PRICING

Continuous AI pentesting. Honest pricing.

KAI Platform from €1,200/month — fixed pricing, 14-day free trial. Human-led services scoped per client. Every finding KAI reports ships with reproducible proof of exploitation, so your team only triages what matters.

No credit card requiredAnnual or monthlyCancel anytime
KAI PLATFORM

Fixed pricing. Predictable bills.

AI-powered continuous security testing — published pricing, 14-day free trial, no per-finding charges.

These tiers cover the KAI platform subscription only. Human-led work — pentests, red team, compliance audits — is scoped per client under KAOS Services.

STARTER

For startups & small teams

1,200/month
Billed annually · €14,400/yr · save 20%
Up to 10 assets · 1 concurrent scan · unlimited scans in queue

Continuous AI pentesting for a single product or a small estate. Self-serve onboarding — same-day scans on common stacks.

  • All 127 attack techniques
  • Weekly scheduled scans + on-demand
  • PDF + JSON report exports
  • Slack / Teams / GitHub integrations
  • MITRE ATT&CK mapping
  • 3 users · email support
  • 14-day free trial
Start Free Trial
MOST POPULAR

PRO

Most teams pick this

3,200/month
Billed annually · €38,400/yr · save 20%
Up to 50 assets · 1 concurrent scan · unlimited scans in queue

Continuous AI pentesting across your full estate. Compliance-ready evidence, full API and CI/CD gating included.

  • Everything in STARTER
  • Daily scheduled scans + on-demand
  • Compliance evidence: PCI 4.0 · ISO 27001 · SOC 2 · HIPAA · NIS2 · DORA · ENS
  • All export formats (PDF · DOCX · JSON · SARIF · CSV · XLSX)
  • REST + GraphQL API · webhooks · Terraform
  • Risk acceptance + retest workflow
  • SLA tracking + analytics dashboards
  • 15 users · SAML SSO + SCIM
  • 4-hour SLA · business hours
Start Free Trial

ENTERPRISE

For regulated environments

Custom
Annual contract · scoped to your estate
Unlimited assets · 1 concurrent scan (more on request) · continuous rotation

Single-tenant, on-prem or air-gapped deployments. Custom techniques, BYOK encryption and dedicated solutions support.

  • Everything in PRO
  • Continuous scan rotation across full estate
  • Additional concurrent scan workers on request
  • On-prem · air-gapped · single-tenant managed VPC
  • BYOK (AWS KMS / Azure Key Vault / HSM)
  • Custom MITRE techniques + custom MCP servers
  • Audit log streaming (Splunk / Datadog / Elastic)
  • 1-hour SLA · 24/7 emergency · dedicated CSM
  • White-label reporting · auditor portal
Talk to Sales

Pricing context: KAI STARTER undercuts comparable AI pentest platforms (Pentera, NodeZero) by ~60%. KAI PRO sits at ~50% of Cobalt PtaaS Professional. Same autonomous AI agent across all tiers — only limits and integrations differ.

Compare KAI tiers

Same autonomous AI agent across all tiers. The differences are limits, integrations, deployment, and SLA.

Feature
STARTER
€1,200/mo
PRO
€3,200/mo
ENTERPRISE
Custom
Limits & scope
Assets included1050Unlimited
Projects / workspaces1UnlimitedUnlimited
Concurrent scans (workers)111 (more on request)
Scans in queueUnlimitedUnlimitedUnlimited
Scheduled scan cadenceWeekly + on-demandDaily + on-demandContinuous rotation
User seats315Unlimited
Manual review by OSCE3 operatorVia KAOS ServicesVia KAOS ServicesVia KAOS Services
Engine & coverage
All 127 attack techniques
RAG-driven technique selection
6 MCP servers (code analysis, browser, OOB, …)
Custom MITRE techniques + custom MCP servers
Findings validated with proof of exploit
Reporting & compliance
PDF + JSON exports
DOCX / SARIF / CSV / XLSX exports
MITRE ATT&CK coverage matrix
Compliance evidence (PCI 4.0, ISO 27001, SOC 2, HIPAA, NIS2, DORA, ENS)Mapping onlyFull evidence packFull evidence pack
White-label / custom branding
Auditor portal (read-only watermarked access)
Triage & lifecycle
Risk acceptance workflow
Re-test management + PoC replay
Field-level change history (audit trail)
SLA tracking + MTTR analytics
Integrations & API
Slack / Teams / GitHub notifications
JIRA / Linear / ServiceNow / GitHub Issues
CI/CD: GitHub Actions / GitLab / Jenkins / Azure DevOpsManual API
REST + GraphQL APIRead-onlyFullFull
Webhooks (HMAC signed) + delivery log
Terraform provider
Audit log streaming (Splunk / Datadog / Elastic)
Identity & security
Email + password
SAML SSO + OIDC
SCIM 2.0 user provisioning
Custom RBAC roles
BYOK encryption (AWS KMS / Azure KV / HSM)
Deployment & data
Multi-tenant SaaS (EU / US)
Single-tenant managed VPC
On-prem Kubernetes (Helm chart)
Air-gapped operator
Configurable data retention (30d–7y)12 months24 monthsConfigurable
Support & SLA
Email support
Business-hours response SLA24h4h1h
24/7 emergency response
Dedicated Customer Success Manager
Solutions Engineer / onboardingSelf-serveGuidedDedicated
Production SLA uptime99.5%99.9%99.95%
Quarterly business review

Need a tier between PRO and ENTERPRISE? Talk to us— we'll size it to your estate.

What KAI ships with every finding

Quality you can act on immediately

We can't promise a number of findings — that depends entirely on your environment's exposure. What we can promise is the format and rigor of every finding KAI surfaces.

Reproducible PoC

Step-by-step instructions to reproduce the issue, including captured request / response pairs.

CVSS 4.0 + business impact

Severity scoring with environmental modifiers plus a plain-language business-impact summary.

MITRE ATT&CK + CWE mapping

Every finding tagged with the MITRE technique it abuses and the CWE class it belongs to.

Compliance cross-walk

Linked control families across PCI-DSS, ISO 27001, SOC 2, HIPAA, NIS2, DORA and ENS.

Captured artifacts

Screenshots, OOB callbacks, tokens, payloads — everything your engineering team needs to act.

Remediation guidance

Concrete fix recommendations, code-level when applicable, with verification steps after the patch.

SERVICES

KAOS Services

Human + AI engagements led by our offensive security team — pentests, red team operations, compliance audits, advisory.

Custom engagement pricing

Every engagement is scoped to you

Compliance audits, full pentests, red team operations and advisory hours are tailored to your scope, target environment, and regulatory requirements. We send a fixed-fee proposal after a 30-minute scoping call.

  • Pentest (web, API, mobile, network, cloud, infrastructure)
  • Red team & adversary emulation engagements
  • Compliance-driven audits (PCI-DSS, ISO 27001, SOC 2, NIS2, DORA, ENS)
  • Source code review and threat modelling
  • Continuous advisory retainer

Get a quote

30-min scoping call →
Fixed-fee proposal in 48h

Request Pricing

No obligation, no upfront fees.

HOW WE COMPARE

KAOS vs the alternatives

Why teams pick KAOS over a traditional pentest agency or a self-hosted scanner.

DimensionKAOS
Platform + Services
Traditional pentest agencyDIY scanner
Time to first scanSame day — self-serve4–8 weeks per engagementMinutes — output unverified
CostFrom €1.2k/mo (Platform) · custom (Services)€25k–€80k+ per project€3k–€10k/yr (hidden infra cost)
Coverage cadence24/7 continuous + deep manualPoint-in-time snapshotLimited to known CVE signatures
Finding formatEvery finding ships with PoCManual write-up, varies by analystCVE matches — high noise rate
Continuous testingBuilt-inNo — re-scope each timeScheduled scans only

All prices in EUR, exclude VAT. Andorran entity (KAOS S.L.U) for commercial contracting; EU customers contracted via KAOS AI SECURITY, S.L. on request.

Frequently Asked Questions

KAI Platform is our continuous AI-driven testing product — 24/7 autonomous scanning, billed as a published subscription. KAOS Services are expert-led, scope-by-scope engagements (audits, pentests, red team operations, advisory) delivered by our human offensive security team — pricing is custom per engagement after a scoping call. Most customers run both: Platform for everyday coverage, Services for compliance milestones and deep-dive validation.

Yes. You can upgrade or downgrade your platform tier at any time. Upgrades prorate immediately; downgrades take effect at the start of your next billing cycle. No early-termination fees.

Yes — 14-day free trial on STARTER and PRO with full feature access. No credit card required to start.

STARTER if you have a single product and up to 10 internet-facing assets — usual fit for SMBs and pre-Series-B startups. PRO is the default for mid-market and any team that needs SAML SSO, full integrations, compliance evidence packs and 4h support — covers up to 50 assets. ENTERPRISE when you need on-prem, air-gapped, BYOK encryption, custom techniques, audit-log streaming, or you're past 50 assets. You can move up at any time, prorated.

As many as the queue can run. KAI uses one dedicated worker per tenant, so scans run sequentially. A typical Quick Scan finishes in 30–90 minutes; Deep Scans on internal estates can take several hours. In practice this means a 10-asset estate on STARTER can comfortably run weekly cycles plus on-demand re-tests; 50-asset estates on PRO usually settle into a daily rotation. If you outgrow the queue (e.g. 24/7 continuous on 100+ assets), Enterprise unlocks additional concurrent workers on request.

An asset is a host, application, API, container cluster or cloud account that you put under continuous testing. A multi-domain web application running across staging and production counts as one asset. Internal AD environments count per forest. We don't charge per finding, per scan or per user — only the asset cap matters.

Platform subscriptions are refundable pro-rata within the first 30 days, no questions asked. Service engagements (audits, red team, advisory) follow the cancellation terms agreed in your statement of work — typically refundable up to scoping completion, then prorated against work delivered.

It happens — and that's actually a good outcome. KAI's job is to find what's there, not to invent issues. If your estate is well-defended you may go through scan cycles with few or no findings; the platform still delivers value through continuous monitoring, MITRE coverage tracking, compliance evidence, and a clear audit trail you can show auditors. We don't tie pricing to a finding count for either side.

Yes. Registered non-profits, early-stage startups (pre-Series A) and accredited universities are eligible for up to 40% off platform pricing. Contact sales with proof of status to apply.

Yes. We sign GDPR-compliant Data Processing Agreements (DPA) with every EU customer by default, HIPAA Business Associate Agreements (BAA) for healthcare clients, and mutual NDAs prior to any scoping call. Standard templates are available; custom redlines welcome on Enterprise.

All scan data, findings, and customer artifacts are stored in EU data centers (Frankfurt and Madrid regions) with end-to-end encryption at rest and in transit. We never move data outside the EU without explicit written authorization. SOC 2 Type II and ISO 27001 audited.

Credit card and SEPA bank transfer for self-serve plans. Enterprise contracts support invoicing (NET-30/NET-60), POs, and multi-year prepayment with up to 20% discount.

Yes — save 20% when you choose annual billing on any recurring plan. Multi-year terms unlock additional savings (contact sales).

Still Have Questions?

Our team is happy to answer any questions and help you find the right plan.

Start Free TrialContact Us