AI agent with real exploit chaining, multi-tenant by design, self-host or SaaS. Built for consultancies and security teams who can't afford $35k/yr to run an autonomous pentest.
Real agent output from an authorized test on our lab. Approval gates, kill switch, scope enforcement — all built in.
Positioning
Nobody occupies the exact square we're aimed at — self-hostable, multi-tenant, AI-agent-included, mid-market pricing. We named the gaps we fill.
Autonomous
Continuous AI agent with approval gates, kill switch, scope enforcement. Runs on your infrastructure, your API keys, your data. $499/mo self-host vs. NodeZero's $50k+/yr.
Reporting
Full pentest management — findings library, branded PDFs, client portal, retest workflows, Jira/Slack — with a real agent driving discovery. True DB-enforced multi-tenancy built for MSPs.
Extensible
Bring your own tools via Model Context Protocol. Bring your own methodology via the knowledge graph. One of the only commercial pentest platforms future-proofed for 2026's agent ecosystem.
What you get
Everything a boutique consultancy or mid-enterprise security team needs to run authorized engagements end-to-end. No bolt-ons, no seat tax, no consultants required.
Claude + GPT tool-use loop with approval gates on destructive actions, a kill switch on every run, budget caps, and DB-enforced scope. Human-in-the-loop chat mid-run — interrupt, redirect, ask questions.
Every row scoped by org_id, enforced at the DB level — not bolted on. Perfect for MSPs and consultancies serving dozens of clients from one deployment.
Nmap, Nuclei, Metasploit RPC, OWASP ZAP — via dedicated Celery queues with rate limits, sanitized inputs, and a flag allowlist. SSE live output streaming to the browser, not curated summaries.
Automatic MITRE ATT&CK, CVSS v3.1, EPSS and CISA KEV enrichment. Framework mapping for PCI-DSS, SOC 2, HIPAA, NIST 800-53, OWASP Top 10, CIS v8. Client portal for external review.
AI-drafted executive summaries and remediation roadmaps. Jinja2 + WeasyPrint PDFs with your logo, colors, and content. Templates library for findings writeups — seeded from OWASP and CWE-Top-25.
Apache 2.0. Run it on your metal, your VPS, your cloud. Bring your own LiteLLM-supported model (Claude, GPT, Llama, anywhere). All data stays with you; agent cost tracked per org.
Stack
Pricing
Community is free forever. Paid tiers unlock the AI agent, priority support, and white-label portals. All tiers include every feature on this page — we don't gate table stakes.
Community
Self-host for solo pentesters exploring the platform.
Solo
Everything in Community, plus the AI agent.
Small Business
For teams running 10+ client engagements a quarter.
Enterprise
For internal red teams and security departments.
Cloud tiers available from $79/mo · Per-client-org billing for MSP / Consultancy on request · All prices in USD
Why not them?
Pulled from public pricing pages and analyst reports. We show ours next to theirs — you decide.
| AttackMesh | PlexTrac | Pentera | Cobalt.io | vPenTest | |
|---|---|---|---|---|---|
| Entry price | $49/mo | $8,000/yr | $35,000/yr | $15k+/yr + credits | $2,999 |
| Autonomous AI agent | ✓ full loop | ~ writeup AI only | ✓ | ~ recon only | ✗ |
| Self-hostable | ✓ Docker | ~ enterprise tier | ✗ | ✗ | ✗ |
| True multi-tenancy (MSPs) | ✓ DB-enforced | ~ | ✗ | ~ | ✓ |
| Tool orchestration built-in | ✓ 4 tools | ✗ imports only | ✓ proprietary | ~ | ~ network only |
| MCP tool extensibility | ✓ roadmap | ✗ | ✗ | ✗ | ✗ |
| Open source | ✓ Apache 2.0 | ✗ | ✗ | ✗ | ✗ |
| You own your data | ✓ always | ~ cloud default | ~ cloud default | ✗ SaaS only | ✗ SaaS only |
Data compiled April 2026 from vendor pricing pages, G2 reviews, and public analyst reports. Some markings (~) reflect our judgment of partial coverage and may disagree with vendor self-positioning. Spot something wrong? Email [email protected] and we'll update with citation.
Try the live demo — 18 pages, real data, zero signup. Or clone the repo and run the whole thing on your laptop in 5 minutes.