ORCA - Discover shadow APIs before attackers do

I'm Giorgi, founder of ORCA. I've spent years in cybersecurity - pentesting, teaching it at university, and consulting for companies in regulated industries. One pattern kept repeating: nobody actually knows what their APIs are doing. Every audit, the story was the same. The OpenAPI spec says 40 endpoints; the wire says 120. Deprecated services still answering requests. Internal APIs quietly exposed. And when I'd suggest API security tooling, the answer from banks and government clients was always: "We can't install agents on production, and we definitely can't send traffic to someone's cloud." So I built ORCA to work the way a network engineer would: from a mirror port. It passively observes traffic - no agents, no SDKs, no proxies, nothing touching production. It reconstructs your full API landscape, surfaces shadow and zombie endpoints, and even catches DNS exfiltration that API-only tools miss. Everything runs on-premises, so it works in environments where data genuinely cannot leave the building. If you've ever discovered an API in production that nobody on the team remembers building, I'd love to hear that story. 😄 Happy to answer anything about the architecture, passive traffic analysis, or why I think agentless is the right default for API security. Fire away!