What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

Fake OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244,000 Developers

What Happened

A malicious repository impersonating OpenAI's legitimate Privacy Filter model reached the #1 trending position on Hugging Face and accumulated 244,000 downloads before the platform took it down. The repository, named Open-OSS/privacy-filter, typosquatted OpenAI's real project, copied its model card nearly verbatim, and shipped a loader.py file that fetches and executes infostealer malware on Windows machines. Researchers at HiddenLayer discovered the campaign after noticing the repo trending, and multiple security outlets confirmed the findings within hours.

Technical Analysis

The attack uses a multi-stage chain designed to evade static scanning and behavioral detection:

Stage 1 — The Bait: The repo presents itself as OpenAI's Privacy Filter with a cloned model card, gaining organic trust from the ML community. Users clone and run start.bat or python loader.py as instructed in the README.
Stage 2 — Dead-Drop Resolver: loader.py does not contain the payload directly. Instead, it queries a public JSON "Keeper" dead-drop, which returns the URL of the next stage. This decouples the malware from the repository, allowing operators to hot-swap payloads without modifying the repo — evading Hugging Face's static scanning.
Stage 3 — PowerShell Downloader: The resolver returns a PowerShell command executed as powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden with CREATE_NO_WINDOW flags, making execution fully silent. It downloads a batch script from api.eth-fastscan[.]org.
Stage 4 — Rust Infostealer: The final payload is a compiled Rust binary. It targets Chromium and Gecko browser data (cookies, saved passwords, encryption keys, session tokens), Discord tokens and master keys, cryptocurrency wallets and browser extensions, SSH/FTP/VPN credentials including FileZilla configs, wallet seed files, and multi-monitor screenshots.
Stage 5 — Exfiltration: Collected data is packaged into a JSON payload, gzip-compressed, and exfiltrated via HTTP POST with a Bearer authorization header to recargapopular[.]com.

The Rust binary also includes anti-analysis checks: it detects debuggers, sandboxes, and virtual machines, disables AMSI and ETW for behavioral evasion, and uses an ephemeral persistence model via a scheduled task that self-destructs before reboot, leaving almost no forensic artifact (GRID THE GREY).

Who's Affected

The direct target is AI/ML practitioners and developers who downloaded and executed the repo on Windows machines. With 244,000 downloads before takedown, the potential blast radius is significant:

Browser sessions — Session cookies and OAuth tokens can be used to bypass MFA on email, cloud, and corporate SSO portals, even if passwords were not saved.
Developer credentials — SSH keys, FTP credentials (including FileZilla), and cloud provider tokens were explicitly targeted, meaning CI/CD pipelines and production infrastructure could be at risk.
Cryptocurrency wallets — Seed phrases, keystores, and wallet extension data were harvested. Any funds in affected wallets should be considered compromised.
Discord — Tokens and master keys were stolen, enabling account takeover and potential lateral movement through developer communities.

The attack is notable for its supply chain angle: Hugging Face is the de facto distribution platform for AI models, with millions of downloads daily. A malicious repo reaching #1 trending means it was surfaced to the entire platform's active user base (BleepingComputer).

How to Protect Yourself

If you interacted with Open-OSS/privacy-filter or any Hugging Face repo you don't fully trust, take these steps immediately:

Assume compromise if you executed anything. Running start.bat or python loader.py on Windows means the full chain likely executed. Treat the system as fully compromised.
Rotate all credentials. Change passwords for email, cloud providers, GitHub/GitLab, VPN, and any service where session cookies may have been stolen. Revoke OAuth tokens and API keys.
Move cryptocurrency funds. Transfer all wallet funds to a new wallet generated on a clean device. Assume seed phrases and keystores are compromised.
Invalidate Discord sessions. Reset your password and revoke all authorized apps. Discord tokens were explicitly targeted.
Block IOCs at the network edge. Block recargapopular[.]com and api.eth-fastscan[.]org at your firewall/proxy. Hunt historically for any connections to these domains.
Audit your Hugging Face usage. Review any repos cloned in the past 30 days. Verify the publisher identity before executing any setup scripts.
Never run untrusted setup scripts. A model repository should contain weights, configs, and documentation — not .bat files or loader.py scripts that fetch remote code. If a repo asks you to execute something, that's a red flag.

The Sable Angle

This attack is a textbook example of why offensive security research matters. The operators behind Open-OSS/privacy-filter used the same techniques red teams deploy daily: dead-drop resolvers, living-off-the-land binaries (PowerShell), compiled payloads for evasion, and ephemeral persistence. Understanding how these chains work is the first step to breaking them.

At Sable, our offensive engineers run supply chain compromise simulations as part of engagements — testing whether your CI/CD pipeline, developer workstations, and model registries can detect and block exactly this kind of attack. If your team ships AI/ML code or consumes models from public registries, this isn't theoretical. It's Tuesday. Check our research archive for more on supply chain threats, and reach out if you want to stress-test your defenses before the next 244,000-download surprise.