Compare · NeuBird
CHA vs. NeuBird
NeuBird is a SaaS investigator with approval-gated remediation bolted on. We're an in-cluster operator with closed-loop remediation by default — and flat per-cluster pricing instead of per-investigation.
| Dimension | CHA | NeuBird |
|---|---|---|
| Where it runs | In your cluster — operator + CronJob + Deployment | NeuBird SaaS (Hawkeye) pulls telemetry over allowlisted egress |
| Closed-loop remediation | Yes — default behavior; 5 whitelisted fixers run automatically | No — "architecturally enforced read-only" per their security doc |
| Pricing model | Flat per-cluster (OSS / Team / Enterprise) | $15–25 per investigation (~$75K/yr at 10k investigations) |
| Air-gap / sovereign | Yes — no external dep in OSS tier | No — in-VPC private mode is AWS-Bedrock-only |
| Open source | Apache-2.0 — full OSS feature set | Proprietary |
The structural difference.
NeuBird's own security documentation calls their remediation "architecturally enforced read-only." That's a deliberate safety posture, and it's a good one for an investigation copilot. But it means they cannot follow CHA into autonomous remediation without breaking that promise.
CHA's safety envelope is different: whitelisted fixers with named scope, protected-namespace allowlist, dry-run mode, opt-in flags per fixer, and signed-JWT click-to-fix URLs for the AI-tier proposals. The brake is in code you can read before you install.