Enterprise Penetration Testing
Starting at $6,000 (Pricing scales based on number of applications, user roles, API endpoints and testing depth)
For complex, high‑risk environments that need deep, bespoke coverage.
- Full‑scope, human‑led engagement
- Tailored to your architecture, data sensitivity, and regulatory profile
- Ideal for: Large or regulated enterprises, complex multi‑application environments, critical production systems
Pricing depends on scope. Talk with us to size your engagement.
Compliance Penetration Testing
Starting at $2,000 (Pricing scales based on number of applications, user roles, API endpoints and testing depth)
For teams that need credible, audit‑grade evidence.
- Focused testing aligned to SOC 2, ISO 27001, or customer DDQs
- Clear, audit‑ready report with exploit‑validated findings
- Ideal for: SMBs and mid‑market organizations preparing for audits or major customer reviews
Pricing depends on scope. We’ll right‑size to your application, timelines, and audit needs.
Unauthenticated Plan
For internet‑facing applications and APIs where you only need external testing.
$415/month per asset (approximately $5,000/year)
Includes:
- 1 unauthenticated AI pentest per month
- Up to 2 retests within 30 days of each scan
- Exploit‑validated, audit‑grade findings with HTTP request/response evidence
- CVSS scoring and remediation guidance for every reported issue
Ideal for:
- Public web apps and marketing sites with sensitive forms
- Customer portals, external APIs, and login flows (unauthenticated side)
- Teams needing recurring, external‑only coverage at a predictable price
Authenticated Plan
For apps where real risk lives behind the login.
$850/month per asset (approximately $10,000/year)
Includes:
- 1 authenticated AI pentest per month
- Up to 2 retests within 30 days of each scan
- Deep, context‑aware exploration of authenticated flows
- Exploit‑validated findings with PoCs, HTTP evidence, CVSS, and clear remediation steps
Ideal for:
- SaaS products and customer portals
- Internal tools handling sensitive or regulated data
- Apps where authorization, role separation, and workflow logic matter
Additional Retests
$250 per retest
Tester Lab
$150/month
Add a dedicated human offensive‑security expert on top of Cait.
Includes:
- Manual validation of key findings
- 1 hour of consultation per month with a human tester
- Deep‑dive Q&A on root cause, exploitation paths, and remediation strategies
Perfect for:
- High‑risk apps and regulated environments
- Teams ramping up AppSec maturity who want coaching, not just tickets
Cait subscriptions are billed monthly and auto-renew at the then-current rate unless cancelled with 30 days' notice. Monthly tests, retests, and consultation hours do not roll over and are forfeited if not used within the applicable period. The retest window begins on the delivery date of the scan report. All prices are in U.S. dollars and exclusive of applicable taxes. Use of Cait (including the free scan) is subject to our Terms of Service and requires the customer to represent that it owns or has written authorization to test the target assets. Final pricing, scope, and terms are governed by the executed SOW.