AI writes functional code. Not necessarily secure code.
An independent two-pass penetration test built for apps developed with Claude Code and AI-assisted tools — fixed price, your schedule.
Five patterns AI introduces. All of them missed before go-live.
Roles enforced in the UI, absent at the API — where attackers actually operate.
API keys and credentials embedded in source files and repositories.
Unsafe input handling passed to databases or shells.
Debug modes and verbose errors left on in production.
One insecure pattern becomes dozens of identical vulnerable endpoints.
Average Australian SMB breach: ~$46,000 in direct costs — before reputational damage, customer churn, and Privacy Act exposure. A two-pass assessment costs a fraction of that.
Two passes. One price. Nothing slips through.
3–5 days testing in final dev. Every finding CVSS-rated.
Your team fixes on their timeline — we don't rush you.
1–2 days confirming fixes held before go-live.
Written confirmation for clients, auditors and insurers.
Grey-box testing — we operate as a logged-in user targeting stolen credentials, privilege escalation and business-logic flaws. Deepest coverage for the budget. Issues caught in build cost a fraction of post-deployment fixes.
Reports that stand up to clients, insurers and boards.
Every issue CVSS-rated with evidence, business impact, and fix steps. AI patterns called out explicitly.
One-page risk posture overview. No technical background required to act on it.
Written sign-off that fixes held — for clients, auditors and cyber insurers.
$6,500
+ GST · both passes included
- ✓Pass 1 + Pass 2 — one price, no surprises
- ✓Full OWASP / NIST / CVSS methodology
- ✓All reports, summary & re-test certificate
- ✓AI-specific vulnerability review
Pricing scales with complexity — simple apps at the lower end, multi-role platforms with APIs at the upper end.
We use Claude Code ourselves and support clients building with it. We know exactly which security patterns it introduces and which ones it misses. This service was built specifically for how software is now being built.
Ready to scope? One call, one hour.
Tell us what you've built, the user roles involved, and when you're targeting go-live — we'll fit around your schedule.