Back to Blog
Product · Feb 18, 2026

Introducing Bind: Real-Time Collaboration for Security Teams

Pentest together in real-time with live cursors, voice chat, and synchronized sessions — all end-to-end encrypted. Self-host your relay with KarmaGateRelay.

Today we're shipping Bind — a new collaboration module that lets multiple pentesters work on the same target in real time.

Why Bind?

Pentesting has always been a solo activity, even when teams are involved. You end up on Discord or Slack, copy-pasting requests, manually deconflicting targets, and asking "are you looking at that endpoint too?" We built Bind to eliminate all of that.

How It Works

One user creates a session and shares an invite link. Others join instantly. Everything syncs through a stateless WebSocket relay (relay.karmagate.com by default), but the relay only sees encrypted envelopes — never plaintext. All data is encrypted with XChaCha20-Poly1305 and every message is signed with Ed25519.

Presence & Live Cursors

You can see exactly where each team member is — which tab they're on, which request they're inspecting. Live cursors with element-relative positioning update in real-time across Gate, Loop, Snag, and all other modules.

Real-Time Data Sync

When you join a session, you receive a full snapshot of the current state. After that, all changes propagate as delta updates — new requests in Gate, modified payloads in Loop, interceptor rules in Snag. Everyone stays on the same page, literally.

Voice Chat

Built-in voice chat, directly in KarmaGate. No more context-switching to Discord.

**Audio Pipeline**: getUserMedia → AudioWorklet (off main thread) → Bandpass filter (80Hz–7.5kHz) → Adaptive noise gate → VAD with 300ms debounce → Opus encoder at 64kbps, 20ms frames.

**Transmission**: Voice packets travel on a dedicated channel, separate from sync data to avoid head-of-line blocking. Binary packet format: 26-byte header + ~60-byte Opus payload = ~86 bytes/frame (vs ~280 bytes with JSON wrapping). Magic bytes 0x4B56 ("KV") enable instant voice packet identification without JSON parsing. Object pool for buffers means zero allocations at 50 frames/sec.

**Playback**: Per-peer AudioDecoder (WebCodecs API), adaptive jitter buffer (60–250ms), Packet Loss Concealment for smooth degradation, and individual GainNode per participant for per-peer volume control.

**Security**: Voice frames are end-to-end encrypted with the session secret. The relay cannot hear or decode audio. Unapproved peers waiting for host approval don't receive voice data.

Self-Hostable Relay

By default, Bind connects through relay.karmagate.com (included with KarmaGate Pro). But if your organization requires on-premise infrastructure, you can deploy your own relay server.

**KarmaGateRelay** is fully open source: github.com/Karmagate/KarmaGateRelay

It's ~1000 lines of Go, one binary, zero external state. Docker Compose deployment takes under 5 minutes. The relay is a dumb pipe — it routes encrypted packets between peers and never reads, stores, or decrypts session content.

What's Next

We're just getting started with collaboration. Upcoming features include shared annotations, collaborative findings management, and session recording for audit trails.

Download KarmaGate 1.4 today and try Bind with your team.

Try KarmaGate now.

Download for macOS
Skip to main content