Free tier

Unlock the full investigation.

Free scans cover one page at a time. Pro plans deploy an AI agent that crawls your entire site - following threads, analysing scripts, and mapping your full security exposure.

Pricing

Free

Current
£0
  • 1-page scan per submission
  • All 8 scan layers
  • Vibe-coded platform security scan (Supabase, Lovable, Base44 & more)
  • AI executive summary
  • Scan history in your account
  • Re-scan and delete anytime
  • Shareable public link
Current plan

Starter

Popular
£29/ month
  • Full AI agent investigation
  • Up to 50 pages per scan
  • Per-finding remediation guidance
  • DNS & SSL/TLS security analysis
  • PDF evidence export
  • Scheduled recurring scans
  • Scan comparison reports
  • Email alerts for new criticals

Pro

£79/ month
  • Everything in Starter
  • Up to 200 pages per scan
  • ISO 27001 / SOC2 control mapping
  • Remediation tracking
  • Team access and finding assignment
  • Slack and webhook notifications
  • API access
  • Audit evidence packages
  • Audit activity log

Enterprise

Full DAST
£99/ month
  • Everything in Pro
  • Active Security Testing (DAST)
  • Independent Active Testing Score
  • Forced browsing, CORS, reflected-input probes
  • Authenticated scan mode (session capture)
  • Enable active testing via API / MCP
  • Priority support

What you unlock

Every feature on Pro.

Pro

AI Investigation

Full-site AI agent

The agent crawls your entire site, running all 8 scan layers on every page it decides is worth investigating - not just the URL you paste.

Pro

AI Investigation

Per-finding remediation

AI-written remediation steps specific to each finding. Tells your developer exactly what file to change, what to add, and why.

Pro

AI Investigation

Live reasoning trace

Watch the agent explain every decision in real time. Each step is logged with the finding that triggered it - useful as an audit trail.

Pro

AI Investigation

Source map analysis

When an exposed .map file is found, the agent fetches it and reconstructs original source to check for hardcoded secrets and architecture leaks.

Pro

Automation

Scheduled recurring scans

Set a weekly, monthly, or quarterly cadence. Scans run automatically - never miss a security check-in for SOC2 or ISO 27001 again.

Pro

Automation

Email alerts

Get notified when a scan completes or when a new critical finding appears. Act on security issues before your next scheduled review.

Pro

Reports

PDF evidence export

Timestamped, formatted PDFs with your scan details and findings. Accepted by auditors as SOC2 and ISO 27001 evidence.

Pro

Reports

Scan comparison

Side-by-side diff between any two scans of the same site. Show auditors exactly which findings have been resolved and which are new.

Pro

Compliance

ISO 27001 / SOC2 mapping

Findings automatically tagged to ISO 27001 Annex A controls and SOC2 Trust Services Criteria. Filter your report by control.

Pro

Platform Security

Continuous platform security monitoring

The Supabase, Lovable, and Base44 misconfiguration scan runs on every scheduled scan too, so you get alerted the moment a database table becomes publicly exposed after a deploy - not just when you remember to check.

Enterprise

Active Security Testing (DAST)

Beyond passive observation, Enterprise scans actively probe your site with safe, non-destructive tests - forced browsing, reflected-input canaries, CORS and HTTP-method checks, and more - plus an independent Active Testing Score that sits alongside the Enterprise plan's own full agent-scan score. Enable it per scan, from the dashboard or via API/MCP.

Free vs Pro - at a glance

Free tier

Single page per scan
All 8 scan layers
AI executive summary
Shareable public report
Scan history dashboard

Pro - everything above, plus

Full site AI agent crawl
Per-finding remediation guidance
Scheduled recurring scans
PDF evidence export
ISO 27001 / SOC2 mapping
Scan comparison reports
Email alerts for new criticals
Audit activity log