We open-sourced Shield on May 13. Apache 2.0. No account, no telemetry, no paywall on the developer tier. The engineering reasons are covered elsewhere. This post is about the business decision, because the business decision was the harder one.
Giving away a working version of your enterprise product makes a lot of people nervous. Investors ask whether you are cannibalizing the thing you are trying to sell. Founders ask whether they are training the market to expect free. Both questions are fair. Here is how we answered them.
The wedge is the point
Free developer tools that grow into enterprise revenue is not a new move. LiteLLM did it. Portkey did it. The pattern is well understood. A developer adopts the free tool because it solves a problem on their laptop today. The tool spreads through the team. Eventually someone in security or procurement asks what it is, who owns it, and whether the paid version does the things the enterprise actually needs. The free tier was never the product. It was the distribution.
We are running the same pattern with intent. Shield runs locally and blocks destructive agent operations before they execute. A developer installs it in two minutes b/c it stops their coding agent from dropping a production database. That is the entire pitch at the developer level. No governance story. No compliance story. Just a binary that prevents the bad afternoon.
The enterprise story comes later, and it comes from the developer, not from us.
What the free tier deliberately does not do
The split between Shield and SmartFlow Shield is not arbitrary. The free tier handles the tool-call boundary on one machine. It does not do identity-bound audit. It does not do team-wide policy. It does not do biometric step-up on high-severity actions. It does not tie a blocked command to a verified human for a regulator to inspect later.
Those are the things a bank pays for. Those are the things that take a developer convenience and turn it into a control a CISO can defend in an exam. We drew the line at exactly the point where a single developer stops caring and an enterprise starts.
That line is the whole strategy. Give away everything below it. Charge for everything above it. Make the boundary honest enough that nobody feels tricked when they hit it.
Why free beats paid here specifically
There is a version of this where we charge fifteen dollars a month for the developer tier and book some early revenue. We chose not to, for three reasons.
The supply chain reason. The attacks Shield blocks happen on developer laptops. A paywalled guardrail does not run on the laptops where the attack happens, b/c fewer developers will install a tool they have to expense. The March 2026 LiteLLM compromise hit 95 million monthly downloads and a third of cloud environments. The right default for a tool that prevents that category of damage is on, free, and everywhere. Not gated behind a credit card.
The talent reason. The engineers who are forming their mental model of AI agent governance right now will be the ones writing procurement requirements in five years. If their first encounter with agent guardrails is "expensive enterprise thing I can't get," they deploy without them. If it is "free default-on binary," they deploy with them and carry that expectation into every job after. We would rather subsidize the right habit than monetize the wrong one.
The market education reason. Most CISOs still do not know their coding agents have shell access on developer machines. The fastest way to change that is a developer walking into a security review with evidence of what Shield blocked last week. The free tier manufactures that conversation at scale. Every install is a potential demo we did not have to run.
What we expect it to do
Adoption first. Then inbound from security teams who noticed the tool their developers were already running. Then SmartFlow Shield conversations that start warm instead of cold, b/c the buyer has already seen the engine work.
We are not measuring the developer tier on revenue. We are measuring it on installs, on issues filed, on the PRs that come back, and on how many enterprise conversations open with "our developers are already using your thing."
The free tier is not the business. It is the reason the business gets a meeting.
Repository: github.com/AperionAI/shield. Apache 2.0. Take it apart.
Ready to govern your AI infrastructure?
See how SmartFlow gives regulated industries complete AI sovereignty.
Request a Demo View Documentation