What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

Mini Shai-Hulud Worm Hits 172 npm Packages — Including TanStack, Mistral AI, and Guardrails AI

Key takeaway: A self-propagating supply chain worm called Mini Shai-Hulud has compromised over 172 npm and PyPI packages — including major open-source projects like TanStack, Mistral AI, UiPath, and Guardrails AI. The worm, attributed to the threat group TeamPCP, steals developer and CI/CD secrets and uses them to spread further. If your project depends on any TanStack package, audit immediately.

What Happened

On May 11–12, 2026, security researchers detected a massive new wave of the Mini Shai-Hulud supply chain worm spreading across the npm ecosystem. The worm has compromised at least 172 packages across npm and PyPI, including dozens of official @tanstack packages, Guardrails AI, Mistral AI SDKs, and UiPath automation libraries.

The attack was first detected by StepSecurity's OSS Package Security Feed, which flagged anomalous publishes from verified TanStack maintainer accounts. The threat actor behind the campaign is TeamPCP — the same group that previously compromised Aqua Security's Trivy scanner in March 2026 and the Bitwarden CLI npm package in April 2026.

Technical Analysis

Mini Shai-Hulud is a self-propagating worm that operates through a two-stage mechanism. First, it hijacks legitimate maintainer accounts by stealing npm authentication tokens and CI/CD secrets from developers' environments — often through malicious dependencies already present in build pipelines. Once it has valid credentials for a package, the attacker publishes a new "legitimate-looking" version containing the worm payload.

The payload itself is a secret stealer that runs during package installation (via postinstall scripts) or during CI/CD builds, harvesting npm tokens, GitHub personal access tokens, cloud credentials (AWS, GCP, Azure), and environment variables. These stolen credentials are then used to compromise additional packages owned by the same maintainers — creating a self-sustaining propagation chain.

Researchers at EndorLabs noted that over 80 TanStack-specific packages were compromised in this wave alone, including @tanstack/react-query, @tanstack/react-router, @tanstack/react-table, and @tanstack/start. The attackers leveraged trusted publishing workflows rather than breaking into accounts through credential stuffing — making the malicious versions appear fully legitimate in npm audit logs.

Who's Affected

The impact extends far beyond the directly compromised packages. TanStack's ecosystem alone has over 10 million weekly npm downloads, meaning thousands of applications may have pulled compromised versions without knowing it. Any project that npm-installed a TanStack package between May 10–12, 2026 may have had its CI/CD secrets exfiltrated.

Mistral AI and Guardrails AI SDKs were also hit, meaning developers using these AI tooling packages may have leaked API keys and model endpoints. UiPath customers running automation pipelines with affected npm dependencies should assume credential exposure.

The worm's self-propagating nature means the blast radius is still expanding. Every developer who maintains npm packages AND had a compromised dependency in their project is a potential new propagation vector — even if they weren't directly targeted in the initial wave.

How to Protect Yourself

Audit your lockfiles immediately: Check package-lock.json or pnpm-lock.yaml for any TanStack, Guardrails AI, Mistral AI, or UiPath packages with versions published on May 10–12, 2026. Pin to known-good versions
Rotate all CI/CD secrets: npm tokens, GitHub PATs, cloud credentials — treat any secret that was in your CI environment during the May 10–12 window as compromised
Disable postinstall scripts: Run npm install --ignore-scripts as an emergency measure, then audit before re-enabling
Use npm provenance verification: npm supports Sigstore-based provenance checking. Require provenance for all internal packages using npm audit signatures
Restrict publish permissions: Require 2FA for npm publishing, limit who can publish scoped packages, and monitor for unexpected new versions of your dependencies

The Sable Angle

Supply chain attacks like Mini Shai-Hulud are exactly the class of threat that traditional vulnerability scanners miss. The npm audit command checks for known CVEs — it won't detect a malicious package published from a legitimate maintainer account with valid credentials.

At Sable, our offensive security team builds supply chain attack simulations into every red team engagement. We test whether your CI/CD pipeline would detect a postinstall secret stealer, whether your secrets rotation practices survive a token leak, and whether your dependency pinning actually prevents supply chain compromise.

The npm ecosystem processes 1.5 billion package downloads per day. If you can't verify what's inside your dependencies, you're running unaudited code in production — and attackers know it.