Three products.
One security practice.
Three angles on offensive security: what an attacker could do against your environment today, what an attacker would do against your defenses week after week, and the hands-on help to fix what either reveals. APT, CAE, and SHIELD — engage one, two, or all three.
Pick the starting point closest to your situation.
Four common scenarios and the products they map to. Most engagements begin at one of these entry points; many lead to more than one product over time.
A pentest report is required for an audit, customer review, or contract.
Annual SOC 2 evidence, enterprise procurement security questionnaire, or pre-deal customer-assurance request. APT delivers the formal report your auditor or counterparty expects, with portal-resident evidence supporting it.
Findings outpace your team’s bandwidth to close them.
An assessment surfaced more issues than expected, your engineering team is committed to other priorities, or specific compliance findings need expert hands. SHIELD adds remediation hours against the same findings in the same portal.
You want to validate what your SOC and detection stack actually catch.
Detection-engineering effectiveness, response-runbook readiness, and SIEM-rule coverage under realistic attack technique exercise. CAE runs attack playbooks against your environment; red-team mode (your SOC is not notified — tests real detection capability) or purple-team mode (collaborative with your SOC — tests detection improvement) is set during scoping.
Annual pentest cadence does not match how often your environment changes.
You ship weekly or daily, customer assurance expects ongoing validation, or your security program has outgrown annual baselines. CAE runs an ongoing emulation program; APT can be scheduled into the program for periodic deep engagements.
APT
Agent-driven penetration tests, end-to-end.
An AI agent that runs a scoped penetration test from reconnaissance through demonstrated impact, across the full attack surface: external perimeter, web and API, cloud (AWS, GCP, Azure), hybrid environments, and internal networks including Active Directory.
Operator control on every test — fully autonomous, require human approval before exploitation, or manual with agent-assisted guidance. Switch between modes mid-test. Deliverables issued through a customer portal, a programmatic REST API, and the formal report your organization requires.
Three operator modes
Fully autonomous, review before exploitation, or manual with agent-assisted guidance — switch between them mid-test.
Full scope coverage
External, web/API, cloud, hybrid, and internal networks including Active Directory — not the narrow surface most agentic tools cover.
Portal + API + Report
Customer workspace for managing findings; documented REST API exposing the same data; formal report for stakeholders and auditors. On-demand retest from any of them.
Push to your stack
Findings and remediation actions push directly to Jira Cloud, ServiceNow ITSM, and other ticketing systems — or pull via API into your own remediation tooling.
CAE
Ongoing adversary emulation, with detection feedback to your SOC.
Where APT is a scoped, time-bound test, CAE is an ongoing practice — recurring attack-playbook exercises against the targets you authorize, with each step matched against your security monitoring so your defenders know what was caught and what slipped through.
Detailed capability documentation is available during a scoping conversation. CAE engagements are scoped to your detection maturity and the threat profile that matters most to your organization.
Recurring emulation
A standing schedule of adversary-playbook runs drawn from MITRE ATT&CK and current-incident TTPs, tuned to the threat profile relevant to your environment.
Real-time visibility
Detection Coverage, Response Timeline, and live indicator-of-compromise stream as the emulation runs — your defenders see what was attempted, what was detected, and what was missed.
SOC-stack integration
Native integration into your existing SIEM, EDR/XDR, and SOAR — emulation events flow into the tools your detection-engineering team already operates.
Portal + program reports
Emulation activity, coverage maps, and IOC history land in the customer portal. Program reports issued at agreed checkpoints summarize detection trends, gap closure, and recommended tuning.
SHIELD
Hands-on remediation, on retainer.
SHIELD is a remediation assistance retainer designed to pair with APT or CAE engagements. When findings surface in your portal but your team does not have the bandwidth — or the in-house specialist coverage — to close them, SHIELD puts our engineers on the work directly.
Engaged as a discrete block of hours or as a multi-month retainer up to twelve months, scoped to the remediation profile your environment requires. Hours flex across hardening, implementation, and verification work, applied where the findings demand them.
Hands-on remediation
Our engineers work findings to closure on your behalf, against the same engagement context APT or CAE produced.
Block of hours or retainer
Purchase a discrete block of hours upfront, or commit to a multi-month retainer up to a twelve-month term.
Flexes across the work
Hours apply to hardening, configuration changes, identity/IAM cleanup, detection content, or whatever the findings require.
Paired with findings
Designed as an add-on to APT or CAE; remediation actions trace back to the original findings in your portal.
APT, CAE, and SHIELD are designed to compose into a complete security program.
Most customer engagements start with APT to understand what an adversary could do against the current environment. When findings need hands-on remediation that the customer team doesn’t have bandwidth for, SHIELD adds a block of hours or a retainer to close them directly — against the same findings in the same portal. Organizations running an ongoing-exercise program add CAE to maintain detection coverage and validate that closed findings stay closed. APT and CAE can be engaged in isolation; SHIELD is designed as an add-on to one of them.
Talk to us about scoping the right product mix.
Engagements begin with a scoping discussion. We’ll recommend the right product or product mix for your environment and outcomes.