What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

Anthropic MCP RCE: 7,000 Servers Exposed and Why L1 Fast-Path Matters

What Happened

Cybersecurity researchers disclosed a critical design vulnerability in Anthropic's Model Context Protocol (MCP) that enables remote code execution. The flaw affects more than 7,000 publicly accessible MCP servers and a software ecosystem with over 150 million downloads. The disclosure landed this week, and exploitation in the wild has already been observed.

Why MCP Is a High-Value Target

MCP is the connector layer between LLMs and the rest of the world: filesystems, databases, internal APIs, ticketing systems, GitHub, browsers. A compromised MCP server effectively hands the attacker the same permissions the LLM was granted — which, in most agentic deployments, is far broader than the human operator realizes.

Three properties make MCP attractive to attackers:

Trust by default. Many MCP integrations execute tool calls without per-call authorization.
Long-lived sessions. Tokens and connections persist across many user interactions.
Implicit privilege escalation. Servers often run with developer credentials, not service-account least privilege.

The Payload Pattern

The class of payload exploits how MCP server implementations handle tool definitions and parameters. The signature is detectable at the request layer: a malformed or oversized tool descriptor, embedded shell metacharacters in arguments, or context smuggling via tool-result fields. These signatures are precisely the kind of thing a regex fast-path catches before any model server sees the bytes.

How AEGIS L1 Catches This

AEGIS is a five-layer open-source SOAR. Layer 1 is a regex fast-path that runs at the network edge in roughly 18 microseconds per request — faster than most CPU context switches. The L1 ruleset for MCP-class payloads matches:

Shell metacharacters in tool arguments
Oversized or malformed JSON-RPC envelopes
Known IOC strings from the disclosed PoCs
Suspicious tool descriptors with embedded code

When L1 fires, the request never reaches the model server. AEGIS L4 SOAR then triggers a playbook: rotate the affected MCP server's token, snapshot the workspace, and notify the on-call channel.

What To Do Now

Inventory your MCP servers. Internal and externally exposed. Tag each with the credentials it holds.
Patch immediately. Track Anthropic's CVE disclosure and apply server-side fixes.
Network-layer block. If you can't patch fast, drop external traffic to MCP ports until the patched version is deployed.
Add detection. AEGIS L1 rules ship in the public repo; copy them into your existing WAF if AEGIS isn't deployed yet.
Rotate. Any token a compromised MCP server held should be considered exposed.

Bottom Line

Agentic AI infrastructure is now a first-class target. Defending it requires the same layered controls we apply to web apps — only faster, because the attack surface is wider. AEGIS exists to make that defense self-hosted, auditable, and deployable in an afternoon.

Sources

The Hacker News - Anthropic MCP RCE disclosure