// process

You submit.
The agents work.
You get a report.

From intake to findings in as little as 24 hours. Here's exactly what our AI agents do at each step.

01

Submit your target

Fill out the intake form with your target URL, scope, and tier. Takes about 5 minutes. This is the most work you'll do in the whole process.

  • Your name and contact info
  • Target URL(s) — what you want tested
  • Scope clarifications (what's in, what's out)
  • Any credentials needed for authenticated testing (Probe / Breach)
  • Preferred report format (PDF or Markdown)
Go to Intake Form →
02

Sign the authorization

Before anything starts, you sign a short authorization agreement confirming you own or have permission to test the target. No auth, no test — this protects both of us.

This is non-negotiable. We only test systems with explicit written authorization. If you don't own it or have written permission from someone who does, we won't touch it.
03

Pay — then we start

Once the authorization is signed, we send you a payment link. Testing begins within 24 hours of payment confirmation.

  • Secure payment via Stripe
  • Flat rate — no hidden fees
  • Testing starts within 24h of payment
04

AI agents run the engagement

Once payment clears, our agents spin up and go to work autonomously — running recon, probing endpoints, chaining exploits, and documenting every finding in real time. No humans on the clock, no delays.

paladin-agent — probe
agent@paladin:~$ ./probe.sh --target $TARGET --scope full
[*] Recon phase complete. 4 subdomains identified.
[*] Launching active web app testing...
[!] Potential SQLi at /search?q= — confirming...
[CONFIRMED] Blind SQLi — PoC captured, writing report entry.
[*] Testing auth flows, IDOR, access controls...
[+] Engagement complete. 3 critical, 2 high findings.
05

Get your report

We deliver a written report with every finding documented — severity, description, proof of concept, and how to fix it. No filler, no fluff.

  • Executive summary (non-technical overview)
  • All findings with CVSS severity ratings
  • Proof of concept for each finding
  • Step-by-step remediation for each issue
  • Breach tier includes a 30-min debrief call
06

Patch, then re-test (optional)

Fix what we found, then optionally pay $50 to have us verify the patches actually work. Clean confirmation that the vulnerabilities are closed.

Add a Re-test — $50
// faq

Common questions

Is this actually done by AI? How does that work?
Yes. Our AI agents autonomously run recon, active exploitation attempts, and report generation. They use the same tools a human pen tester would — nmap, nuclei, sqlmap, ffuf, and more — but orchestrated by AI that can chain findings and reason about what to try next. Human review happens before any report goes out.
Is AI pen testing as thorough as a human consultant?
For most common vulnerability classes — yes, often more thorough, because AI doesn't get tired or skip steps. Where human testers have an edge is in highly custom business logic flaws that require deep domain understanding. That's why our Breach tier includes human review and a debrief call.
Do I need to be technical to use RedAI?
No. The intake form is plain English. The report has a non-technical executive summary at the top. You can hand the technical sections to a developer.
What if my site goes down during testing?
Active testing can sometimes cause unexpected behavior on fragile systems. We recommend running tests against a staging environment for Probe and Breach tiers if you're concerned about uptime.
Is this legal?
Yes — penetration testing with written authorization from the system owner is legal. That's why we require the authorization agreement before starting. Testing without authorization is illegal, which is why we don't do it.
What if you find nothing?
You still get a report. "No critical findings" is a valid result and worth documenting. We'll note what we tested and confirm what's clean.
Can I test a site I don't own but have permission to test?
Yes, as long as you have explicit written permission from the owner. We'll ask for documentation of that permission before starting.
How is my data handled?
We retain only what's necessary to produce your report. We don't store credentials beyond the engagement, and we don't share findings with anyone except you.

Ready to start?

Submit your target and we'll handle the rest.

Request a Test →