Know your weaknesses before attackers do.
AI-augmented offensive security — penetration testing, vulnerability scanning, and attack-surface management from a team that works with you, not around you.
Founded by John Doe — security lead for Ahold-Delhaize, Monta (pre-DHL), and Dutch municipalities, fire, and police.
Already breached? First response within 1 hour, 24/7.
- dns.enum
- tls.scan
- asset.map
- score × impact
- dedupe
- prioritise
- req/resp
- screenshot
- repro
- validate
- attack-path
- sign-off
AI accelerates discovery. Senior operators validate every finding.
AI is how we deliver — not the whole offer. It compresses recon and triage so our operators spend their time where judgement matters: attack-path narrative, exploitation, and remediation you can act on.
- years founder pedigree
- 20+years founder pedigreeplaceholder
- engagements delivered
- 150+engagements deliveredplaceholder
- regulated sectors served
- 5regulated sectors servedplaceholder
- advisories disclosed
- 40+advisories disclosedplaceholder
Certifications & framework readiness
- ISO 27001in progressplaceholder
- CRESTmembershipplaceholder
- OSCP / OSWEoperator credentialsplaceholder
- NIS2readiness
- DORAreadiness
- GDPRaligned
- SOC 2reportable
How the AI actually works
Named capabilities, not adjectives
Each part of the delivery pipeline is named, with what it does, what you get, and — just as important — what it will never do on its own.
Recon Acceleration
- Does
- Enumerates your external attack surface across DNS, certificates, exposed services, and cloud assets at machine speed.
- You get
- A complete, deduplicated asset inventory in hours, not days — so operators start testing with full context.
- Won't
- It does not exploit anything. Nothing is touched beyond passive and consented active discovery.
Findings Triage
- Does
- Scores and clusters raw findings by exploitability and business impact, surfacing what matters first.
- You get
- A prioritised queue an operator can act on — false-positive noise filtered before it reaches you.
- Won't
- It does not decide severity alone. A senior operator reviews and can override every ranking.
Evidence Collation
- Does
- Gathers reproducible proof — requests, responses, screenshots, and logs — alongside each confirmed finding.
- You get
- Audit-ready evidence your team can replay, mapped to OWASP, PTES, and MITRE ATT&CK references.
- Won't
- It does not fabricate proof. Every artefact comes from a real, operator-confirmed step.
Draft Reporting
- Does
- Drafts the routine sections of the report — scope, methodology, finding write-ups — from collated evidence.
- You get
- A faster turnaround, so operators spend their time on attack-path narrative and remediation advice.
- Won't
- It does not write the analysis. Senior operators author the judgement calls and sign off every report.
Two ways in
Pick the door that fits how you buy
Same operators, same standard of work — two routes sized to your organisation.
For teams under ~100 staff
Start with a subscription
Transparent monthly plans — continuous scanning plus hands-on testing time. Pick a tier and you're testing this week.
- Fixed monthly price
- From €99/month
- No procurement cycle
For enterprise & public-sector buyers
Scope a custom engagement
Tell us the scope and see the maths — man-days × day-rate, volume discount, and segmented routing to the right lead.
- Transparent day-rate
- Self-host (AGPL-3.0) option
- Procurement pack & DPA
Transparent pricing
Know the price before you talk to us
Four plans, published rates, a 17% annual discount. No “contact us for a quote” for the work that can be productised.
Recon
Continuous attack-surface visibility for small teams.
- External attack-surface monitoring
- Automated vulnerability scanning
- Severity-rated findings dashboard
- Monthly AI-summarised report
- Email support
Strike
Scanning plus hands-on testing time each month.
- Everything in Recon
- 2 hours AI-augmented pentesting / month
- Authenticated web & API testing
- Operator-validated findings
- Remediation guidance
Offensive
Deeper monthly testing with priority operator support.
- Everything in Strike
- 4 hours AI-augmented pentesting / month
- Attack-path narrative & re-test
- Priority operator support
- Quarterly review call
Enterprise
Scoped programmes for enterprise and public-sector buyers.
- Autonomous AI red-team operations
- Custom scope & cadence
- Self-host (AGPL-3.0) option
- Procurement pack, DPA & SLA
- Named operator team
See what attackers see — in 60 seconds
Run a passive scan of your domain and get severity-rated findings with a plain-language AI summary. No data is stored after the scan completes.
- External attack-surface snapshot
- Severity-rated, AI-summarised findings
- An honest list of what it didn't check
Founder-led
“I’ve run security for organisations that can’t afford to get this wrong — national retail, logistics, and Dutch public bodies. GetHacked brings that standard to teams of every size.”
John Doe — Founder. Security lead for Ahold-Delhaize, Monta (pre-DHL), and Dutch municipalities, fire, and police.
Data sovereignty
EU-headquartered · EU-resident operations · Open source (AGPL-3.0) — self-host available.
Run the platform on your own infrastructure. No data leaves your environment unless you choose. Built for procurement teams who answer to NIS2, DORA, and the GDPR.
Read a real engagement report
The fastest way to judge a pentest firm is to read its output. Download a redacted sample report to see exactly what you’d receive.
Know your weaknesses before attackers do.
Start with a free scan, pick a subscription, or scope a custom engagement. Whichever door you take, a senior operator validates the work.