AudiThor

AudiThor is a B2b code security audit platform that reimagines how security audits are billed, it replaces the traditional flat-free audit model with real time nano-payments. AudiThor introduces a pay-per-use model where audit organizations expose their proprietary models and tools through the platform, and clients stream nano-payments in real time for exactly the work being performed. The meter runs while the audit runs, and stops when it stops.

In a conventional security audit, you pay a fixed price upfront regardless of how many vulnerabilities are found or how long the actual analysis takes. Kronos flips this model, you only pay for the exact amount of computational security work performed on your code.

This benefits both sides. Audit firms can monetize their expertise without forcing clients into expensive subscriptions or opaque flat fees. Clients get full cost transparency before they commit, each service shows its rate upfront, and they only pay for what was actually executed on their code. The result is a more honest, more accessible market for professional security audits.

Every payment and every finding is logged immutably to Hedera Consensus Service, creating a verifiable timestamped audit trail of both the work performed and what was paid for it. Audit results are encrypted end-to-end using Chainlink CRE Confidential HTTP, findings are only readable by the wallet that initiated the audit. Any unused escrow is automatically refunded at the end of the session.

AudiThor is built on Next.js 16 and TypeScript. The core of the platform is the payment and billing infrastructure, the audit execution layer is used in the demo to showcase the concept end-to-end, but in production it would be replaced by models and tools provided by partner audit organizations.

The payment layer uses Hedera's native token service with no Solidity and no EVM smart contracts involved. Each audit session creates a dedicated Hedera escrow account, and micro-payments stream every five seconds via TransferTransaction from the Hashgraph SDK. Every payment event and every finding is submitted to a Hedera Consensus Service topic, producing an immutable on-chain log that is fully verifiable on Hashscan. This gives clients cryptographic proof of exactly what was run and what was charged.

For privacy, we integrated Chainlink CRE with a Confidential HTTP workflow. Results are encrypted before delivery and can only be decrypted with a signature from the wallet that started the session, ensuring findings never exist in plaintext outside the client's environment. The service selection UI lets clients see each tool's HBAR per second rate before committing, and that selection flows through the entire stack from the POST request down to the execution layer: making cost fully predictable and auditable.

For the demo, we built a multi-agent AI pipeline using DeepSeek, Gemini, and Groq to simulate what an audit organization's tooling would look like in practice.