Start free · Scale with your needs
Pricing.
Start with a free Snapshot - passive, public-surface only, no authorization required. Step up to an authorized Assessment for the full picture. Add continuous monitoring to stay current.
Snapshot
Passive, public-surface only. No account required.
- Public MCP server surface scan
- Grade A-F with rationale
- OWASP Agentic Top 10 findings
- Remediation hints
- No scanning or exploitation
Assessment
Signed, authorized deep engagement. Scoped per system.
- Full OWASP Agentic Top 10 coverage
- NIST IR 8596 alignment
- Prompt injection testing
- Tool abuse path analysis
- Data exfiltration risk assessment
- Signed assessment report
- Remediation roadmap
Watch
Ongoing posture monitoring after an Assessment.
- Continuous posture monitoring
- New tool registration alerts
- Configuration drift detection
- Quarterly posture report
- Priority re-assessment
The Assessment report.
Every Assessment delivers a signed report that maps your agent’s security posture to the frameworks your customers’ security teams already use.
- 01Full OWASP Agentic Top 10 coverage
- 02NIST IR 8596 section alignment
- 03Prompt injection testing results
- 04Tool abuse path analysis
- 05Data exfiltration risk assessment
- 06Remediation roadmap with severity priorities
- 07Signed report - ready to share with procurement
Report structure
Executive summary
Grade, key risks, recommended priorities
OWASP Agentic findings
Each finding mapped to LLM01-10 with severity
NIST IR 8596 alignment
Framework mapping for enterprise procurement
Remediation roadmap
Prioritized fixes, not a wall of citations
Signed declaration
Assessment scope, methodology, dated sign-off
What is the OWASP Agentic Top 10?
The OWASP Agentic Top 10 is a list of the most critical security risks specific to AI agents - prompt injection, tool misuse, excessive permissions, and more. Watch maps every finding to these categories so you and your customers can speak the same language as their security teams.
What is NIST IR 8596?
NIST IR 8596 is NIST's guidance on AI agent security - a framework for understanding and mitigating the risks specific to autonomous AI systems. Assessment reports map findings to NIST IR 8596 alongside OWASP Agentic to give you the evidence that enterprise and government customers expect.
Is the Snapshot really passive?
Yes. The Snapshot observes your MCP server's public surface - tool schemas, exposed capabilities, configuration visible without authentication - and does nothing that could be considered scanning or exploitation. No authorized engagement is required. For deeper testing, the Assessment requires a signed authorization.
Do you need access to my production system?
The Snapshot needs only the public URL of your MCP server or agent endpoint. The Assessment and Watch are authorized engagements and are scoped with you before any work begins - what access is needed and what is out of scope is agreed in writing first.
What does 'source-available' mean for the collector and scanner?
BSL (Business Source License) and FSL (Functional Source License) are source-available licenses - the code is readable and auditable by anyone, but commercial use is restricted without a commercial license. For a security tool, being able to read the code that runs inside your environment is the trust feature. The control plane is proprietary.
Tell us what you run.
A short note is enough to start. We’ll reply to scope the assessment to your AI systems and confirm what’s in scope before any work begins.
OWASP Agentic Top 10 · NIST IR 8596 · Signed report