Pencheff
✕
Platform
▾
Capabilities
▾
AI Security
▾
Solutions
▾
Resources
▾
Company
▾
Pricing
Docs ↗
Sign in
Open an account
Pencheff
Beta
Platform
▾
Capabilities
▾
AI Security
▾
Solutions
▾
Resources
▾
Company
▾
Pricing
Docs ↗
Menu
▾
§ Methodology
§
Methodology v4.2
The adversarial assessment standard.
V
The Adversarial Cycle
Five phases, every engagement.
¶
Engagement Profiles
Quick, Standard, and Deep modes.
P
Pricing
Free, Pro, and Team tiers.
§ Capabilities
W
URL Scanning (DAST)
Live web and API exploit testing.
S
Repo Scanning
SAST, secrets, and dependency analysis.
I
IaC + Container
Terraform, Kubernetes, and Dockerfile policy.
A
Authenticated Coverage
Session-aware crawling and authz checks.
T
Threat Models
Deterministic STRIDE and DREAD analysis.
C
Compliance Mapping
OWASP, SOC 2, PCI, NIST, ISO, HIPAA.
B
SBOM
SPDX and CycloneDX supply-chain evidence.
R
LLM Red Team
OWASP LLM Top 10 attack modules.
Σ
Agent Swarms
Recon, breaker, and synthesis agents.
Ω
AI Agents
Tool-calling scan agent for LLM apps.
E
The Engine
Autonomous remediation and auto-patching.
K
Cloud & Infrastructure
TLS, headers, takeover, metadata signals.
§ Deliverables
A
Letter Grade
Heuristic A–F verdict per assessment.
†
Technical Dossier
Engineering evidence and remediation.
‡
Executive Dossier
Audit and leadership summary.
↻
Re-examination
Verify any fix on demand.
↧
Export
DOCX, PDF, JSON, CSV, and SBOM.
§ Dynamic Testing
I
Injection coverage
SQLi, command, SSTI, XXE, SSRF, LDAP.
X
Client-side security
XSS, CSRF, CORS, clickjacking, redirects.
K
Authentication
Sessions, JWT, OAuth, MFA, IDOR.
A
API and SPA coverage
GraphQL, WebSockets, REST, OpenAPI.
~
Proxy and fuzzer
Intercepting proxy with OAST callbacks.
§ Code & Supply Chain
S
Language scanners
15+ languages, parallel static analysis.
G
Secrets and malware
gitleaks, YARA, backdoor detection.
D
Dependency intelligence
OSV, KEV, EPSS, SSVC enrichment.
↻
Auto-fix PRs
Deterministic patches with SARIF output.
C
Container gates
Image scans and Kubernetes policy.
§ Prioritization
R
Reachability
Link findings to live attack paths.
Σ
AI triage
Dedup, narratives, and severity reasoning.
A
Letter grade
Executive-grade risk scoring.
T
Threat modeling
STRIDE, DREAD, abuse cases.
§ LLM Red Team
Ω
OWASP LLM Top 10
Full coverage of the 2025 standard.
↯
Attack strategies
Jailbreak corpora and regression suites.
⟶
Transports
Chat, HTTP, LiteLLM, MCP, chatbots.
§
Evidence and cost
Traces, judges, and token accounting.
§ Agentic Testing
T
Tool authorization
Probe tool calls and privilege boundaries.
M
Memory and context
Exfiltration and retrieval poisoning.
P
Planner attacks
Goal hijacking and policy bypass.
Σ
Swarm orchestration
Multi-agent recon and exploit roles.
§ Guardrails
G
Sentry runtime guardrail
Policy checks on prompts and responses.
⊕
Sidecars and middleware
Proxy, LiteLLM, and MCP enforcement.
§
AI governance
OWASP LLM, MITRE ATLAS, NIST AI RMF.
↻
Regression tests
Block known jailbreaks after release.
§ Program Workflows
⌚
CI/CD gates
Repo, IaC, container policy blocking.
A
Authenticated app pentest
Session-aware browser crawling.
Σ
AI product release
LLM red team and guardrails.
○
Continuous ASM
Asset discovery and drift monitoring.
§ Deployment Models
S
SaaS app
Dashboards, reports, multi-workspace.
/
CLI and CI
Deterministic checks in pipelines.
⌘
MCP server
Security automation for AI agents.
H
Self-hosting
Run the stack inside your boundary.
§ By Audience
S
Security teams
Verified risk and remediation queues.
E
Engineers
Developer-ready evidence and PRs.
Λ
Auditors
Compliance appendices and retests.
X
Executives
Letter grade and portfolio posture.
§ Reading Room
M
Methodology Brief
v4.2 monograph and rationale.
¶
Issued Reports
A library of past assessments.
F
Findings Register
Sample evidence catalogue.
∮
Repository
MIT-licensed source, self-hostable.
G
Glossary
Terms, classifications, conventions.
§ Reference & Docs
W
URL scan (DAST)
Recon, crawl, probe, and verify.
S
Repo scan
SAST, SCA, IaC, and secrets.
B
SBOM
SPDX 2.3 and CycloneDX 1.5 output.
T
Threat model
Deterministic STRIDE and DREAD.
Σ
Swarm mode
Recon, breaker, and synthesis agents.
R
LLM red team
OWASP LLM Top 10 payload libraries.
D
User documentation
Configure and operate the platform.
⌘
Self-hosting
Docker Compose installation guide.
/
API reference
REST endpoints and webhooks.
Δ
Changelog
Methodology and platform revisions.
○
Status
Engine availability and incidents.
§ Audience
?
Enquiries
Frequently considered questions.
!
Security Disclosures
Responsible disclosure programme.
E
Pencheff for Engineers
Triage, evidence, fix verification.
Λ
Pencheff for Auditors
Framework-mapped evidence packs.
X
Pencheff for Executives
Letter grade and risk attestation.
§ Our Practice
§
Our Discipline
How we work · what we believe
A
Our Auditors
Customers using the report
P
Our Partners
Implementation specialists
¶
Case Studies
Engagements at scale
∰
Trust & Compliance
SOC 2 · ISO 27001 · GDPR posture
§ Correspondence
№
Newsroom
Press coverage & bulletins
✉
Contact
Direct correspondence
C
Careers
Open positions · the standing committee
L
Leadership
The editorial board
⊕
Brand & Press
Logos · likeness · usage
§ Open an account
Open an account.
Complimentary tier, no card required.
Already registered?
Sign in
.