Compared with the alternatives.
How Section 31 fits next to other agentic penetration testing tools and against traditional consulting engagements. We are not the right answer for every situation — this page is meant to help you tell when we are, and when something else fits better.
The differences buyers ask about, side by side.
The middle column reflects the typical agentic penetration testing tool (Horizon3, Pentera, and similar). The right column reflects how a traditional consulting engagement is usually delivered. Particular tools and firms vary; treat the columns as representative profiles rather than exact matches.
| Dimension | Section 31 APT · CAE · SHIELD | Agentic Pentest Tools Typical profile | Traditional Consulting Human-led engagement |
|---|---|---|---|
| Scope coverage | External, web/API, cloud (AWS/GCP/Azure), hybrid, internal/Active Directory | Typically narrow: CI/CD, source repos, or web/API only | Full — depends on the engaged team’s specialties |
| Operator control | Three modes: fully autonomous, review-before-exploitation, or manual with agent-assisted guidance — switchable mid-engagement | Autonomous only; observer mode | Human-led throughout |
| Engagement timeline | Days to a few weeks per engagement | Hours to days | Weeks; longer for novel scope |
| Deliverables | Live portal, programmatic API, formal report | Dashboard-only; export to PDF/JSON | Formal report (PDF) at conclusion |
| Retest cadence | On-demand within the engagement window | Schedule another run; varies by tool | Commission a new engagement |
| Continuous capability | Continuous Adversary Emulation (CAE) — dedicated product for ongoing emulation | Some tools offer recurring runs | Possible at high cost via standing retainer |
| Remediation support | SHIELD remediation retainer as an add-on | Not offered; recommendations only | Possible as separate consulting project |
| Pricing transparency | Published minimums; ranges per product | Varies; often quote-only | Quote-only |
External, web/API, cloud (AWS/GCP/Azure), hybrid, internal/Active Directory
Typically narrow: CI/CD, source repos, or web/API only
Full — depends on the engaged team’s specialties
Three modes: fully autonomous, review-before-exploitation, or manual with agent-assisted guidance — switchable mid-engagement
Autonomous only; observer mode
Human-led throughout
Days to a few weeks per engagement
Hours to days
Weeks; longer for novel scope
Live portal, programmatic API, formal report
Dashboard-only; export to PDF/JSON
Formal report (PDF) at conclusion
On-demand within the engagement window
Schedule another run; varies by tool
Commission a new engagement
Continuous Adversary Emulation (CAE) — dedicated product for ongoing emulation
Some tools offer recurring runs
Possible at high cost via standing retainer
SHIELD remediation retainer as an add-on
Not offered; recommendations only
Possible as separate consulting project
Published minimums; ranges per product
Varies; often quote-only
Quote-only
Where most agentic tools stop, we keep going.
The current generation of agentic penetration testing tools is built around a narrow set of surfaces: source repositories, CI/CD pipelines, exposed web applications and APIs. Within those surfaces, they run quickly and produce useful coverage — particularly for continuous DAST (dynamic application security testing) against public web properties.
They are not, however, a replacement for a penetration test that needs to cover the full attack surface — the corporate perimeter, the production cloud account, the internal network, and the Active Directory environment. Most agentic tools also run fully autonomously only; production-sensitive environments and change-controlled organizations cannot operate that way. Section 31’s operator-control modes and full-scope coverage are the deliberate response to both gaps.
The annual engagement is a constraint, not a feature.
A well-run consulting engagement still produces the deepest, most considered penetration test you can buy. Senior consultants bring judgment, custom tooling, and the patience to chase novel paths that an agent will not pursue without instruction.
The constraint is operational, not technical. Consulting engagements take weeks; retests require commissioning a fresh engagement; the deliverable is a report your team consumes once. For an organization that ships changes weekly, the cadence does not fit. Section 31’s agentic engagement compresses the same arc into days, delivers it through a portal and an API your team can act on, and includes on-demand retest within the engagement window. The full formal report still ships at completion.
Where a human-led firm is the better answer.
Embedded systems, custom protocols, niche industrial equipment — situations where the technique library that informs the agent does not yet cover the target.
Live red-team operations against an active SOC, or social-engineering campaigns that require human judgment on every interaction.
Custom protocol implementation review, complex authorization-model audit, or research engagements where the deliverable is novel methodology.
We do not currently take engagements that fall outside the private-sector verticals we operate in. A specialist firm is the right answer there.
We maintain a consulting practice for the work where human-led delivery genuinely fits, and we will route engagements to it (or to a peer firm) when that is the right answer. See Advisory Services.
Get an honest read on whether we’re the right fit.
Scoping calls are free. We will tell you which product, which tier, or which alternative makes more sense for your situation.