Stop trusting code

Secure your Node.js apps from bugs and malicious code

Get in touch

A smarter way to secure your Node.js apps

Securing your own code is hard—even worse, the vast majority of an average Node.js application is made up of untrusted third-party code that unsafely interacts with your sensitive resources. Intrinsic allows you to run all code (even malicious!) safely.

How it works

Unlike most runtime security solutions, which try to defend against app-level attacks by analyzing or monitoring behavior, Intrinsic protects against attacks by enforcing that your code only executes as expected.

This is the result of years of research to create a new language-specific virtualization technology that is able to enforce fine-grained security policies at runtime.

Protecting your app is simple: include the Intrinsic library, write security policies, and Intrinsic makes sure your app runs safely.

Request a Demo


Intrinsic applies the principle of least-privilege to your application and reduces your attack surface dramatically.


Intrinsic protects your sensitive resources against worst case scenarios like code injection attacks and malicious NPM modules.


Intrinsic is just a library and is fully compatible with legacy code. There's no need to modify how you currently deploy and write your code.

Intrinsic for AWS Lambda

Intrinsic secures Lambda functions with just a few lines of code. Specify security policies such as whitelisting HTTP endpoints, restricting access to the file system, and controlling child processes. Intrinsic enforces these polices at runtime, protecting against bugs, exploits, and malicious code.

Request a Demo

Our story

Intrinsic is built on the shoulders of years of academic research in the fields of security and systems led by parts of its team at Stanford University. Some of our previous work includes DARPA-, DoD-, and Google-funded research and projects like bcrypt, Kademlia, tcpcrypt, Hails and COWL.

We're hiring

We are currently hiring engineers that have experience or interest in building secure systems. Candidates should have a strong background in one (or more) of the following: systems (e.g., language runtimes, operating systems, browser engines); programming languages (e.g., compilers, type systems, static analysis); security (e.g., building security monitors or tools). Exposure to a subset of relevant technologies (Node.js/V8, C/C++, LXC/sVirt, Rust, Haskell, and JavaScript) is desirable, but not required.

Get in touch


Intrinsic is backed by leading investment firms NEA, Andreessen Horowitz, First Round Capital and Stanford University's StartX fund.