Pricing
Transparent pricing, fixed scope
Careful, non-disruptive security testing for your apps, APIs, cloud infrastructure, and AI/MCP integrations. We use product complexity — not hours — to scope engagements, so you know exactly what you're paying before we start.
Answer
We price by product complexity, not hours. You get a fixed scope, fixed price, and a clear timeline before testing begins.
Fixed pricing from $3,500. Scope defined upfront.
Find your product size
Answer three questions about your product. We'll show you the size category and what to expect.
How pricing works
- 1 You answer three questions about your product
- 2 We confirm the scope together before starting
- 3 Price is fixed — no hourly billing, no surprises
- 4 You receive a detailed report with findings and fix guidance
No surprises. The price you see is the price you pay. Scope is confirmed together before we start.
All pricing tiers
Fixed pricing based on product complexity. The price you see is the price you pay.
Small
$3,500- • Up to 15 developers
- • Basic cloud infrastructure
- • < 1,000 users
Medium
$7,000- • 15-50 developers
- • Moderate cloud usage
- • 1k-10k users
Large
$10,500- • 50+ developers
- • Complex infrastructure
- • 10k-100k users
Extra Large
$14,000- • 100+ developers
- • Multi-region deployment
- • 100k+ users
Enterprise
Custom scope for complex requirements, multiple products, compliance needs, or ongoing testing arrangements.
Scope is confirmed together before work begins. The price in your proposal is the price you pay.
How buying works
Common questions
Why T-shirt sizing instead of hourly rates?
Product complexity determines the effort required, not time spent. T-shirt sizes give you a fixed price upfront so you can budget accurately and avoid scope creep. The price in your proposal is the price you pay.
What if we're between sizes?
We'll assess together during the scoping call. You'll receive a written proposal with the exact scope and price before any work begins. If your product sits between sizes, we'll explain why and confirm the category with you.
Do you offer retests after we fix issues?
Yes. After you remediate the findings, we validate the fixes at 50% of the original assessment price. This gives you documented confirmation that issues are resolved — useful for compliance and internal reporting.
What deliverables are included?
Every assessment includes a comprehensive vulnerability report with proof-of-concept evidence, an executive summary for leadership, technical remediation guidance with code examples, and a follow-up Q&A session to ensure your team understands the findings.
Can we use the report for compliance?
Yes. Our reports are designed to satisfy most compliance requirements — SOC 2, ISO 27001, PCI DSS. We focus on real security, not checkbox exercises, but the documentation is thorough enough for auditor review.
What payment terms do you offer?
We invoice 50% at project start and 50% on delivery of the final report. For enterprise engagements, we can accommodate NET-30 or other arrangements. No payment is required until scope is confirmed and approved.
When you are ready
Have questions about scope or fit?
We are happy to talk it through.
Start with a conversation. We will explain how we scope engagements, answer your questions, and confirm pricing together. No commitment required.
Start a conversationor view a sample report first