Skip to content
Talk to Our Experts

Penetration Testing Pricing

two-woman-testing
pen-test-code-icon

Traditional Penetration Testing

Starting at $6,000

(Pricing scales based on number of applications, user roles, API endpoints and testing depth)

For complex, high‑risk environments that need deep, bespoke coverage.

  • Full‑scope, human‑led engagement
  • Tailored to your architecture, data sensitivity, and regulatory profile
  • Ideal for: Large or regulated enterprises, complex multi‑application environments, critical production systems

Pricing depends on scope. Talk with us to size your engagement.

Talk to Sales
pen-test-shield-grid-icon

Compliance Penetration Testing

Starting at $3,000

(Pricing scales based on number of applications, user roles, API endpoints and testing depth)

For teams that need credible, audit‑grade evidence.

  • Focused testing aligned to SOC 2, ISO 27001, or customer DDQs
  • Clear, audit‑ready report with exploit‑validated findings
  • Ideal for: SMBs and mid‑market organizations preparing for audits or major customer reviews

Pricing depends on scope. We’ll right‑size to your application, timelines, and audit needs.

Talk to Sales
cait-shield-grid-icon

Cait Subscription (AI Penetration Tester)

$850/month per asset 

For apps where real risk lives behind the login. 

Includes:

  • 1 authenticated AI pentest per month
  • Up to 2 retests within 30 days of each scan
  • Deep, context‑aware exploration of authenticated flows
  • Exploit‑validated findings with PoCs, HTTP evidence, CVSS, and clear remediation steps
Ideal for:
  • SaaS products and customer portals
  • Internal tools handling sensitive or regulated data
  • Apps where authorization, role separation, and workflow logic matter
Start with Cait
cait-shield-grid-icon

Cait AI Penetration Tester- One Time

$1,500 per asset (non-recurring)

Includes:

  • 1 authenticated AI pentest per month
  • Up to 2 retests within 30 days of each scan
  • Deep, context‑aware exploration of authenticated flows
  • Exploit‑validated findings with PoCs, HTTP evidence, CVSS, and clear remediation steps
Start with Cait
PS-Spot-Illustrations-RGB-06

Try Cait First

First Scan (unauthenticated): Free

Includes:

  • Point Cait at one asset
  • See how it explores, attacks, and reports
  • Great for validating fit before you commit

Note: this free tier does not include a downloadable report.

Start with Cait

Optional Add-Ons

Layer in human expertise or additional validation when you need it.

pen-test-shield-grid-icon
Additional Retests
$250 per retest
  • Trigger extra retests after major releases or remediation work
  • Keep your evidence fresh for auditors and key customers
Start with Cait
pen-test-shield-grid-icon
Add-on: Human in the Loop
$1,000 per test
  • Manual validation of findings by a human tester 
  • Includes up to 1 full day of manual testing
Adding a dedicated human offensive‑security expert on top of Cait.
Includes:
  • Manual validation of key findings
  • 1 day of consultation per test with a human tester
  • Deep‑dive Q&A on root cause, exploitation paths, and remediation strategies
Perfect for:
  • High‑risk apps and regulated environments
  • Teams ramping up AppSec maturity who want coaching, not just tickets
Start with Cait

Cait subscriptions are billed monthly and auto-renew at the then-current rate unless cancelled with 30 days' notice. Monthly tests, retests, and consultation hours do not roll over and are forfeited if not used within the applicable period. The retest window begins on the delivery date of the scan report. All prices are in U.S. dollars and exclusive of applicable taxes. Use of Cait (including the free scan) is subject to our Terms of Service and requires the customer to represent that it owns or has written authorization to test the target assets. Final pricing, scope, and terms are governed by the executed SOW.

Not Sure Which Option You Need?

  • Choose a Traditional Pentest if you have a complex environment and want a bespoke, human‑led assessment.]

  • Choose a Compliance Pentest if you mainly need an audit‑ready report for SOC 2, ISO 27001, or customer questionnaires.

  • Choose a Cait Subscription if your main pain is staying continuously tested between audits, with proof that stands up to scrutiny.