Autonomous pentests with proof your team can ship

APVISO is a self-hosted autonomous penetration testing platform. Your runner executes the pentest in your own environment while APVISO coordinates jobs, streams findings, and produces reports through the dashboard.

Self-hosted runners keep raw traffic, private URLs, target credentials, model credentials, and network access under your control. You can test localhost, staging, private apps, and customer environments without routing sensitive pentest execution through APVISO-managed infrastructure or paying APVISO-hosted pentest infrastructure markup.

Managed platforms make you pay for their compute, networking, idle capacity, and operating margin. APVISO lets you run the pentest on infrastructure you already control, including a local machine, CI runner, cloud VM, Kubernetes node, or customer-side environment, while APVISO provides the control plane, licensing, dashboard, reporting, and workflow.

Traditional vulnerability scanners match signatures against known patterns and leave validation to your team. APVISO's agents reason about application logic, adapt their testing strategy, and verify exploitability with evidence before a finding is treated as confirmed.

Yes. APVISO enforces 30+ mandatory safety rules: no destructive actions, no data exfiltration, and no denial of service. Each pentest runs through your self-hosted runner and the target visibility you configure.

It depends on the pentest package and target complexity. A Launch Review typically takes 20-40 minutes. Quick Checks are faster, while Full Pentest and Compliance Evidence engagements run longer for deeper authenticated, API, and business-logic testing.

Self-hosted plans run through your own runners. The variable cost is your model-provider usage: Quick Check is estimated at $3-7, Launch Review at $5-15, Full Pentest at $15–25, and Compliance Evidence at $20–50.

Yes. APVISO runners can use Codex through your OpenAI plan, and the Full Pentest estimate makes the math clear: teams with enough Codex allowance can run up to about 300 Full Pentests per month, subject to OpenAI usage limits, runner concurrency, and target scope.

Yes. Pay-per-pentest needs no subscription: each pentest is $19, fully refunded if it finds nothing or errors out. Open registration also covers demo output and target preparation. Unlimited scans, scheduled and recurring testing, and team workflows require a Launch or Team subscription, or sales-managed access.

Packages map to buyer outcomes. Quick Check is a fast first pass, Launch Review is the default business pentest, Full Pentest adds deeper authenticated/API testing, and Compliance Evidence is the highest-depth option for audit and customer-security review support.

Yes. Pay-per-pentest, Launch, and Team are self-serve. Partners use custom wholesale, reseller, or embedded terms, and Enterprise is contact-sales for procurement, SSO, DPA, deployment, support, and custom volume.

No. Self-hosted deployments use your configured target visibility and runner readiness instead of DNS, file, or meta-tag ownership verification.

APVISO is built around confirmed findings, not tool-style possibilities. We check every finding before it reaches the report: the agents must demonstrate exploitability with evidence and reproduction steps, and unproven leads stay out of the confirmed findings list.

APVISO tests for OWASP Top 10 vulnerabilities and beyond: SQL injection, XSS, broken authentication, security misconfigurations, information disclosure, and more. In head-to-head benchmarks, APVISO detected 45 out of 52 vulnerability types.

Yes. Retests are targeted checks that re-examine specific findings to verify that vulnerabilities have been fixed.

APVISO supports NIS2 readiness by providing repeatable application security testing, retest records, and evidence packages for vulnerability handling, disclosure, and risk-management review. APVISO does not certify NIS2 compliance or promise auditor acceptance.

Yes. APVISO supports Claude Code, Codex, OpenAI API, Anthropic API, and AWS Bedrock so each runner can use the model path that fits your environment.

APVISO supports 40+ integrations including Slack, Discord, Jira, GitHub, Linear, Jenkins, Datadog, Grafana, and more. Launch includes limited webhook, chat, and automation integrations; Team unlocks the full integration catalog.

Yes. A REST API is available on all plans for programmatic access to targets, pentests, findings, and reports. Launch and higher plans can schedule recurring pentests, while Team unlocks the full workflow integration catalog.

Yes. You can use the APVISO MCP server to add targets, run pentests, inspect findings, and move verified issues into your remediation workflow.