What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

Cisco Patches CVSS 10.0 Flaw in Secure Workload — Unauthenticated Attackers Could Gain Site Admin via API

Cisco has released emergency patches for a maximum-severity vulnerability in its Secure Workload platform — a flaw so severe it earned the rarest designation in vulnerability scoring: a perfect CVSS 10.0. Tracked as CVE-2026-20223, the bug allows an unauthenticated, remote attacker to gain Site Admin privileges by sending specially crafted requests to the platform's REST API, bypassing authentication entirely.

The implications go beyond a single compromised server. Because Secure Workload is designed to manage micro-segmentation policy across entire enterprise environments — both SaaS and on-premises deployments — this flaw could give an attacker cross-tenant access to sensitive data, configuration controls, and workload management functions across an organization's entire infrastructure.

What Is CVE-2026-20223?

The vulnerability stems from insufficient validation and authentication checks on internal REST API endpoints within Cisco Secure Workload. When the platform processes incoming API requests, it fails to properly verify the caller's identity before granting access to privileged operations. An attacker needs only to send a crafted HTTP request to a vulnerable endpoint.

According to Beyond Machines, the flaw enables unauthenticated attackers to gain Site Admin privileges via crafted API calls, with no user interaction required. The Register characterized it as yet another "perfect 10" bug in Cisco's portfolio this year, underscoring the scope of the issue.

Cisco's own advisory, published on the Cisco Security Advisory portal, confirms the vulnerability allows attackers to "access site resources with the privileges of the Site Admin role" and notes that exploitation requires no authentication whatsoever.

How the Exploit Works

The attack chain is straightforward, which is what makes this vulnerability particularly dangerous:

The attacker identifies a Cisco Secure Workload deployment with exposed or reachable REST API endpoints.
A crafted API request is sent without any authentication token or session cookie.
The platform's insufficient input validation processes the request as if it originated from a privileged Site Admin.
The attacker gains full administrative access, including the ability to read sensitive telemetry data, modify segmentation policies, and — in multi-tenant environments — potentially access data belonging to other tenants.

The Cyber Express reported that the flaw affects both Cisco's SaaS-hosted Secure Workload service and on-premises installations, meaning organizations running either deployment model are potentially exposed. There are no known workarounds — patching is the only remediation.

Impact: Why This Matters Beyond Cisco

Cisco Secure Workload (formerly Tetration) is a foundational component of zero-trust architecture for thousands of enterprises worldwide. It provides micro-segmentation, workload visibility, and policy enforcement across data centers and cloud environments. It is not an edge appliance — it sits at the core of enterprise network security.

An attacker who gains Site Admin access through this vulnerability doesn't just read data — they can:

Modify micro-segmentation policies, potentially opening lateral movement pathways across the entire network.
Access sensitive workload telemetry, including application dependency maps, flow data, and security policy configurations.
Escalate to cross-tenant access in SaaS deployments, impacting multiple organizations from a single exploit.
Disable or alter security posture configurations, leaving environments exposed to follow-on attacks.

CybersecurityNews emphasized that attackers with elevated privileges "may access sensitive data, modify configurations, and potentially impact multiple tenants," making this a high-value target for both nation-state actors and ransomware operators.

Vulert noted that CVE-2026-20223 is one of a small number of vulnerabilities this year to receive the full CVSS 10.0 score, placing it among the most severe disclosed flaws of 2026.

What You Should Do Now

If your organization runs Cisco Secure Workload in any deployment model, the following steps are urgent:

Apply Cisco's security patches immediately. Cisco has released fixed versions — there is no workaround, and mitigation through network controls alone is insufficient given the nature of the authentication bypass.
Audit API endpoint exposure. Review whether Secure Workload REST API endpoints are exposed to untrusted networks or the internet. Restrict access to known management subnets wherever possible.
Monitor for anomalous API activity. Look for unauthenticated requests to Secure Workload API endpoints, unexpected privilege escalations, or configuration changes made outside normal change windows.
Review access logs for indicators of exploitation. There is currently no public evidence of active exploitation in the wild, but a CVSS 10.0 authentication bypass is an attractive target. Assume proactive scanning is already underway.
Validate segmentation integrity. After patching, verify that existing micro-segmentation policies remain intact and that no unauthorized changes were made during the window of exposure.

CVE-2026-20223 is the latest in a series of maximum-severity vulnerabilities disclosed by Cisco in 2026, reinforcing that even the most critical security infrastructure requires continuous vulnerability management. Organizations that deploy Secure Workload as the backbone of their zero-trust strategy must treat this patch with the highest priority.

Cisco's security advisory and patches are available through the Cisco Security portal. Organizations should refer to the advisory for specific affected version numbers and fixed release details.