Home/Reports/Deep Dives/cast
← Back to Deep Dives
castSaaSB2BInfrastructureInfrastructure·May 24, 2026·12 min read

CAST AI's public footprint reveals Cloudflare, WordPress, and Gravity Forms—no self-serve, no docs portal, but enterprise-grade security with DNSSEC and DMARC. Read our deep-dive tech stack analysis.

CAST AI’s public web presence reveals almost nothing about its core product—and that’s by design. Our recent scan of the cast.ai homepage found a marketing site built on WordPress with Gravity Forms, fronted by Cloudflare and Fastly CDN, and instrumented with Google Tag Manager. No developer documentation, no API console, no pricing page, and no self-serve signup were observed in the captured sample. For a company that automates Kubernetes cost optimization, raised over $73 million, and reportedly serves enterprises managing thousands of clusters, this sparse public footprint isn’t an accident; it’s a deliberate go-to-market signal.

This analysis is based on a competitive intelligence snapshot captured on 2026-05-24. Because the scan was restricted to the marketing homepage and the sitemap returned null, product surfaces, subdomains, and conversion flows remain unobservable. Every observation in this article reflects what is visible from that public edge—and what competitors, partners, and buyers can infer from it.

The Stack at a Glance

Even a single-page scan offers a surprisingly rich set of signals about CAST AI’s technical posture. The marketing site is delivered through a dual-CDN edge: Cloudflare acts as the primary frontend, while Fastly appears as a secondary content delivery layer. This dual-provider setup is rare for a purely lead-generation website and hints that Fastly may be the default delivery network inherited from the product’s own infrastructure, repurposed here to enforce consistent performance and security policies.

TLS encryption relies entirely on Let’s Encrypt certificates, which is standard for high-velocity DevOps teams but leaves a gap for organizations that demand extended validation (EV) or custom certificate configurations. On the DNS side, DNSSEC is enabled, and the overall DNS health score sits at 97 (grade A), indicating meticulous configuration. Email authentication uses SPF, DKIM, and a DMARC policy set to quarantine with a 10% filtering percentage, sending aggregate reports to `dmarc-reports@cast.ai`. These are table-stakes controls for any SaaS vendor targeting regulated industries, but their presence here—fronting a Google Workspace email backbone—shows that CAST AI’s security team treats the corporate domain as seriously as the product backend.

Behind the CDN, the marketing engine runs on WordPress, the ubiquitous content management system that powers over 40% of the web. The site uses Gravity Forms for lead capture, and our scan detected performance-oriented plugins that handle WebP image conversion and implement speculative resource loading rules. No page builder or headless CMS was detected, suggesting the team values simplicity and speed over design flexibility. Google Tag Manager is present as the sole analytics container, but no specific tracking pixels, advertising tags, or marketing automation scripts were observable from the homepage DOM alone.

This tooling mix—WordPress + Gravity Forms + Cloudflare + Google Tag Manager + Let’s Encrypt—is the classic stack of a high-growth B2B company that has prioritized engineering effort on its core platform while outsourcing the marketing layer to battle-tested, low-maintenance components. It’s lean, secure, and entirely fit for purpose when the goal is to capture enterprise leads, not to optimize for top-of-funnel volume.

How They Acquire Customers

CAST AI’s demand generation architecture is a pure enterprise sales-led motion that begins and ends with a form submission. Gravity Forms is the sole conversion surface detected on the homepage. There is no free tier, no trial signup, no interactive demo, and no pricing calculator. A visitor’s only path to engagement is filling out a contact form—a deliberate gate that filters out casual browsers and directs only high-intent prospects to a human sales team.

This form is paired with the absence of any observed live chat, chatbot, or conversational ABM platform such as Drift, Qualified, or Intercom. The lack of real-time interaction tools implies that CAST AI does not intend to answer technical questions or qualify buyers on-site. Instead, form entries likely route directly into a CRM or sales engagement platform like Salesloft or Outreach, though none of these were directly observed because the scan could not trace backend integrations beyond the frontend tags. The email infrastructure via Google Workspace, authenticated with SPF, DKIM, and a DMARC quarantine policy, ensures that follow-up emails from the sales team land in inboxes rather than spam folders—a critical foundation for enterprise outreach.

From a tracking perspective, the stack is strikingly bare. Google Tag Manager is deployed, but our homepage-only scan found no evidence of advertising pixels from LinkedIn, Google Ads, Facebook, or any retargeting networks. Similarly, there are no detectable experimentation tools like Optimizely, VWO, or Google Optimize. This suggests that CAST AI may not be running paid acquisition campaigns at scale from this domain—or, more likely, that all digital advertising flows through dedicated landing pages and subdomains that fall outside the scanned sample. For a company that reportedly competes with Spot by NetApp and Kubecost for cloud-native buyers, the absence of observable retargeting or CRO tooling indicates that growth is driven primarily by outbound sales development, channel partnerships, and word-of-mouth within Kubernetes communities rather than by optimized inbound funnels.

Performance optimization on the marketing site is, however, a clear priority. The use of WebP conversion plugins and speculative loading signals indicates that the team cares about Core Web Vitals and page speed, perhaps to satisfy both Google’s ranking algorithms and impatient enterprise buyers. But speed alone is not conversion optimization. Without A/B testing, heatmaps, or session replay tools like Hotjar or FullStory observed, the marketing experience is effectively a static presentation layer, not an iterative growth engine. The entire conversion flow rests on the quality of sales follow-up triggered by a single Gravity Forms submission—a model that works when average deal sizes are large enough to absorb high-touch sales costs, but one that leaves the top of the funnel entirely untapped.

Infrastructure & Operations: The Product Hides Behind the Edge

The most intriguing dimension of CAST AI’s public footprint is what remains invisible. The scan captured only the marketing homepage, with no subdomains like app.cast.ai, docs.cast.ai, or status.cast.ai enumerated. API surfaces, container registries, and interactive consoles—which presumably form the backbone of a Kubernetes optimization platform—were completely outside the sample. This limited visibility means that the actual product architecture, operational maturity, and developer-facing toolchain remain hidden from public competitive analysis.

What is visible, however, are strong operational signals at the edge. Cloudflare and Fastly dual-CDN delivery indicates a team that understands latency and distribution. Many SaaS vendors use a single CDN; running two—especially when one is Fastly, which specializes in high-throughput, real-time content delivery—suggests that CAST AI may leverage Fastly for API acceleration or dynamic content delivery that mirrors how they serve core product traffic. The reuse of this infrastructure for the marketing site points to a unified edge strategy that reduces surface area for attacks while benefiting from consistent caching and WAF policies.

Security fundamentals are well-implemented. DNSSEC protects the DNS chain against spoofing. DMARC at `p=quarantine; pct=10` is a cautious starting policy—only 10% of failing emails are quarantined, which is typical during email authentication rollouts before moving to a reject policy. This is not the mark of a company that treats security as an afterthought; engineering leaders would likely be building toward a `p=reject` policy as part of a broader security maturity roadmap. The email address `dmarc-reports@cast.ai` funneling aggregate reports suggests active monitoring, likely through a service like Dmarcian or Valimail.

What’s missing from the public homepage, however, is any visible trust center, compliance certification badges, or integration partner logos. For enterprise buyers evaluating a tool that manages cloud infrastructure costs—where access scopes and permissions are sensitive—the absence of SOC 2, ISO 27001, or HIPAA indicators on the primary marketing page might raise procurement flags. Similarly, no Pricing or Documentation links appeared on the scanned homepage, though these could reside elsewhere on the site beyond the single-page capture. The lack of observed Status Page (a tool like Atlassian Statuspage or Hund) or a Changelog further limits the public assurance story, though these too may be hosted on unscanned subdomains.

Infrastructure automation tools that power the CAST AI platform—such as Terraform providers, Kubernetes operators, or Helm charts—are not detectable from the homepage. For a company whose core product is infrastructure automation, the absence of visible developer tooling in the public sample is a strategic gap that forces technical evaluation teams to engage with sales before they can verify any capability. This may be intentional, but it contrasts sharply with competitors who offer public GitHub repositories, interactive sandboxes, and self-service documentation.

What This Means for Competitors

Competitors analyzing CAST AI should interpret the sparse public footprint not as immaturity but as a strategic bet on enterprise sales differentiation. The company has chosen to invest in security posture (DNSSEC, DMARC, dual-CDN edge) and performance (WebP, speculation rules) on the marketing layer, while deliberately withholding self-serve product access, documentation, and pricing from unauthenticated visitors. This creates a two-tier experience: technical decision-makers who want to kick tires will hit a wall, while budget-holding executives who expect to engage with a sales team will find a clean, fast, and secure entry point.

For developer-focused competitors like Kubecost or Kubermatic, CAST AI’s gated approach presents a clear opportunity. Engineers evaluating cost optimization tools often expect to browse API references, watch demo videos, or launch a trial cluster without speaking to sales. When those resources are absent—or not discoverable from the primary domain—developers may self-select toward more transparent alternatives. The lack of observable developer docs, GitHub integrations, or community forums on the public surface suggests that CAST AI either routes these resources through a separate developer portal or simply hasn’t prioritized a self-serve developer experience. Either way, competitors with rich public content can capture organic traffic from technical search queries like “Kubernetes cost optimization guide” that CAST AI appears unequipped to win.

On the other hand, CAST AI’s focus on outbound enterprise sales may be the correct strategy given the high average contract value in its market. If most deals exceed six figures, a Gravity Forms-to-SDR workflow with no ad retargeting and no CRO experimentation is sufficient—and possibly even advantageous, because it avoids diluting the sales team’s focus with unqualified leads. The robust email authentication stack ensures that sales emails reach inboxes, and the CDN edge shields the brand from performance degradation or DDoS attacks that could undermine credibility during procurement.

The absence of ABM platforms like Demandbase or 6sense on the homepage could indicate that CAST AI uses intent data from third-party sources (ZoomInfo, Bombora) rather than on-site behavioral scoring. The Google Tag Manager setup provides a hook for later pixel insertion, but the lack of currently active pixels suggests either a deliberate privacy-first stance or a heavy reliance on event-based tracking at trade shows and outbound campaigns. For competitors running multi-channel ABM with robust ad tech stacks, CAST AI’s lean setup may appear vulnerable—yet it also means fewer third-party script dependencies, faster page loads, and reduced GDPR compliance risk, all of which resonate with risk-averse buyers.

Finally, the dual-CDN architecture with Fastly and Cloudflare hints at a product infrastructure that competitors should investigate further. If CAST AI uses Fastly for product API acceleration—perhaps for real-time cost anomaly detection streams or cluster right-sizing recommendations—then its edge platform may offer latency advantages that competitors relying solely on CloudFront or Cloudflare cannot match. This is speculation, but the presence of a secondary CDN on a single marketing page is sufficiently unusual to warrant deeper technical reconnaissance of the underlying platform that the marketing site is designed to hide.

Key Takeaways for Founders and Product Leaders

Entrepreneurs and engineering leaders building enterprise SaaS platforms can extract several actionable insights from CAST AI’s tech stack strategy:

  • A minimal public stack can support a high-value enterprise motion, but it must be paired with robust outbound sales. CAST AI’s WordPress + Gravity Forms + Google Tag Manager setup is trivial to deploy, yet it feeds a sales process that likely closes deals worth hundreds of thousands annually. The stack’s simplicity frees engineering resources to focus on the core Kubernetes optimization engine rather than on marketing automation. Founders considering a similar approach should ensure that their outbound sales and partner channel are strong enough to compensate for the absence of a self-serve funnel.
  • Security infrastructure is a go-to-market signal, not just a defense mechanism. The visible configuration of DNSSEC, SPF, DKIM, and DMARC quarantine communicates to procurement teams that the company values data integrity. Deploying these protections early—and even publishing a DMARC aggregate report address—can accelerate enterprise trust before a formal security review begins. For B2B startups, having this stack live from day one is a low-effort way to signal operational maturity.
  • Performance optimization without CRO creates a fast but static experience. CAST AI’s use of WebP images and speculation rules shows an engineering-driven approach to page speed, yet the absence of Hotjar, Optimizely, or even a Google Optimize container means the team is not learning from on-site user behavior. For companies that must generate inbound demand, treating performance as the endpoint rather than the starting point for conversion optimization leaves revenue on the table. Founders should consider whether their marketing site is merely a brochure or a living growth asset.
  • Withholding product surfaces is a valid strategy if your sales motion doesn’t depend on developer evangelism. CAST AI’s opaque public presence means that technical evaluators cannot assess the product without engaging sales. For a platform whose buyers are often platform engineering VPs rather than individual developers, this gating may be optimal. But if your target buyer includes hands-on engineers who influence purchasing, providing self-serve docs, sandboxes, and transparent pricing is table stakes. Assess your buyer personas honestly before mimicking CAST AI’s closed approach.
  • Dual CDNs on a marketing site hint at deeper platform complexity worth investigating. The co-presence of Cloudflare and Fastly is a strong signal that CAST AI’s product architecture may involve real-time data pipelines that benefit from Fastly’s edge computing capabilities. Founders building latency-sensitive platforms should consider whether edge infrastructure choices visible on public domains can reveal competitive strengths—or inadvertently expose architectural vulnerabilities to curious competitors.

The Strategic Value of an Incomplete Picture

CAST AI’s public tech stack is a study in deliberate minimalism. On the surface, WordPress, Gravity Forms, and a handful of performance plugins present a façade that any competitor could replicate in an afternoon. Beneath that surface, however, the security infrastructure (DNSSEC, DMARC), the dual-CDN edge (Cloudflare + Fastly), and the disciplined absence of public product leaking reveal a company that is playing a longer, enterprise-focused game. Every piece of visible technology serves a specific purpose: capture high-intent leads, ensure global performance, and signal operational maturity to risk-averse buyers.

For those evaluating the Kubernetes cost optimization market, the real lesson is that the most important parts of CAST AI’s stack remain hidden by design. The platform that actually reduces cloud bills—the machine learning models, the scheduling algorithms, the data pipeline that ingests cloud provider pricing in real time—is invisible from the public edge. And that’s exactly the point. In a market where technical differentiation is paramount, CAST AI has chosen to protect its core while using the public web primarily as a secure, performant loading dock for enterprise leads. Whether this strategy holds as the company scales upmarket against competitors with more transparent product-led motion remains to be seen, but the signals from this analysis paint a picture of a well-architected company that knows exactly which pieces of its stack to show—and which to keep behind the sales curtain.

Tech stack detected from public signals — using automated code analysis, DNS profiling, and browser-level inspection across https://cast.ai. No privileged access. No guessing.

Send cast's Full Strategy Report

Get the complete 5-module analysis delivered to your inbox

GTM Stack

Demand generation & routing

Funnel Design

Conversion path & user journey

Product Architecture

Infrastructure & delivery

Growth Maturity

SEO, content & lifecycle

Enterprise Readiness

Trust, security & scale