packages

Fixed prices. No surprises.

Start with a free scan to see what's exposed. When you're ready for a human to dig in and close the holes, the price is fixed and known up front.

Vibe Check

Free

A free, instant look at what's exposed on your live app.

Instant · Anyone who just shipped and wants to know if they left a door open.

  • Checks your public URL in under a minute
  • Security headers, HTTPS, and exposed keys in your front-end
  • Open-database probe (the #1 vibe-coding mistake)
  • A plain-English report emailed to you
  • No account, no credit card
Run a free scan

Deep Audit

$500

A human-verified review of your whole codebase, not just the surface.

3–5 days · Founders with real users who need to know exactly what's wrong.

  • Everything in Vibe Check, plus your source code
  • Auth, access-control, and database-rule review by a human
  • Business-logic and API checks a scanner can't do
  • A prioritized report: what's critical, what can wait
  • Copy-paste fixes and a 30-minute walkthrough call
Book a Deep Audit
Most popular

Audit + Fix

from$1900

We find the problems and we fix them, then prove they're closed.

1–2 weeks · Teams who want it handled, not just a list of homework.

  • Everything in Deep Audit
  • We implement the fixes in your codebase
  • A re-test pass that proves every issue is closed
  • Locked-down database rules, secrets, and auth
  • Before/after report you can show investors or clients
Get Audit + Fix

Continuous Shield

$290/mo

Stay safe as you keep shipping with AI.

Ongoing · Apps that change every week and can't re-break every deploy.

  • Monthly scan + human review
  • A security check on every AI-generated change (CI gate)
  • Priority fixes when something serious appears
  • A living security scorecard for your app
  • Direct line to the team
Talk about Shield

Questions people actually ask

Do you need access to my code?

For the free scan, no, just your live URL. For a Deep Audit or a fix, yes: we look at the actual source, always under a signed agreement, and only after you authorize it in writing.

Is this a certified penetration test?

No, and we won't pretend otherwise. This is a security audit and hardening service tuned for AI-built apps. It catches the issues that actually sink these apps, without the enterprise price tag of a formal pentest.

My app is on Lovable or Bolt, don't they already scan it?

Partly. Their built-in scanners only check their own platform and only whether a rule exists, not whether it works. We verify it for real, cover the parts they ignore, and fix what we find.

I'm pre-revenue. Should I bother?

The free scan is always worth it. Paid audits make the most sense once you have real users or a client depending on the app, because that's when a leak actually costs you something.

Still not sure? Start free.

The scan costs nothing and tells you exactly where you stand. Everything else is your call.