The deal's simple: we'll conduct a full penetration test, but you only pay if we find an exploitable and impactful (CVSS ≥ 4.0) vulnerability. No matter the result, you'll always get a compliance-ready pentest report in 5 days.
+ Start PentestWhat's included
Web apps, APIs, domains, subdomains, and IPs.
OWASP Top 10, business logic flaws, authentication bypasses, injection attacks — all mapped to CWE and CVSS 4.0 scoring.
Every penetration test delivers a structured report accepted for ISO 27001, SOC 2, PCI-DSS, and DORA compliance audits.
Hackian, our AI pentesting agent, validates every finding with a proof-of-concept exploit — with only 0.50% false positives.
You select the assets you want to be tested, and Hackian — our AI-native penetration testing agent — gets to work immediately. We'll deliver a complete pentest report after 5 days, and you're only charged if we find an impactful vulnerability (CVSS ≥ 4.0).
No findings? No worries. You'll walk away with a compliance-ready penetration testing report and a full wallet.
Unlike traditional pentesting firms that schedule weeks out, our AI pentesting service launches in minutes — no NDAs to negotiate, no project kick-off calls.
Start your pentest →Choose any public facing domains, IPs, or subdomains you want tested.
Hackian, our AI penetration testing agent, autonomously probes your attack surface — testing web apps, APIs, and network services across 200+ vulnerability classes aligned with OWASP and PTES methodologies.
Compliance-ready report delivered. You're only invoiced if we find a CVSS ≥ 4.0 vulnerability.
"We have lots of security solutions, but I look at Ethiack first, because I know that when Ethiack alerts us, it's always valid and most probably serious!"
Pedro Zeferino
CISO @ NOS
"They quickly identify vulnerabilities even with our fast frequency of deployment. We can sleep better at night knowing that if something shows up, we'll know right away."
Paulo Ribeiro
VP of Engineering @ Smartex
"Their in-depth testing of our systems has transformed how we approach cybersecurity. Ethiack teaches us to think like attackers."
João Annes
CISO @ ANA Airports
"As the CEO of Zick Learn, I believe it's my role to make our company secure, not just today, but also tomorrow and the day after tomorrow. We treat a lot of client data, and protection is part of the product. Ethiack makes it possible for us to offer maximum security on every layer."
Matteo Penzo
CEO @ Zicklearn
"The way Ethiack incorporates EASM with AI Pentesting has brought us simplicity and proactivity in solving large-scale problems. As a group with so many companies and exposed assets, doing this work manually was simply impossible. The main transformation was gaining a complete view on our surface, which we previously lacked."
André Araújo
SecOps Engineer @ CEGID
"Ethiack discovered impactful vulnerabilities in our infrastructure immediately. The platform is easy to use, provides powerful results and multiple endpoint types to be tested, which provides a strong capacity to overview our assets and risk in real-time."
Luis Ferreira
Cybersecurity Manager @ Leroy Merlin
"We continuously receive reports on vulnerabilities, including detailed guides on exploitation and mitigation. Learning how attacks happen allows us to develop products with greater security. We had a massive transfer of knowledge from the high proficiency of the hackers assigned to us. I highly recommend it."
Wagner Caixeta
CTO @ BaladAPP
"Having the reliability of an AI pentesting tool improves our security posture and helps our engineers write better, more secure code. I really like the product and how easy it is to use! I'd recommend it to other small startups as well — it will cover the essentials and is actually affordable."
Grigory Emelianov
Co-Founder & CTO @ Secfix
"The Ethiack platform offers a range of essential information for discovering, treating, and mitigating the vulnerabilities associated with our online exposure. It is an essential tool for daily tasks focused on reducing our attack surface."
José Augusto Silva
Head of InfoSec @ Universidade do Porto
"It was easy to setup and the test coverage seemed to be good. We also used the report for our SOC2 compliance."
Jorge Rodrigues
Co-Founder @ Cloudsweep
We're developing the AI Hacking Agent that will protect organizations from AI-enabled threats. Born in Europe, we deliver professional penetration testing services to dozens of organizations and institutions — 24/7, at machine speed, with the precision of the world's best ethical hackers.
How Hackian exploited Business Logic Vulnerabilities on SonarQube and n8n
How Hackian found a 0day and CVE on OpenClaw in under 2 hours
How Hackian bypasses your WAF completely autonomously
Pentesting reports accepted for
You're only charged if we find a CVSS ≥ 4.0 vulnerability. And even if we don't, you'll still get a compliance-ready penetration testing report with everything we did find.
+ Start now — it's free if we find nothingBecause our AI is really good. It shocked DEFCON when it found 2 critical vulnerabilities, unassisted, during a live CTF, or when it found a one-click RCE on Clawdbot in under 2 hours.
We've made the math, and the chances of finding an impactful finding in your assets is so high we can give you this guarantee.
Only if we find a vuln
€4,000
€8,000
€4,000
Spring Offer — 50% off
Traditional penetration tests cost
€15,000–€30,000+. Ours? Free if we find nothing.
Any exploitable finding with a CVSS score ≥ 4.0.
Yes, you can select any public facing assets you want tested.
No, it's not ethical. You'll know of any findings we uncovered.
Not under this offer. Available as separate add-ons.
We assume that you patch findings as soon as they're uncovered, but you can let us know during sign up about any existing vulnerabilities.
Yes, you'll get a compliance-ready pentest report no matter the outcome.
No installation required. We verify your ownership of the assets through a DNS record.
Ethiack offers external penetration testing services for web applications, APIs, domains, subdomains, and network assets. Our AI-driven pentesting service (Hackian) covers 200+ vulnerability classes including the OWASP Top 10 and delivers a compliance-ready report in 5 days. Optional gray-box testing with authenticated sessions is available as an add-on.
Our penetration tests are accepted for ISO 27001, SOC 2, PCI-DSS, and DORA compliance audits. Hackian, our AI pentesting agent, autonomously discovers and exploits vulnerabilities — including injection flaws, broken authentication, business logic issues, and misconfigurations — and validates each finding with a proof-of-concept exploit before reporting.
Yes, reports are compliance-ready for various frameworks including ISO 27001, SOC 2, PCI-DSS, and DORA.
Submit the form and we'll begin your penetration test immediately. Your compliance-ready report will be ready in 5 days.
