§ Pricing
Pricing that scales with what you break.
Start free. Scale with your scan volume. Custom for enterprise.
Free
$0forever
Prove the product works on one AI app you own.
- 3 scans total (lifetime)
- AI app surface only
- Safe Mode only
- DNS-verified domains required
- Watermarked replay clips (30 to 60 seconds)
- Public Attack Atlas access
- OWASP LLM Top 10 mapping in reports
- 1 day scan retention
- 1 seat
Starter
$79/mo billed annually
$948 per yearFor indie builders shipping an AI app.
- 10 scans per billing cycle (resets on successful payment)
- AI app surface (prompt injection, tool abuse, RAG poisoning, agent hijacking, MCP exploitation, multi-turn jailbreaks)
- Safe Mode
- Copy-paste fix suggestions (no GitHub integration)
- 7 day scan retention
- No watermark on replay clips
- 1 seat
Most popularPro
$249/mo billed annually
$2,988 per yearFor AI startups shipping weekly and platform teams.
- 50 scans per billing cycle (resets on successful payment)
- AI app + Web + API surfaces
- Safe Mode and Aggressive Mode (per-domain verification required)
- GitHub Action: fail builds if exploits succeed on PR previews
- Generate Patch button opens automated GitHub PRs
- Replay-Patch-Re-test loop
- 30 day scan retention
- 3 seats
- Priority scan queue
- Proof of impact outputs on every finding
Business
$849/mo billed annually
$10,188 per yearFor boutique pentest consultants and AI platform teams.
- 200 scans per billing cycle (resets on successful payment)
- All surfaces including Cloud (AWS, GCP, Azure) and Hosts
- OSCP-grade host exploitation: known-CVE exploitation, Linux and Windows privesc, credential harvesting, lateral movement
- Full AD attack chain: Kerberoast, AS-REP, Pass-the-Hash, Pass-the-Ticket, DCSync, Silver and Golden tickets, delegation abuse, ACL abuses, coercion and relay
- Cloud GPU pool for offline hash cracking
- Safe and Aggressive Mode
- White-label reports with your logo, colors, branding
- BYOE: bring your own custom attack payloads
- Client workspace isolation
- OWASP LLM Top 10 + SOC 2 + ISO 27001 compliance mapping
- 90 day scan retention
- 10 seats
- Priority support via email
Enterprise
Customcontract
For internal security teams at AI-first companies. Unlimited scans across every surface, SSO, on-prem or VPC, dedicated reviewer, and a custom SLA.
- Unlimited scans
- All surfaces
- SSO (SAML, OIDC), RBAC, detailed audit logs
- Private Exploit Memory (opt out of shared dataset)
- On-prem or VPC deployment available
- Dedicated security audit reviewer (quarterly business reviews)
- Custom SLA with uptime guarantees
- Source code access for compliance review (engine and agent under license)
- Dedicated support channel (Slack Connect or email)
- Annual contract required
§ Compare
Feature comparison
| Feature | Free | Starter | Pro | Business | Enterprise |
|---|---|---|---|---|---|
| Scanning | |||||
| Scans | 3 lifetime | 10 / cycle | 50 / cycle | 200 / cycle | Unlimited |
| AI surface | |||||
| Web + API surfaces | — | — | |||
| Cloud + Hosts surfaces | — | — | — | ||
| Aggressive Mode | — | — | |||
| Replay | |||||
| Replay clips | Watermarked | Clean | Clean | Clean | Clean |
| Scan retention | 1 day | 7 days | 30 days | 90 days | 365 days |
| Remediation | |||||
| Copy-paste fixes | — | ||||
| GitHub PRs | — | — | |||
| CI / Replay-Patch-Re-test | — | — | |||
| Compliance | |||||
| OWASP LLM Top 10 | |||||
| OWASP Web Top 10 | — | — | |||
| SOC 2 + ISO 27001 | — | — | — | ||
| Team | |||||
| Seats | 1 | 1 | 3 | 10 | Unlimited |
| BYOE custom payloads | — | — | — | ||
| Enterprise | |||||
| SSO (SAML, OIDC) | — | — | — | — | |
| RBAC + audit log | — | — | — | — | |
| On-prem / VPC | — | — | — | — | |
| Private Exploit Memory | — | — | — | — | |
| SLA | — | — | — | — | |
§ FAQ