SUMMER SALE

25% off on Ethiack Continuous Core plan

25% off on Ethiack Continuous Core plan

25% off on Ethiack Continuous Core plan

built on real securitypriced with clarity
check.offers(now);
Real business risk discovery with on-demand or continuous pentesting, backed by compliance-ready reports.
Ethiack On-demand
Ethiack Continuous

Pentest

€3,000/test
Bundles and customized pentests available
Pentest Now
25% OFF

Core

€9,000€12,000 /year
Try Ethiack

Enterprise

Custom
Contact us

GUARANTEE OFFER

Free of charge unless a validated vulnerability with proven exploitation is identified.

You need to be compliant fast and want to detect real business risks, not just noise

You are an SME aiming for business continuity through ongoing security of your attack surface, or a fast shipping tech company looking for ongoing validation

You want to empower your security teams with Agentic AI Continuous Pentesting and Attack Surface Security at scale

Best when

Compliance-ready reports with ISO27001, SOC2, PCI, and more, resulted from an in-depth web app or API pentest performed by AI and human ethical hackers

Compliance-ready reports, plus continuous pentesting and attack surface security up to 50 assets*

Core Pentest On-Demand plus Continuous security testing through Ethiack Offensive Security Platform

What you’ll get
In-depth pentest done by AI and ethical hackers
Testing completed and compliance audit-ready report within 5 days
Web Application and API Testing
Black or Grey box Testing
High Signal exploit-validated findings
Step-by-step remediation advice
Unlimited retesting

Everything in Pentest, plus:

In-depth pentest done by AI and ethical hackers
Compliance audit-ready report anytime
Continuous access to the Ethiack Platform
External Attack Surface Management
Adversarial exposure validation
24/7 security testing
Security Testing of different assets
Risk-based vulnerability management
Comprehensive real-time risk exposure
Unlimited retesting
Multiple Integrations
CI/CD integration

Everything in Core, plus:

Entire Attack surface coverage (internal, mobile, cloud)
Visualizer - Attack surface map
Custom reporting
Custom test types
Pentesting as a Service performed by AI and human hackers
Custom integrations
Key Features
*An asset includes, but is not limited to, domains, subdomains, servers, IP addresses, APIs, or web and mobile applications in your digital infrastructure.
what security teams sayafter running Ethiack
ethiack.listen_to_humans();
  • Image
    Rui Pereira, Aegon Santander Portugal
    Best service in this category. I use Ethiack to perform security tests and get a complete overview of our company's critical assets. This product has made vulnerability management so efficient and straightforward, allowing us to focus on and optimize resources. Not to mention the excellent support and promptness . Can't recommend it enough.
  • Image
    Luis Valente, Sonae MC
    I’ve been genuinely impressed by Ethiack's work. Unlike traditional point-in-time audits, they provide continuous security testing, which has given us a lot of peace of mind by catching vulnerabilities in real-time.
  • Image
    Pedro Zeferino, NOS
    We have lots of security solutions, but I look at Ethiack first, because I know that when Ethiack alerts us, it’s always valid and most probably serious.
  • Image
    Pedro Cunha, Broadvoice
    Before Ethiack, it wasn't easy to deal with all the asks and requests coming from clients. Now, Ethiack checks all our landscape and tests every potential entry point.
  • Image
    Luis Gravato, Sumol Compal
    It's been very useful to identify assets we didn't even know we had. You've found multiple assets that were completely hidden from us.
  • Image
    João Annes, ANA Aeroportos
    Ethiack's combination of AI pentesting and human expertise brought a unique perspective to our security challenges. Their continuous monitoring of our attack surface and in-depth manual testing of our internal systems have transformed how we approach cybersecurity. Ethiack teaches us to think like attackers, making us better equipped to handle threats proactively.
  • Carlos Faria, Anova
    Ethiack was able to find vulnerabilities that no one had previously found before. We are more secure now.
  • Image
    Nuno Ferreira, Leroy Merlin
    We always maximize our use of Ethiack. Always!
  • Image
    Rui Pereira, Aegon Santander Portugal
    Best service in this category. I use Ethiack to perform security tests and get a complete overview of our company's critical assets. This product has made vulnerability management so efficient and straightforward, allowing us to focus on and optimize resources. Not to mention the excellent support and promptness . Can't recommend it enough.
  • Image
    Luis Valente, Sonae MC
    I’ve been genuinely impressed by Ethiack's work. Unlike traditional point-in-time audits, they provide continuous security testing, which has given us a lot of peace of mind by catching vulnerabilities in real-time.
  • Image
    Pedro Zeferino, NOS
    We have lots of security solutions, but I look at Ethiack first, because I know that when Ethiack alerts us, it’s always valid and most probably serious.
  • Image
    Pedro Cunha, Broadvoice
    Before Ethiack, it wasn't easy to deal with all the asks and requests coming from clients. Now, Ethiack checks all our landscape and tests every potential entry point.
  • Image
    Luis Gravato, Sumol Compal
    It's been very useful to identify assets we didn't even know we had. You've found multiple assets that were completely hidden from us.
  • Image
    João Annes, ANA Aeroportos
    Ethiack's combination of AI pentesting and human expertise brought a unique perspective to our security challenges. Their continuous monitoring of our attack surface and in-depth manual testing of our internal systems have transformed how we approach cybersecurity. Ethiack teaches us to think like attackers, making us better equipped to handle threats proactively.
  • Carlos Faria, Anova
    Ethiack was able to find vulnerabilities that no one had previously found before. We are more secure now.
  • Image
    Nuno Ferreira, Leroy Merlin
    We always maximize our use of Ethiack. Always!
  • Image
    Miguel Dinis, Transportes Metropolitanos de Lisboa
    It's extremely important for us to know everything about our attack surface, and you've managed to find multiple assets that were completely unaware to us.
  • André Araújo
    André Araújo, Cegid
    The way Ethiack incorporates EASM with AI Pentesting has brought us simplicity and proactivity in solving large-scale problems. As a group with so many companies and exposed assets, doing this work manually was simply impossible. The main transformation was the gaining a complete view on our surface, which we previously lacked. What we have publicly exposed, their vulnerabilities, and our impact in the cyberspace.
  • Image
    Sergio Quental, Bluepharma
    Great product. Having the ability to calculate the ROI of Ethiack is perfect, as it makes board conversations much easier.
  • Image
    Silvio Mello, Jumia
    Ethiack brings lots of value to Jumia. We launched a Honey Pot to test your capabilities, and you exploited it in under 10 minutes.
  • Image
    Francisco Vaz, Plasfil
    We really like the product and I can tell you that it is important to have this tool. Excelent information about our security flaws.
  • André Alves, ComplianceWise
    Ethiack remains our stalwart guardian, upholding the integrity of our digital infrastrcuture. Its real-time monitoring and comprehensive testing ensure no vulnerability goes unnoticed. Ethiack's strategic insights allow us to prioritize actions, take proactive measures fast, and optimize resources.
  • Image
    Wagner Caixeta, BaladAPP
    We continuously receive reports on vulnerabilities, including detailed guides on exploitation and mitigation. Learning how attacks happen allows us to develop products with greater security. We had a massive transfer of knowledge from the high proficiency of the hackers assigned to us. I highly recommend it.
  • Image
    Miguel Dinis, Transportes Metropolitanos de Lisboa
    It's extremely important for us to know everything about our attack surface, and you've managed to find multiple assets that were completely unaware to us.
  • André Araújo
    André Araújo, Cegid
    The way Ethiack incorporates EASM with AI Pentesting has brought us simplicity and proactivity in solving large-scale problems. As a group with so many companies and exposed assets, doing this work manually was simply impossible. The main transformation was the gaining a complete view on our surface, which we previously lacked. What we have publicly exposed, their vulnerabilities, and our impact in the cyberspace.
  • Image
    Sergio Quental, Bluepharma
    Great product. Having the ability to calculate the ROI of Ethiack is perfect, as it makes board conversations much easier.
  • Image
    Silvio Mello, Jumia
    Ethiack brings lots of value to Jumia. We launched a Honey Pot to test your capabilities, and you exploited it in under 10 minutes.
  • Image
    Francisco Vaz, Plasfil
    We really like the product and I can tell you that it is important to have this tool. Excelent information about our security flaws.
  • André Alves, ComplianceWise
    Ethiack remains our stalwart guardian, upholding the integrity of our digital infrastrcuture. Its real-time monitoring and comprehensive testing ensure no vulnerability goes unnoticed. Ethiack's strategic insights allow us to prioritize actions, take proactive measures fast, and optimize resources.
  • Image
    Wagner Caixeta, BaladAPP
    We continuously receive reports on vulnerabilities, including detailed guides on exploitation and mitigation. Learning how attacks happen allows us to develop products with greater security. We had a massive transfer of knowledge from the high proficiency of the hackers assigned to us. I highly recommend it.

Measured impact, real customers

Universidade do Porto

How U.Porto and Ethiack Protected 5,000+ Assets with AI-Powered Intelligence

  • 5.000+

    Protected assets

  • 2M€

    In prevented risk in 2025 (ALE)

Blue Pharma

How Bluepharma and Ethiack Protected 5,000+ Assets with AI-Powered Intelligence

  • 5.000+

    Protected assets

  • 1.000

    monitored critical assets

ANA Aeroportos

How ANA Aeroportos Achieved 650% ROI and Validated 5,000+ Assets with Continuous AI Pentesting

  • 650%

    ROI Based in prevented risk
in 2025 (ALE)

  • >65%

    Impactful findings

See Use Cases by Industry

FAQs

Everything you need to know before getting started

How Ethiack Works
What actually makes Ethiack different from traditional pentests?
Traditional pentests run once, take weeks, and deliver a report full of theoretical risks ranked by CVSS. Ethiack runs continuously. Hackian, our agentic AI pentester, tests your attack surface autonomously, chains real attack paths, and confirms every risk with proof-of-exploit. You get confirmed, exploitable risks your team can act on immediately, not a list to triage.
Is Ethiack fully automated?
Hackian is fully autonomous for asset discovery, testing, and exploit validation. Human ethical hackers from Ethiack's research team contribute novel attack techniques and validate complex findings that require creativity and context. The result is the speed and scale of AI with the depth of experienced human hackers.
What does “exploit validated” mean in practice?
Exploit validation means Hackian does not just flag a potential vulnerability, it proves it is exploitable by executing a safe, non-destructive exploit in your environment. Every confirmed risk comes with a reproducible proof-of-exploit, so your team knows exactly what an attacker could do and how to reproduce it.
How does Ethiack help us prioritise what to fix first?
Ethiack prioritises risks by real exploitability and business impact, not CVSS score. Every confirmed finding includes severity in business terms, a clear remediation path, and context on how an attacker would chain it with other exposures. Your team focuses on what matters most, not what scores highest on paper.
What assets can Ethiack test?
Ethiack tests external assets including domains, subdomains, APIs, and web applications. With Beacon deployed, internal network assets are covered too. Mobile applications, authentication systems, cloud environments, and credential exposure are also in scope. Over 1,500 unique technologies are covered across more than 200 vulnerability classes.
Is this safe for production systems?
Yes. Ethiack uses safe, non-destructive testing techniques designed to validate exploitability without causing disruption. Hackian is built to operate in live production environments. No downtime, no data loss, no service interruption. If you have specific constraints, our team can define the scope accordingly before testing begins.
Testing Models & Use Cases
What is the key differences between the plans?
Ethiack On-Demand is a single targeted pentest, ideal for compliance windows or pre-launch validation. Ethiack Continuous is an annual subscription that runs autonomous AEV across your attack surface 24/7. Core covers up to 50 assets. Enterprise scales to your full environment with additional coverage, custom reporting, and dedicated support.
What is the difference between an in-depth pentest and continuous testing?
An On-Demand pentest is a targeted, in-depth engagement scoped to specific assets or applications. It runs once and delivers a compliance-ready report within 5 days. Continuous testing runs autonomously 24/7 across your entire attack surface, triggering new test cycles with every asset change, deployment, or new threat intelligence update.
Who should use Pentest On Demand?
Ethiack On-Demand is for teams that need a targeted, in-depth pentest on a specific scope. It is ideal before a compliance audit, after a major release, for a new product or acquisition assessment, or any time you need deep validation fast. Results in under 5 days.
Who is Continuous built for?
Ethiack Continuous is built for organisations that need ongoing security coverage, not just a one-time check. It is a good fit for security teams managing a growing attack surface, companies with frequent deployments, and regulated organisations that need continuous evidence of security testing for NIS2, DORA, or SOC2 compliance.
When does Enterprise make sense?
Enterprise is the right choice when your attack surface spans more than 50 assets, includes internal infrastructure, mobile, or cloud environments, or when you need custom reporting, dedicated support, and deeper integrations. It is also built for organisations with complex compliance requirements or multiple business units to cover.
Can we start small and upgrade later?
Yes. You can start with an On-Demand pentest and move to Continuous when you are ready for ongoing coverage. Many customers run their first On-Demand engagement to validate a specific scope, then upgrade to Continuous to maintain that coverage year-round.
Results, Compliance & Operations
How fast do results come back?
For On-Demand pentests, testing begins within 24 hours of launch and a full compliance-ready report is delivered within 5 days. For Continuous, Hackian starts testing immediately after setup, which takes under 10 minutes. First confirmed risks typically appear within hours.
Can we retest after fixing issues?
Yes. Unlimited retesting is included in all plans. Once your team fixes a confirmed risk, Hackian retests automatically to verify the fix is effective. No extra cost, no scheduling delay.
What happens if you do not find anything serious?
If no exploitable vulnerability is confirmed, you do not pay. That is the Ethiack guarantee. A clean result is also valuable information: it means your environment held up against a real adversarial test, not just a scanner pass.
Is this suitable for audits, such as SOC2 and ISO27001?
Yes. Every On-Demand pentest delivers a compliance-ready report covering ISO27001, SOC2, PCI DSS, NIS2, DORA, and CRA. Reports are structured for auditors and include confirmed findings, proof-of-exploit, severity ratings, and remediation guidance. Continuous plans generate updated compliance reports automatically at any time.
Can Ethiack integrate with our existing tools?
Yes. Ethiack integrates with Slack, Jira, GitLab, Splunk Enterprise, ManageEngine, Zapier, and n8n. Webhook support and a full API are available for custom integrations. Enterprise plans include custom integration support.
Trust & Data
Where is our data stored?
Ethiack is 100% European. All data is stored and processed exclusively in Belgium, within the EU. We are ISO 27001 certified and fully compliant with GDPR. No data is transferred outside the European Union.
Who are the ethical hackers working at Ethiack?
Ethiack's hacker intelligence team is made up of professional ethical hackers, including Andre Baptista, a 2x HackerOne Most Valuable Hacker who has responsibly disclosed critical vulnerabilities in Shopify, Verizon, and the U.S. Department of Defense. They contribute novel attack techniques, validate complex findings, and keep Hackian ahead of emerging threats before public disclosure.
Do you have a Startup Program?
Yes. Ethiack offers a Startup Program for early-stage companies. Get in touch with our team to find out if you qualify and what is included.

Validate your exposure

before attackers do.

30-day free trial. No commitment.

signup(datetime.now());

def hello(self): print("We are ethical hackers")

class Ethiack: def continuous_vulnerability_discovery(self: Ethiack): self.scan_attack_surface() self.report_all_findings() def proof_of_exploit_validation(self: Ethiack): self.simulate_attack() self.confirm_exploitability() self.validate_impact()

while time.time() < math.inf: ethiack.map_attack_surface() ethiack.discover_vulnerabilities() ethiack.validate_exploits() ethiack.generate_mitigations() ethiack.calculate_risk() ethiack.notify_users() log.success("✓ Iteration complete")

ISO27001

Compliant

Activate AI penTesting

Ethiack — Autonomous Ethical Hacking for continuous security Continuous Attack Surface Management & Testing