NeuronKnight
Connected-Device Security联网设备安全

NeuronKnight Security engineering for connected devices. NeuronKnight 为联网设备提供安全工程。

We build security systems for connected-device makers shipping to the US, the EU, and beyond — engineering services and embedded software for Linux devices. 我们为面向美国、欧盟及全球市场出货的联网设备厂商构建安全系统——提供工程服务与面向 Linux 设备的嵌入式软件。

Follow the projects that matter to you. Get development updates, early access, and opportunities to help shape what ships. 关注你感兴趣的项目,获取开发进展、早期体验机会,并参与塑造最终上线的产品。

Service服务
EU CRA Engineering Readiness欧盟 CRA 工程准备
Product产品
GateLens Edge Security LayerGateLens Edge 安全层
more继续
// What we build// 我们在做什么

Security that ships with the device. 让安全与设备一同交付。

Two ways to work with us: engineering help to meet the EU Cyber Resilience Act, and a maintained security layer built into your Linux image. 两种合作方式:帮助你满足欧盟《网络韧性法案》的工程服务,以及内建于 Linux 镜像的持续维护安全层。

Engineering Service工程服务 Accepting inquiries现可咨询

EU CRA Engineering Readiness 欧盟 CRA 工程准备服务

The Cyber Resilience Act makes product security mandatory, dated, and expensive to ignore. We do the engineering work that gets a connected product ready — so you hit your deadline without building a security team first. 《网络韧性法案》让产品安全成为有明确期限的强制要求,忽视它的代价高昂。我们负责让联网产品达标所需的工程工作——让你不必先组建安全团队,也能按期完成。

Vulnerability-reporting obligations apply from 11 September 2026; main obligations from 11 December 2027. Fines reach €15M or 2.5% of global turnover. 漏洞报告义务自 2026 年 9 月 11 日起适用;主要义务自 2027 年 12 月 11 日起生效。罚款最高可达 1500 万欧元或全球营业额的 2.5%。

Engineering support for connected-product makers — not legal advice or conformity assessment. 面向联网产品厂商的工程支持——不提供法律意见或合格评定。

Start a conversation开始咨询
What the engagement covers服务范围
  • SBOM workflows — generating and maintaining a software bill of materials as part of your normal build. SBOM 流程——在常规构建流程中生成并持续维护软件物料清单。

  • Vulnerability handling — a working process for tracking, triaging, and patching CVEs, including 24-hour exploited-vulnerability reporting readiness. 漏洞处理——建立可运转的 CVE 跟踪、分级与修补流程,包括被利用漏洞 24 小时上报的应对准备。

  • Secure-by-design hardening — reviewing and hardening the image, update path, and network surface of your device. 安全设计加固——审查并加固设备镜像、升级通道与网络暴露面。

  • Technical-documentation evidence — the engineering artifacts your CRA technical file needs, produced as you build rather than reconstructed later. 技术文档证据——CRA 技术文件所需的工程证据,在开发过程中同步产出,而不是事后补做。

Product产品 In development开发中

GateLens Edge GateLens Edge

A CRA-ready security layer for connected Linux devices, delivered as a Yocto meta-layer and a supported subscription. It bakes network visibility, policy enforcement, and continuously maintained compliance evidence directly into the image you already ship. 面向联网 Linux 设备的 CRA 就绪安全层,以 Yocto meta-layer 与持续维护订阅的形式交付。它将网络可视化、策略执行与持续维护的合规证据直接内建到你现有的设备镜像中。

A layer, not another platform — it rides on top of Balena, Mender, Foundries, or raw Yocto, and never replaces your OTA or fleet tooling. 它是安全层,而不是又一个平台——可叠加在 Balena、Mender、Foundries 或原生 Yocto 之上,绝不取代你现有的 OTA 与设备管理体系。

Built for medical, industrial/OT, energy, and access-control device makers shipping into regulated markets like the US and the EU — teams with a Linux device but no security team. 为面向美国、欧盟等受监管市场出货的医疗、工业/OT、能源与门禁安防设备厂商打造——尤其适合有 Linux 设备但没有安全团队的团队。

Roadmap: Yocto + nftables first · eBPF/XDP as the advanced tier 路线图:首期 Yocto + nftables · eBPF/XDP 为进阶版本

What's in the layer安全层包含什么
  • meta-gatelens Yocto layer — drops into your existing Yocto build and bakes the security stack into the image itself. meta-gatelens Yocto 层——直接加入你现有的 Yocto 构建,把安全栈内建进设备镜像。

  • Network visibility & policy enforcement — on-device firewalling with nftables, sequenced as observe → report → recommend → human-approved enforce. 网络可视化与策略执行——基于 nftables 的设备端防火墙,按"观察 → 报告 → 建议 → 人工批准后执行"的顺序推进。

  • Continuous SBOM + CVE monitoring — a live view of what's in your image and which vulnerabilities affect it, in CRA-ready format. 持续 SBOM 与 CVE 监控——实时掌握镜像内的组件构成及受影响漏洞,输出符合 CRA 要求的格式。

  • Compliance evidence pack — SBOM, vulnerability-management record, 24h-report readiness, and secure-by-design attestation, auto-generated for your CRA technical documentation. 合规证据包——自动生成 SBOM、漏洞管理记录、24 小时上报就绪与安全设计证明,直接用于 CRA 技术文档。

  • Maintained as a subscription — security updates, a live CVE feed, and freshly signed compliance evidence for as long as the device ships. CRA compliance is continuous, and so is the layer. 以订阅方式持续维护——在设备的整个销售生命周期内提供安全更新、实时 CVE 情报与持续签发的合规证据。CRA 合规是持续性的,这个安全层也是。

  • Optional on-device AI remediation — a local model for air-gapped and regulated devices, or a cloud-backed option for low-spec hardware. A feature, not the headline. 可选的设备端 AI 修复——为离线与受监管设备提供本地模型,为低配置硬件提供云端方案。它是一项功能,而非卖点噱头。

// Follow the work// 关注项目

Follow the projects you care about. 关注你感兴趣的项目。

Choose the projects relevant to you. We'll share meaningful development updates, invite early feedback, and let you know when access opens. 选择与你相关的项目。我们会分享重要开发进展、邀请早期反馈,并在开放体验时通知你。

Which projects do you want to follow?你想关注哪些项目? (select all that apply)(可多选)

Relevant updates only. Unsubscribe at any time.只发送相关进展,随时可以退订。