is the right default for API security. Fire away!
No comment highlights available yet. Please check back later!
About ORCA on Product Hunt
“Discover shadow APIs before attackers do”
ORCA was submitted on Product Hunt and earned 3 upvotes and 1 comments, placing #118 on the daily leaderboard. API security without agents, code changes, or cloud proxies. ORCA passively observes traffic from a network mirror - discovering shadow APIs, mapping every endpoint and consumer, and catching DNS exfiltration, fully on-premises, zero latency. If you can configure a mirror port, you're done.
ORCA was featured in API (98.3k followers), Developer Tools (514k followers) and Security (2.7k followers) on Product Hunt. Together, these topics include over 87.4k products, making this a competitive space to launch in.
Who hunted ORCA?
ORCA was hunted by Giorgi Gogitidze. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how ORCA stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Giorgi Gogitidze