What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

About SableOffensive | The Researchers Behind the Pentesting Agents

80+

Vulnerabilities Found

Startups Audited

CVEs Published

Our Mission

The cybersecurity industry has a pricing problem. Traditional pentests cost $10,000-$50,000+, putting professional security out of reach for early-stage startups, indie hackers, and bootstrapped teams. Meanwhile, these are exactly the teams shipping the fastest -- often with AI-generated code, BaaS platforms like Supabase and Firebase, and minimal security review.

We built SableOffensive to close that gap. Our tiered pricing (starting at $29) makes it possible for any founder to get a professional security assessment before their MVP goes live. We pair expert security research with autonomous pentesting agents you can chat with on demand — validated findings, proof-of-concept, and re-test — without the enterprise price tag.

We are not just scanners. Every engagement includes manual review by experienced security researchers who understand modern startup stacks -- Next.js, React, Supabase, Firebase, AI integrations, and more.

The Team

Alejandro

Lead Security Researcher

Published CVE researcher with deep expertise in web application security, API testing, and AI infrastructure vulnerabilities. Specializes in OWASP Top 10, authentication bypass, IDOR exploitation, and cloud-native security assessments.

CVE PublisherOWASP ExpertAI SecurityBaaS Security

Published Research

Our research has identified critical vulnerabilities in widely-used AI infrastructure, contributing to the security of the broader ecosystem.

Moltbot/OpenClaw: 1,673+ Exposed AI Gateways

3 CVEs assigned (CVSS up to 9.6). Discovered 1,673 exposed servers with 55 RPC methods, over 1,000 without authentication.

CVE-2025-6514CVE-2025-49596CVE-2025-52882

OpenClaw: Same Vulnerabilities, Third Rebrand

512 security findings from the Argus audit, 181 leaked secrets, 8 critical vulnerabilities. Infostealers targeting installations.

CVE-2025-49596CVE-2025-6514

vLLM RCE: Malicious Video Takes Over AI Servers

CVE-2026-22778 (CVSS 9.8). 175,000+ exposed servers across 130 countries. Heap overflow via JPEG2000 decoder enables RCE.

CVE-2026-22778

Our Methodology

Real rigor, not just scanners. Every engagement follows a structured methodology where expert research and autonomous pentesting agents validate, prove, and re-test findings.

Reconnaissance

Attack surface mapping, technology fingerprinting, and OSINT gathering -- understanding your application before testing.

Vulnerability Discovery

Expert-led testing backed by autonomous agents that scan on demand. OWASP Top 10, IDOR, auth bypass, business logic flaws, API security.

Exploitation and Validation

Every finding is manually verified. No false positives. We prove impact with safe exploitation to demonstrate real risk.

Reporting and Remediation

Clear, actionable reports with severity ratings, reproduction steps, and specific fix recommendations your developers can follow.

What We Specialize In

OWASP Top 10

Injection, broken auth, XSS, SSRF, misconfigurations, and all standard web vulnerabilities.

API Security

REST/GraphQL testing, BOLA/IDOR, rate limiting, auth bypass, and data exposure.

BaaS Platforms

Supabase RLS policies, Firebase security rules, and cloud-native misconfigurations.

AI-Generated Code

Security review of Cursor/Copilot/v0 code, prompt injection, and LLM integration security.

Authentication Flows

OAuth, JWT, session management, MFA bypass, and credential stuffing resistance.

Infrastructure

CI/CD pipeline security, secrets management, cloud configuration, and deployment hardening.

Ready to Secure Your Startup?

Get a professional security assessment starting at $29. Ship fast, stay secure.

View Pricing Contact Us