Skip to content
Cyberun
Now live Cyberun Cloud · the orchestrator

One orchestrator. Every fleet, every workflow, every render.

Cloud is the orchestrator underneath your whole fleet. It schedules the GPUs you own, signs your team in through one identity, and packages the workflows your team writes — all over a single outbound tunnel that reaches in through any firewall. Managed, on-prem, or air-gapped.

Sign up free View Architecture
The platform layer underneath

Every team building AI in 2026 ends up building the same five things.

Identity. Secure connections. Scheduling. Audit. Packaging. Cloud ships all five — so the workflows and services your team writes have a platform underneath them, not a pile of glue code.

01 / Identity

Your single sign-on, with per-team access control. Sign in through the OIDC identity you already trust; every member, key, and agent stays scoped to its team.

02 / Secure connections

Reach a GPU behind any firewall over a single outbound link — no inbound ports to open. The same tunnel carries HTTP, raw TCP, and a live remote-screen channel when you need to look inside a box.

03 / Scheduling

Work lands on the right machine by label, each team holds its own quota, and progress streams back live. Out of capacity? Spill over to external compute on demand.

04 / Audit

Every result is traceable back to the run that produced it, and the webhooks Cloud sends are cryptographically signed so your systems can trust them.

05 / Packaging

Upload workflows, custom nodes, and models once — Cloud distributes them across the fleet, snapshots every version, and shows API consumers the inputs while keeping your internals hidden.

Cloud ships it.
Who it's for

Teams that own their compute and care about control.

Cloud is built for teams who can't put their data on someone else's GPU — and who've stopped pretending that's a niche position.

Media studios & agencies

Standardize how a 50-person team uses AI and productionize your internal pipelines. Give each client an API key that shows the inputs but never your internals — and keep the IP on your own GPUs.

AI service providers

Sell AI capabilities to your partners without sub-leasing GPUs. Cloud keeps each partner isolated, routes their work to the right machines, and signs every callback so they can trust it.

Internal AI platforms

A paved road for your engineers to ship internal AI features — without every team rolling their own workflow runtime.

Regulated industries

Finance, manufacturing, government. Runs on-prem or fully air-gapped, with a license bound to your hardware and no phone-home required.

Deployment options

One codebase. Three trust boundaries.

The same Cloud — identity, scheduler, secure connections, packaging — runs as managed SaaS, in your Kubernetes cluster, or air-gapped behind your firewall. The boundary moves to where you need it, not the other way around.

Managed

Managed SaaS

We run the control plane and dashboard for you. You bring GPUs. Fastest path to production.

  • We host the platform + Gateway
  • You install agents
  • Per-tenant data isolation
  • Our SLA, our patching
On-Prem

On-Prem Kubernetes

Deploy the whole stack into your own Kubernetes cluster. GitOps-native — declarative manifests, no bespoke installer.

  • Your cluster, your keys
  • Per-cluster license
  • Operator-managed data layer
  • Conformant ingress
Air-Gap

Air-Gap-Friendly

Designed for networks with no internet egress. The license is bound to your hardware and validated entirely offline.

  • Cryptographically signed offline license
  • Hardware fingerprint binding
  • Lease-token cache
  • No phone-home
Topology

How Cloud actually fits together.

Three tiers: surface, control plane, compute. The control plane is yours to deploy or ours to host.

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.
Built for AI agents

Cloud speaks MCP. Your AI agent already knows how to call it.

The same orchestrator that powers Cyberun's dashboard is also an MCP server. Point your AI client at one endpoint with one integration key, and it can drive your workflows, tasks, agents, and container services — fourteen tools in all.

Endpoint
https://core.cyberun.cloud/api/v1/mcp
Auth header
Authorization: Bearer sk-…
Transport
Streamable HTTP
Inside the server

Fourteen tools, four surfaces.

Every MCP tool is scoped to the team the credential belongs to. The agent picks the right one — you don't wire each call by hand.

Workflows

list_workflows · get_workflow · get_workflow_by_slug · presign_file_upload — the agent discovers what's available and gets the parameter schema before submitting.

Tasks

run_workflow · list_tasks · get_task · get_task_result · stream_task_events · cancel_task — submit, watch progress over MCP notifications/progress, fetch artifacts when done.

Agents & container services

list_agents · list_container_services · get_container_service · call_container_service — see what's online and invoke any HTTP service the team has deployed.

Beyond workflows

Your team's services become AI capabilities.

Deploy Ollama, vLLM, or your own Flask app as a long-running container service. Write a one-line usage_prompt describing how AI should call it. From any MCP client, the agent discovers the service, reads the prompt, and invokes it through call_container_service — no extra wiring, no second integration.

What teams ship as services

vLLM · Ollama · Whisper · SAM · custom FastAPI · brand checkers · internal model routers

One credential. Workflows and container services in the same agent loop.

Or skip the config

Install the Cyberun skill

One command teaches Claude Code, Cursor, Windsurf, or Codex CLI the API + MCP layout. After that, ask: "Submit a Cyberun task for the text-to-image workflow." The agent picks the right path, supplies the right headers, and quotes the right endpoints.

shell
$ npx skills add cyberun-cloud/skills
The agent abstraction

Compute is pluggable. The product isn't.

The agent isn't a specific binary — it's a protocol. Anything that speaks it is a fleet Cloud can schedule against. That's the difference between betting on a vendor and betting on a layer.

Today

Today the agent is a small Go binary you drop onto a GPU you own — on-prem, a workstation under your desk, or rented from a hyperscaler. It runs ComfyUI graphs, Nerfstudio pipelines, and long-running services, dialing out to Cloud over a single connection so there's nothing to open inbound.

Tomorrow

Tomorrow the agent is anything that speaks the protocol. Wrap an external GPU provider, a serverless inference platform, or another team's fleet — Cloud just sees another set of agents. Same scheduler, same identity, same billing surface.

Result

You commit to the orchestrator, not to a compute provider. When the underlying market shifts — who's cheap, who's out of capacity, who launched the new GPU — you don't migrate platforms. We point at a different fleet.

Agents dial out — no inbound ports. Cloud routes between clients and agents.

Security & compliance

What air-gap actually requires.

Most AI tooling assumes the model API is one HTTPS call away. Regulated, classified, and on-prem rooms can't. Cloud is built for those rooms — not retrofitted for them.

Offline

Runs for days without the internet. A signed lease-token cache keeps a deployment working offline, then re-authenticates with a challenge-response when the network returns. Phone-home is never a hard requirement.

Hardware

Bound to the machine it's installed on. The license ties to the host fingerprint; move the install and you re-sign it. That stops a copy from quietly spreading sideways inside a regulated org.

Tunnel

Reach in without opening inbound holes. Four tunnel modes — HTTP, TCP, WebSocket, WebRTC — all ride one outbound connection, so inbound paths work without poking holes in your firewall.

External AI

You stay in control of outbound AI calls. When a workflow does reach a public AI provider, the request is signed end-to-end — so you can revoke it at the relay, not just at the provider.

Tenancy

Cross-tenant access isn't blocked by audit — it's impossible by design. Access is scoped to each team's own domain, so one tenant simply can't reach another.

Baseline

The basics are assumed, not bragged about: identity tokens rotate with OIDC revocation, credentials are encrypted at rest, and internal and public APIs stay separate. We don't treat table stakes as features.

Three credential families

One scope, one purpose, one revoke.

Cyberun issues three kinds of credential, each prefixed to make their use obvious. Lose one, revoke one — the others keep working.

sk- Integration

The general-purpose API key. Scripts, CI, partner integrations, and MCP clients (Claude Code, Cursor) all carry an sk-. Scoped to one team.

ak- Agent

Used by the agent process to connect a GPU machine into the team's pool. Limited to the agent runtime — can't read dashboards or submit tasks on a member's behalf.

dk- Device

Issued when a member pairs a device through the cyberun CLI. User-bound and team-scoped. Stolen laptop? Admins revoke the device key — the user's other access stays intact.

Where Cloud shows up

Use cases we hear most.

Patterns we've shaped Cloud around. Yours probably looks like one of these.

VFX & Animation

Studio-internal AI platform

Standardize how your 200-artist team uses generative tooling. Track every clip back to the workflow and seed that made it.

Consumer SaaS

AI feature in a partner product

Upload your workflow once — a ComfyUI graph, a Nerfstudio pipeline, or a container service. Hand the partner an API key that shows the inputs but hides your internals, and bill by how much they run.

Regulated enterprise

Sovereign AI compute

On-prem deployment in your air-gapped DC. Cloud is the control plane; the data never leaves your network.

Multi-GPU AI labs

From one workstation to a fleet

You bought a DGX. Then two more. Then bare-metal GPU servers, plus a few hyperscaler-rented instances on the side. Cyberun pools them into one team fleet — models and custom nodes auto-sync across every box, MCP gives any AI client a single surface to work against, and the gateway tunnels let you debug a machine without opening a port per box.

Start free today.

Sign up with email, Google, or GitHub, spin up your first team, and run a workflow. Free during launch — no card required, no quotas to debug. Email us when you need a managed, on-prem, or air-gap deployment.

Sign up free See Features

Get started

sales@cyberun.cloud

Email