A42 is an automated cybersecurity platform that continuously monitors your company's external digital perimeter. It discovers all subdomains (including shadow assets), detects exploitable vulnerabilities, monitors the dark web for leaked credentials, and delivers bi-weekly security reports without manual intervention.

How often does A42 scan my assets?

A42 performs automated bi-weekly scans of all your assets with scheduled recursive scanning — no manual input required from your security team.

What is external perimeter monitoring?

External perimeter monitoring is the practice of continuously scanning all internet-facing assets of your company — domains, subdomains, IPs, and exposed services — to detect vulnerabilities before attackers exploit them. A42 automates this, discovering even shadow assets your team may not know about.

Does A42 detect leaked credentials on the dark web?

Yes. A42's Dark Web Monitoring scans dark web sources for leaked credentials and sensitive data linked to your domain shared in illicit databases, helping you respond before attackers exploit the information.

A42 is used by IT security teams, DevOps engineers, CTOs, and business owners. Clients include Jooble (international job platform, 67 countries), DOT (Ukrainian government agency supporting the Armed Forces), fintech companies, and e-commerce platforms.

How is A42 different from traditional scanners like Tenable?

Unlike Tenable, which requires manual configuration of scan targets, A42 automatically discovers all subdomains and exposed services — including ones never added to a scan scope. A42 detects exploitable vulnerabilities, not just alerts, reducing noise and focusing on real risks.

A42 is a Ukrainian company (A42, LLC, reg. №45790296), headquartered at 17 Hlybochytska str., Kyiv, Ukraine, 04052. The team has deep expertise in offensive security and cyber defense, with government and NATO partnerships.

AI Pentest Results in 4 days. From $1,000.

The playbooks of elite defenders, automated by AI agents. Built from frontline military and government cyber-defense experience — now available to engineering teams that ship every week.

4 business days

100+ attack schemes

$1K fixed price

Book a discovery call See methodology

Engagement preview Live engagement

01 Web & application covered

02 Infrastructure covered

03 Cloud & virtualization covered

04 Secure code review covered

05 Dependency map covered

06 Secret detection covered

Field-tested

We pentested a government agency.
Then it was opened to 20+ independent researchers.

Zero critical vulnerabilities found by the public researcher group. Result publicly announced, February 2026.

Our methodology had already found everything worth finding — before the perimeter went public.

The same playbooks are now run, end-to-end, by autonomous AI agents — at a fraction of the time and cost.

20+

independent researchers
tried to break what we already validated.

“Our methodology had already found
everything worth finding.”

The methodology

Frontline-grade playbooks. Run autonomously, step by step.

Built from frontline military and government cyber-defense experience — refined and systematized into an AI product by our team. Each scheme runs autonomously and step-by-step via specialized AI agents, in parallel across your full attack surface.

Web & application

OWASP Top 10, API security, business logic, access control — every layer of your application stack.

Infrastructure

External perimeter, exposed services, network misconfiguration, hardening gaps — mapped and exploited.

Cloud & virtualization

AWS, Azure, GCP and container workloads — IAM blast radius, public storage, metadata exposure.

Secure code review

Optional white-box pass on critical paths — auth, payments, file handling, deserialization, IaC.

Full dependency map

Direct and transitive dependencies, known CVEs, abandoned packages, supply-chain risk surface.

Secret detection

Tokens, API keys, JWT secrets and credentials in code, build artifacts, history and public sources.

100+

Proprietary attack schemes

Multi-step exploit chains and business-logic abuse patterns, codified by our team and continuously updated.

Formal report

Audit-ready Black Box AI Pentest report with proof-of-exploit, severity scoring and remediation steps.

Typical use cases

Where teams put AI Pentest to work

Four engagement patterns we see most often — each delivered with the same fixed scope, timeline and formal report.

Compliance & audit readiness

Get a formal Black Box AI Pentest report, prepared with a professional methodology for SOC 2, ISO 27001, and internal company-level security review.

Due diligence for M&A and investors

Validate the product's security posture before an investment round, M&A transaction or grant application — and hand over a formal report on the asset's external security.

Quarterly cadence

Replace a once-a-year manual engagement with regular cycles at a fraction of the traditional cost — security signal that actually keeps up with releases.

Agencies & development partners

AI pentest as part of delivery — fast, white-label, without an in-house security team. Hand clients a formal report with their next release.

How it works

Four steps. No platform to learn.

From scoping to a formal report — the engagement runs end-to-end without onboarding calls or dashboards.

Submit scope

Domain, context and access — a short form, about 5 minutes.

Contract + NDA

Fast e-sign. No procurement delays, no onboarding decks.

AI agents run

Parallel agents execute 100+ proprietary attack schemes against your perimeter.

Report ready

Formal Black Box AI Pentest report — proof-of-exploit, severity, remediation.

Built for

One engagement, three perspectives

The same fixed-price engagement maps cleanly to how CTOs, CISOs and founders actually use a pentest.

For the CTO

Validate production after every release.

Run a fresh AI Pentest each release cycle. Catch regressions, new attack surface and dependency drift before they reach customers.

For the CISO

Repeatable cadence. Audit-ready reports.

Replace a single annual engagement with quarterly cycles. Identical methodology, identical report format — your auditor's job gets simpler.

For the Founder

Enterprise-grade security. Startup pricing.

Show prospects, partners and investors a formal Black Box AI Pentest report — without the $20K invoice and 4-week wait.

Pricing

One engagement. Fixed price.

Black Box AI Pentest

Full-scope engagement

$ 1,000 starting

Full attack-surface scope across web, infrastructure and cloud
100+ proprietary attack schemes, run by parallel AI agents
Proof-of-exploit for every finding — no theoretical noise
Formal report for SOC 2, ISO 27001 and internal review
Delivered in 4 business days from kickoff

Book a discovery call

Or write to [email protected] with your domain and context.

Comparable manual engagement

Price $5,000 – $30,000

Timeline 2 – 3 weeks

A42 AI Pentest

Price From $1,000

Timeline 4 business days

Deliverable Formal report + PoC