pricing
Simple pricing.
Fixed scope. Fixed price.
new client offer
Pilot engagement — $0 upfront
We test one attack surface for 48 hours at no cost. If we find substantial vulnerabilities, the Starter package price ($1,500) becomes due. Find nothing, owe nothing. Requires a signed scoping agreement before work begins.
- +Single surface, 48-hr window
- +Full report on payment
- +Converts to Starter on findings
- +Limited availability
$1,500
One app or API. Full automated attack + manual verification.
- +Single app or API surface
- +3,000+ signature scan
- +AI-powered analysis
- +Manual exploit verification
- +PDF report with reproduction steps
- +5-day turnaround
$4,000
Your entire stack. Run through Project Triage.
- +Full web + API + cloud surface
- +Source code analysis
- +Encryption + key strength testing
- +AI business logic + chain analysis
- +Every finding exploited and verified
- +Executive summary + technical report
- +60-min team debrief
- +Free re-test after patches
$2,500/mo
Every deploy gets tested. Every sprint.
- +Continuous scanning on every deploy
- +Priority 48-hr turnaround on new features
- +CI/CD pipeline integration
- +Direct Slack alerts on new findings
- +Quarterly executive summary
- +Unlimited re-tests
faq
Common questions
Web apps, APIs, cloud, auth systems, AI features. If it's online, we can attack it.
Staging access and a 15-minute scoping call.
Non-destructive by design. We agree on boundaries first.
Hasn't happened yet.
You sign a scoping agreement, define one attack surface, and we test it for 48 hours at no cost. If we find substantial vulnerabilities (CVSS 7.0+ or equivalent), the Starter package price of $1,500 becomes due. You receive a finding summary first — the full technical report and PoC are released on payment. If we find nothing, you owe nothing.
Scanners dump 500 alerts. We deliver 15 verified exploits.
Yes. Works for SOC 2, ISO 27001, and vendor questionnaires.
Ready to get started?
Start a conversation