What is Agent-as-a-Service pentesting?

Agent-as-a-Service (AaaS) pentesting lets you chat with autonomous pentesting agents that scan your application on demand. Instead of waiting weeks for a manual engagement, you talk to specialized agents — pen-scout (recon and surface mapping), pen-recon (deeper enumeration), pen-triage (validates and prioritizes findings), pen-fixer (remediation guidance), and pen-compliance (OWASP/standards mapping). Findings are validated with proof-of-concept and re-test, not just flagged. You start with 150 free credits, no credit card.

What are credits and how do they work?

Credits are how you run agent scans. Each scan or agent action consumes credits based on its depth. New accounts get 150 free credits with no card required. After that you can buy one-time credit packs ($29, $79, or $199) for pay-as-you-go use, or subscribe to a monthly tier ($49, $149, or $399/mo) for continuous, on-demand pentesting. The agents pen-scout, pen-recon, pen-triage, pen-fixer and pen-compliance all draw from the same credit balance.

Yes. Every new account gets 150 free credits with no credit card required — enough to chat with the pentesting agents and run real scans against your app. There is also a free security headers scan at sable.somoswilab.com/free-scan and a sample report at sable.somoswilab.com/sample-report. The free tier runs on OpenRouter models so you can evaluate the autonomous agents before paying.

What is penetration testing for startups?

Penetration testing (pentesting) is a simulated cyberattack against your application to find security vulnerabilities before real attackers do. For startups, we focus on the issues that matter most at your stage: authentication flaws, data exposure, API security, and common mistakes in modern stacks like Next.js, Supabase, and Firebase.

How much does a pentest cost?

Traditional pentests cost $10,000-$50,000+. SableOffensive starts at $29 for a Pre-Launch Check covering OWASP Top 10 and secrets detection. Founder Shield ($79) adds IDOR testing, auth bypass, and a debrief call. Scale Secure ($199) is a full-scope assessment. Every plan includes a professional report with remediation steps.

How long does a security scan take?

Pre-Launch Check reports are delivered within 24-48 hours. Founder Shield and Scale Secure may take 2-3 business days depending on the complexity of your application.

What do I need to provide?

At minimum, just your application URL. For more comprehensive testing, we may ask for staging credentials, API documentation, or GitHub repository access. We sign NDAs for all engagements.

What is OWASP Top 10?

OWASP Top 10 is the industry standard list of the most critical web application security risks. It includes injection attacks, broken authentication, cross-site scripting (XSS), server-side request forgery (SSRF), and security misconfigurations. Every SableOffensive assessment tests against the full OWASP Top 10.

Do you test AI-generated code?

Yes. Code generated by AI tools like Cursor, GitHub Copilot, and v0 often contains subtle security issues: hardcoded secrets, missing input validation, insecure API patterns, and overly permissive access controls. We have specific testing procedures for AI-generated codebases.

How do you secure Supabase and Firebase apps?

For Supabase, we audit Row Level Security (RLS) policies, test for direct table access, and check for exposed service keys. For Firebase, we review security rules, test Firestore/RTDB access patterns, and check Cloud Functions for vulnerabilities.

What if you find zero vulnerabilities?

50% money back guarantee. If our scan finds zero security issues, you get half your money back.

Is there a free pentesting option?

Yes. SableOffensive offers a free security headers scan at sable.somoswilab.com/free-scan. It instantly checks your website for 8 critical security headers (HSTS, CSP, X-Frame-Options, and more) and gives you an A-F grade with copy-paste fixes. No signup or payment required.

Can I get a free vulnerability scan?

Our free security headers check scans your website instantly and grades your security posture. For a deeper free assessment, contact us — we occasionally offer complimentary scans for early-stage startups and open source projects.

CVE-2026-22778: vLLM RCE Vulnerability - Send Video, Get Shell

TL;DR: What We Found

175K+

Servers Exposed

globally on Shodan

130

Countries

affected worldwide

91,403

Attack Sessions

Oct 2025 - Jan 2026

9.8

CVSS Score

CRITICAL severity

Impact: Complete server compromise without authentication. Affects vLLM 0.8.3 - 0.14.0 with multimodal video support. Patch available in 0.14.1+.

The Attack Chain: 2-Stage Exploitation

The vulnerability exploits a heap overflow in OpenCV's JPEG2000 decoder, combined with an information leak that bypasses ASLR. Together, they provide reliable RCE.

1Information Leak (ASLR Bypass)

Attacker sends invalid/malformed image to multimodal endpoint

PIL (Pillow) throws exception with heap memory address

vLLM returns error to client with BytesIO object address

ASLR entropy reduced from ~4 billion to ~8 attempts

2Heap Overflow → RCE

Attacker sends malicious video URL with corrupted JPEG2000

OpenCV/FFmpeg (v5.1.x) processes video frames

Manipulated "cdef" box redirects Y-plane to U-buffer

9,600 bytes overflow → overwrites function pointers → system()

heap-overflow.md

# JPEG2000 Channel Overflow Calculation

Y-plane data: 9,600 bytes

U-buffer size: 2,400 bytes

Overflow: 7,200 bytes → RCE

Vulnerable Models (Video-Capable)

LLaVA

LLaVA-NeXTLLaVA-OneVision

Qwen-VL

Qwen2-VLQwen3-VL

InternVL

InternLM-XComposer

Phi-Vision

Phi-3-VisionPhi-3.5-Vision

Others

PixtralMolmoVideo-LLaMA

Vulnerable:0.8.3 - 0.14.0

Patched:≥ 0.14.1

Global Exposure: 175,000+ Servers

Geographic Distribution

🇨🇳China

30%

🇺🇸United States

15%

🇩🇪Germany

🇫🇷France

🇰🇷South Korea

🇮🇳India

🇷🇺Russia

🇸🇬Singapore

🇧🇷Brazil

🌍Others

22%

Exposure Statistics

OpenAI-compatible API

Same attack vector

88.9%

Tool-calling enabled

Higher risk

48%

No safety guardrails

Completely open

201

Est. abuse cost/day

Per compromised server

$46K

Active Attack Campaign (GreyNoise Data)

Oct 2025 - Jan 2026

91,403

Total attack sessions

Dec 28 - Jan 8 (11 days)

80,469

88% of all attacks

88% acceleration: Most attacks occurred in just 11 days, indicating active exploitation campaigns.

Our Stealth Reconnaissance

We conducted stealth reconnaissance through Tor to identify exposed vLLM endpoints. All scanning was passive - no exploitation attempts were made.

Provider	Status	Models	Multimodal	Risk
DeepInfra	OPEN	132	6	Medium
OpenRouter	OPEN	Router	N/A	Low
Together AI	AUTH	Unknown	Yes	Low

Responsible Reconnaissance

All scans routed through Tor (exit: 205.185.113.8). No exploitation attempts. Detection and documentation only.

LLMjacking: The Business Impact

Compromised vLLM servers are monetized through "LLMjacking" - unauthorized use of AI infrastructure for spam, disinformation, crypto mining, or API resale.

Compute Theft

GPU resources used for unauthorized inference or crypto mining

Data Exfiltration

Access to models, training data, and conversation history

API Resale

Stolen access sold on criminal marketplaces (silver.inc)

Lateral Movement

Pivot to other systems in the network

Operation Bizarre Bazaar

Active criminal marketplace (silver.inc) selling access to compromised LLM endpoints. Documented by Trend Micro and Pillar Security.

Immediate Mitigation Steps

P024hUpdate vLLM

pip install --upgrade vllm>=0.14.1

P024hDisable Video Models

# Use text-only models if video not needed
# Remove: llava, qwen-vl, phi-vision, etc.

P11 weekEnable Authentication

vllm serve model_name --api-key YOUR_SECRET_KEY

P11 weekFirewall Rules

iptables -A INPUT -p tcp --dport 8000 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j DROP

P21 monthReverse Proxy + WAF

# nginx.conf
location /v1/ {
  auth_basic "vLLM API";
  proxy_pass http://localhost:8000;
}

Disclosure Timeline

Jan 2026

CVE-2026-22778 discovered by Orca Security

Jan 2026

CVE officially assigned (CVSS 9.8)

Jan 2026

vLLM 0.14.1 released with patch

Jan 29, 2026

SentinelOne/Censys publish exposure statistics

Feb 4, 2026

Sable Security completes stealth reconnaissance

Running vLLM in Production?

Get a professional security assessment to identify vulnerabilities before attackers do. We specialize in AI infrastructure security.

AI Infrastructure Audit Follow @Alejandxr_

This research was conducted for defensive purposes only. All testing was stealth reconnaissance. No user data was accessed or stored.

vLLM RCE: Send a Malicious Video, Take Over AI Servers

TL;DR: What We Found

The Attack Chain: 2-Stage Exploitation

Vulnerable Models (Video-Capable)

Global Exposure: 175,000+ Servers

Geographic Distribution

Exposure Statistics

Active Attack Campaign (GreyNoise Data)

Our Stealth Reconnaissance

LLMjacking: The Business Impact

Immediate Mitigation Steps

Disclosure Timeline

Running vLLM in Production?

Free Security Headers Check

Full Pentest — from $29