What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

TrapDoor: 34+ Malicious Packages Hit npm, PyPI, and Crates.io in Coordinated Supply Chain Attack

34+ malicious packages. 384+ versions. Three package ecosystems hit in coordinated waves. The TrapDoor supply chain campaign, first detected on May 22, 2026, is one of the most ambitious cross-ecosystem attacks against developer infrastructure this year — and it is still actively deploying.

What Happened

Starting at 8:20 PM UTC on May 22, 2026, a threat actor began publishing malicious packages across three of the world's largest open-source registries: npm (JavaScript/Node.js), PyPI (Python), and Crates.io (Rust). The campaign, tracked as TrapDoor by researchers at Socket, has sofar compromised at least 34 distinct packages spanning more than 384 published versions and artifacts.

The targets were not random. The malicious packages specifically targeted developer tooling in the cryptocurrency, DeFi, Solana, and AI/ML ecosystems — environments where a single stolen credential can drain wallets worth millions or inject backdoors into production pipelines.

According to Socket's analysis, the campaign is still active as of May 26, with new packages continuing to appear across all three registries. SOC Radar confirmed the credential-stealing payload targets environment variables, API keys, wallet seeds, and browser-stored tokens.

Technical Analysis: How TrapDoor Works

What makes TrapDoor technically notable is its post-publication payload mutation — a technique that most supply chain attacks skip entirely.

On PyPI, the malicious packages contain code that auto-executes on import. Instead of embedding a static payload, the package immediately fetches a remote JavaScript payload from an attacker-controlled GitHub Pages domain using node -e. As ByteIota documented, this lets the attacker update the malware's behavior after publication without pushing a new package version — a detection-evasion step that blinds static analysis tools and most registry-level scanners.

On npm and Crates.io, the packages use similar typosquatting and dependency-confusion strategies, masquerading as legitimate utility libraries for blockchain interaction, AI model tooling, and Solana development. Once installed, the payload:

Harvests environment variables (.env files, shell profiles)
Extracts credentials from config files for AWS, GCP, Docker, Kubernetes
Scans browser profiles for stored session tokens and crypto wallet extensions
Exfiltrates collected data to attacker-controlled endpoints via HTTPS

Phoenix Security noted the campaign also exhibits characteristics of AI poisoning — several malicious packages target AI/ML pipelines where a compromised dependency could corrupt model weights or training data, not just steal credentials.

Impact

The scope is difficult to quantify precisely because the attack is ongoing, but the known numbers are significant:

34+ confirmed malicious packages across three ecosystems (some counts reach 36)
384+ published versions and artifacts
Three of the world's largest package registries (npm, PyPI, Crates.io)
Four high-value target sectors: crypto, DeFi, Solana blockchain, AI/ML
Earliest confirmed activity: May 22, 2026 at 8:20 PM UTC — and still active 4 days later

As CyberSecurityNews reported, the coordinated nature — hitting three ecosystems simultaneously with the same payload infrastructure — suggests a well-resourced threat actor, not an opportunistic script Kiddie. The Hacker News confirmed the campaign spans at least 384 related versions.

How to Protect Yourself

If you are a developer working with npm, PyPI, or Crates.io — especially in crypto, AI/ML, or blockchain — take these steps immediately:

Audit your dependencies. Check package.json, requirements.txt, and Cargo.toml for packages you don't recognize or that were recently added. Cross-reference against Socket's and SOC Radar's published IOCs.
Pin your dependencies using lockfiles (package-lock.json, Pipfile.lock, Cargo.lock) and verify checksums against known-good versions.
Scan for post-install scripts. Any npm package with a postinstall hook that reaches out to external domains during a node -e call should be treated as suspicious. PyPI packages that execute network calls on import are an immediate red flag.
Rotate credentials immediately if you have installed any previously unknown packages in the last two weeks. Assume environment variables, API keys, and wallet seeds are compromised.
Enable 2FA on package publishing. As of this week, npm now requires 2FA for publishing — but this only protects the supply side. On the consumption side, use tools like Socket, Snyk, or Dependabot to catch malicious packages before they enter your environment.
Monitor outbound network traffic from CI/CD pipelines and developer workstations. The TrapDoor payload communicates over HTTPS to attacker infrastructure — network-level detection can catch what static analysis misses.

The Bigger Picture

TrapDoor is the latest in an accelerating wave of supply chain attacks targeting open-source ecosystems. It follows the Mini Shai-Hulud worm that compromised TanStack and Mistral AI packages earlier this month, and the broader trend of threat actors treating package registries as primary distribution channels for malware.

The cross-ecosystem nature of TrapDoor — hitting JavaScript, Python, and Rust simultaneously — signals that attackers are no longer targeting a single language community. If your organization depends on open-source software (and whose doesn't?), supply chain security is no longer optional. It is infrastructure.