Skip to content
ARKENSEC PRO

Continuous offensive security testing,in your workflow.

Push to deploy and it scans. Query findings from Claude Code or Cursor. SARIF lands in GitHub Code Scanning. An autonomous 18-phase pentest that runs where your code already lives — not a PDF you wait a year for.

~/myapp $
arkensec scan myapp.com --tier pro
► 18 phases queued · live progress at dashboard → engagements
WHERE IT RUNS

It runs where you already work.

LIVE

MCP server

mcp.arkensec.com — trigger scans and query findings from Claude Code, Cursor, or any MCP client. Security answers without leaving the editor.

LIVE

Deploy webhook

Wire the GitHub webhook and every push to deploy fires a fresh scan. New code, new attack surface, same coverage.

LIVE

SARIF export

Every engagement exports SARIF 2.1.0 — findings land in GitHub Code Scanning next to your other alerts, not in a separate inbox.

SOON

CLI

arkensec scan from your terminal and CI. The device-flow auth backend is already live; the CLI ships next.

THE PIPELINE

18 phases. 9 AI decisions. One scan.

Recon → exploitation-validation → reporting → retest. Nine AI decisions per scan adapt the attack plan to what each phase finds — this is not a fixed checklist.

0
phases
0
AI decisions / scan
0+
security tests
0+
offensive tools
PHASES 0–2

Map the attack surface

Subdomains, open ports, exposed services, tech stack — a full inventory of what an attacker can see before any test fires.

PHASES 3–6

Test every endpoint

Security headers, CORS, API auth, JWT handling, SQL injection, XSS. When Phase 5 turns up working credentials, the pipeline logs in and keeps testing from inside.

PHASES 7–8

Find what scanners miss

Business-logic flaws, race conditions, workflow bypasses, and AI/LLM prompt injection — bug classes that require reasoning about your app, not pattern-matching it.

PHASES 11–12

Cloud, supply chain & modern vectors

S3 exposure, dependency audit, subdomain takeover, HTTP request smuggling, WebSocket hijacking, cache poisoning.

PHASE 13

Map findings to 8 frameworks

Every finding tagged to the controls it affects — PCI DSS 4.0, SOC 2, HIPAA, ISO 27001, NIST CSF 2.0, OWASP Top 10 / API / LLM — at the control level.

PHASES 15–17

Prove, report, retest

Proof-of-concept validation, breach-scope calculation, PDF + SARIF reports with an executive summary, and a one-click retest once you've patched.

SELF-ESCALATING

When it finds working credentials, it logs in and keeps going.

Phase 5 discovers live credentials and forwards them as auth context, so the injection and business-logic phases test from inside your app — not just poking the front door.

HONEST COMPARISON

Between a CI scanner and a $15K pentest.

ZAP + Nuclei in CI
Coverage:
Known CVEs + templates
Cadence:
Every push (shallow)
Auth depth:
Mostly unauthenticated
Findings:
Raw alerts — you triage
Remediation:
You research the fix
Workflow:
A separate tool to wire up
Cost:
Free tool + your eng time
ArkenSec Pro
Coverage:
18 phases incl. business logic + AI/LLM
Cadence:
Push-triggered + weekly / monthly / quarterly
Auth depth:
Self-escalating — finds creds, logs in, keeps going
Findings:
Validated + severity-calibrated, with PoC
Remediation:
AI fix code in your language + one-click retest
Workflow:
MCP · SARIF → Code Scanning · deploy webhook
Cost:
$199/mo or $1,999/yr
Annual manual pentest
Coverage:
Deep, human-driven, scoped
Cadence:
Once a year, point-in-time
Auth depth:
Authenticated, manual
Findings:
Validated by a human
Remediation:
Recommendations in a PDF
Workflow:
Email a PDF, schedule a readout
Cost:
$10–20K per engagement

Pro doesn't replace a great human on a deep, scoped engagement — it gives you continuous coverage between them, and catches the bug classes a CI scanner can't reason about.

COMPLIANCE MAPPING

Walk into audit prep with the mapping done.

Every finding maps to the exact controls it affects across 8 frameworks. Posture and prep: know which controls you're failing before anyone else asks.

PCI DSS 4.0SOC 2HIPAAISO 27001NIST CSF 2.0OWASP Top 10OWASP API Top 10OWASP LLM Top 10
THE PLAN

$199/mo. Or $1,999 a year.

Annual saves ~16%. 10 scans a month with a 6-hour per-domain cooldown — schedule them weekly, monthly, or quarterly, or fire them on demand.

FREE
$0/forever

Start here. Always free.

  • Surface-level scan (Phases 0–2)
  • 17 automated security checks
  • Security grade (A–F)
  • 3 detailed findings shown
  • No signup. No credit card.
Start Free Scan
ARKENSEC PRO
$199/month

Replace your annual pentest with a continuous one.

  • Full 18-phase autonomous pipeline
  • 1,300+ security tests · 150+ offensive tools
  • 10 scans a month — scheduled or on demand
  • 8-framework compliance mapping
  • AI remediation chatbot
  • SARIF + PDF reports · executive summary
  • MCP server access · CLI coming soon
  • One-click retest after you patch
Subscribe to Pro

Or $1,999/yr (~16% off) · Cancel anytime

Point it at your domain.

Free scan in two minutes, no signup. Subscribe when you want the other 16 phases.