We run hands-on web pentests, operate two SaaS platforms (EASM for external attack surface, SecAI for AI-native application security), and open-source the tooling we end up building along the way. Led by an OSWE-certified consultant; every product starts from a real engagement.
| Pentest | Black-box and white-box web engagements, OSWE-led. OWASP / PTES methodology, prioritized report, free retest. |
| EASM | Continuous discovery of your external attack surface (domains, IPs, certificates, APIs), with exploitability validated by AI. |
| SecAI | AI-native AppSec: deterministic SAST with an LLM verifier and full taint chains, AI DAST, and an autonomous pentest agent. |
| Open source | The tooling our engagements kept needing. Local-first, no telemetry, readable code. |
| Research | SecLLM: distilling how humans actually find vulnerabilities into an agentic security model. |
Need a pentest, or want to try EASM / SecAI? Get in touch. Offensive security, done in the open.