Human-grade pentest.A fraction of the cost.Every release.

Fleuret runs pentests on your web apps and APIs with agentic AI. €2,500 instead of €15,000+. Audit-ready for DORA and NIS2.

Book a demo See pricing

Trusted by

SCROLL

THE PROBLEM · CADENCE MISMATCH

You ship every day. Your pentest ships once a year.

That math stopped working. Deployments outrun audits. Between each cabinet-grade report, 3 to 12 months of blind exposure.

52-WEEK AXIS · 2026NOW · W27

JANFEBMARAPRMAYJUNJULAUGSEPOCTNOVDEC

RELEASE CADENCE

247YTD · 3.2 / day

PROD · EU-WEST-1

TIMESERVICETYPESHAVERSIONSTATUS

Jul 20 19:37webrefactor1f1bfabv4.10.26UNAUDITED

Jul 19 19:33searchfixfa93968v4.10.4UNAUDITED

Jul 19 10:17paymentsperf9bb2a7dv4.12.6UNAUDITED

Jul 19 21:06authchore4b9cc48v4.12.14DEPLOYED

Jul 19 23:11apichore5185cfcv4.13.18UNAUDITED

Jul 19 07:39infrafeat6f2aa10v4.11.16UNAUDITED

Jul 19 03:50paymentscidccadf0v4.8.18UNAUDITED

Jul 19 19:14infrarefactor1a5efeav4.9.21UNAUDITED

Jul 19 20:59paymentsdeps4fee961v4.8.4UNAUDITED

Jul 18 19:50paymentsciaf8b73dv4.8.17UNAUDITED

Jul 17 09:35notifychore3981297v4.12.1UNAUDITED

Jul 17 00:20edgeperf97a2fb0v4.10.1DEPLOYED

Jul 17 15:01infrafix455f61bv4.9.16UNAUDITED

Jul 16 01:16apidepscee492dv4.8.13UNAUDITED

Jul 15 19:59graphqlfix2a60bb3v4.9.13STAGING

Jul 14 04:47notifyci6a66ddbv4.9.26ROLLBACK

Jul 14 04:57infradepsf128684v4.11.5DEPLOYED

Jul 13 20:15edgefeat8c6cc21v4.11.28UNAUDITED

Jul 12 03:04apifix6b48082v4.9.5UNAUDITED

Jul 12 20:11notifyperf27ab0a9v4.10.19UNAUDITED

Jul 12 02:49webrefactor7987989v4.10.8UNAUDITED

Jul 11 02:51infracia5e7059v4.9.10UNAUDITED

Jul 10 10:03apifixda9cc45v4.13.29UNAUDITED

Jul 10 06:22infrafeat149625bv4.12.21DEPLOYED

Jul 09 14:37billingrefactoreed76bev4.12.5UNAUDITED

Jul 09 11:56webci7266a16v4.12.26UNAUDITED

Jul 09 04:34scoringfeatebbfe3cv4.13.6UNAUDITED

Jul 08 11:30paymentsfeat2ad9131v4.12.10UNAUDITED

Jul 08 06:02webciaa48148v4.11.17UNAUDITED

Jul 07 02:58edgeperf4953196v4.11.10UNAUDITED

Jul 07 03:01infradepse0c19a8v4.13.21UNAUDITED

Jul 06 23:28edgechore8352f6cv4.8.3STAGING

Jul 05 15:44searchchorec520e65v4.13.5CANARY

Jul 05 12:20paymentschore79ac31av4.13.21UNAUDITED

Jul 05 01:39paymentsfeat3f555c7v4.10.17UNAUDITED

Jul 05 19:42searchfeat8af534av4.8.14UNAUDITED

Jul 04 23:11edgeperfb0be756v4.11.12UNAUDITED

Jul 04 20:05billingfixd58dee2v4.13.17UNAUDITED

Jul 04 15:18authrefactor3505ddav4.13.4UNAUDITED

Jul 04 14:25webperfa5e770cv4.13.21ROLLBACK

Jul 04 06:45webchoref1e695bv4.8.14STAGING

Jul 03 10:17scoringdeps15f492fv4.8.19UNAUDITED

Jul 03 18:54paymentsfeatdea9121v4.12.20UNAUDITED

Jul 03 02:27infraperf24eb8f2v4.13.20UNAUDITED

Jul 02 15:38edgefeat315c5b5v4.10.6DEPLOYED

Jul 02 12:37authci9ac0a3fv4.13.21UNAUDITED

Jun 01 12:06infrachorea7142ddv4.9.21UNAUDITED

Jun 01 08:32webrefactorb101b3dv4.10.25UNAUDITED

Jun 01 15:53notifydepsf5b41a2v4.8.4DEPLOYED

Jun 01 06:38billingfeat4afae53v4.10.11CANARY

Jun 01 16:51paymentsci310fa4cv4.8.3UNAUDITED

Jun 01 01:39authchore914c42bv4.11.13UNAUDITED

Jun 01 18:29apiperf9a67663v4.9.22UNAUDITED

Jun 01 06:53webperf99585abv4.8.8CANARY

Jun 01 12:26webperf808b2afv4.10.0UNAUDITED

Jun 30 09:34graphqldeps6f33dfdv4.10.23UNAUDITED

Jun 30 17:21authchore5829138v4.13.2UNAUDITED

Jun 30 04:54webperff0fe488v4.13.11UNAUDITED

Jun 30 11:34paymentsfeat5711b46v4.9.14STAGING

Jun 29 02:54scoringci7ccb6f3v4.10.17STAGING

Jul 20 19:37webrefactor1f1bfabv4.10.26UNAUDITED

Jul 19 19:33searchfixfa93968v4.10.4UNAUDITED

Jul 19 10:17paymentsperf9bb2a7dv4.12.6UNAUDITED

Jul 19 21:06authchore4b9cc48v4.12.14DEPLOYED

Jul 19 23:11apichore5185cfcv4.13.18UNAUDITED

Jul 19 07:39infrafeat6f2aa10v4.11.16UNAUDITED

Jul 19 03:50paymentscidccadf0v4.8.18UNAUDITED

Jul 19 19:14infrarefactor1a5efeav4.9.21UNAUDITED

Jul 19 20:59paymentsdeps4fee961v4.8.4UNAUDITED

Jul 18 19:50paymentsciaf8b73dv4.8.17UNAUDITED

Jul 17 09:35notifychore3981297v4.12.1UNAUDITED

Jul 17 00:20edgeperf97a2fb0v4.10.1DEPLOYED

Jul 17 15:01infrafix455f61bv4.9.16UNAUDITED

Jul 16 01:16apidepscee492dv4.8.13UNAUDITED

Jul 15 19:59graphqlfix2a60bb3v4.9.13STAGING

Jul 14 04:47notifyci6a66ddbv4.9.26ROLLBACK

Jul 14 04:57infradepsf128684v4.11.5DEPLOYED

Jul 13 20:15edgefeat8c6cc21v4.11.28UNAUDITED

Jul 12 03:04apifix6b48082v4.9.5UNAUDITED

Jul 12 20:11notifyperf27ab0a9v4.10.19UNAUDITED

Jul 12 02:49webrefactor7987989v4.10.8UNAUDITED

Jul 11 02:51infracia5e7059v4.9.10UNAUDITED

Jul 10 10:03apifixda9cc45v4.13.29UNAUDITED

Jul 10 06:22infrafeat149625bv4.12.21DEPLOYED

Jul 09 14:37billingrefactoreed76bev4.12.5UNAUDITED

Jul 09 11:56webci7266a16v4.12.26UNAUDITED

Jul 09 04:34scoringfeatebbfe3cv4.13.6UNAUDITED

Jul 08 11:30paymentsfeat2ad9131v4.12.10UNAUDITED

Jul 08 06:02webciaa48148v4.11.17UNAUDITED

Jul 07 02:58edgeperf4953196v4.11.10UNAUDITED

Jul 07 03:01infradepse0c19a8v4.13.21UNAUDITED

Jul 06 23:28edgechore8352f6cv4.8.3STAGING

Jul 05 15:44searchchorec520e65v4.13.5CANARY

Jul 05 12:20paymentschore79ac31av4.13.21UNAUDITED

Jul 05 01:39paymentsfeat3f555c7v4.10.17UNAUDITED

Jul 05 19:42searchfeat8af534av4.8.14UNAUDITED

Jul 04 23:11edgeperfb0be756v4.11.12UNAUDITED

Jul 04 20:05billingfixd58dee2v4.13.17UNAUDITED

Jul 04 15:18authrefactor3505ddav4.13.4UNAUDITED

Jul 04 14:25webperfa5e770cv4.13.21ROLLBACK

Jul 04 06:45webchoref1e695bv4.8.14STAGING

Jul 03 10:17scoringdeps15f492fv4.8.19UNAUDITED

Jul 03 18:54paymentsfeatdea9121v4.12.20UNAUDITED

Jul 03 02:27infraperf24eb8f2v4.13.20UNAUDITED

Jul 02 15:38edgefeat315c5b5v4.10.6DEPLOYED

Jul 02 12:37authci9ac0a3fv4.13.21UNAUDITED

Jun 01 12:06infrachorea7142ddv4.9.21UNAUDITED

Jun 01 08:32webrefactorb101b3dv4.10.25UNAUDITED

Jun 01 15:53notifydepsf5b41a2v4.8.4DEPLOYED

Jun 01 06:38billingfeat4afae53v4.10.11CANARY

Jun 01 16:51paymentsci310fa4cv4.8.3UNAUDITED

Jun 01 01:39authchore914c42bv4.11.13UNAUDITED

Jun 01 18:29apiperf9a67663v4.9.22UNAUDITED

Jun 01 06:53webperf99585abv4.8.8CANARY

Jun 01 12:26webperf808b2afv4.10.0UNAUDITED

Jun 30 09:34graphqldeps6f33dfdv4.10.23UNAUDITED

Jun 30 17:21authchore5829138v4.13.2UNAUDITED

Jun 30 04:54webperff0fe488v4.13.11UNAUDITED

Jun 30 11:34paymentsfeat5711b46v4.9.14STAGING

Jun 29 02:54scoringci7ccb6f3v4.10.17STAGING

TIMESERVICEVERSTATUS

Jul 20 19:37webv4.10.26UNAUDITED

Jul 19 19:33searchv4.10.4UNAUDITED

Jul 19 10:17paymentsv4.12.6UNAUDITED

Jul 19 21:06authv4.12.14DEPLOYED

Jul 19 23:11apiv4.13.18UNAUDITED

Jul 19 07:39infrav4.11.16UNAUDITED

Jul 19 03:50paymentsv4.8.18UNAUDITED

Jul 19 19:14infrav4.9.21UNAUDITED

Jul 19 20:59paymentsv4.8.4UNAUDITED

Jul 18 19:50paymentsv4.8.17UNAUDITED

Jul 17 09:35notifyv4.12.1UNAUDITED

Jul 17 00:20edgev4.10.1DEPLOYED

Jul 17 15:01infrav4.9.16UNAUDITED

Jul 16 01:16apiv4.8.13UNAUDITED

Jul 15 19:59graphqlv4.9.13STAGING

Jul 14 04:47notifyv4.9.26ROLLBACK

Jul 14 04:57infrav4.11.5DEPLOYED

Jul 13 20:15edgev4.11.28UNAUDITED

Jul 12 03:04apiv4.9.5UNAUDITED

Jul 12 20:11notifyv4.10.19UNAUDITED

Jul 12 02:49webv4.10.8UNAUDITED

Jul 11 02:51infrav4.9.10UNAUDITED

Jul 10 10:03apiv4.13.29UNAUDITED

Jul 10 06:22infrav4.12.21DEPLOYED

Jul 09 14:37billingv4.12.5UNAUDITED

Jul 09 11:56webv4.12.26UNAUDITED

Jul 09 04:34scoringv4.13.6UNAUDITED

Jul 08 11:30paymentsv4.12.10UNAUDITED

Jul 08 06:02webv4.11.17UNAUDITED

Jul 07 02:58edgev4.11.10UNAUDITED

Jul 07 03:01infrav4.13.21UNAUDITED

Jul 06 23:28edgev4.8.3STAGING

Jul 05 15:44searchv4.13.5CANARY

Jul 05 12:20paymentsv4.13.21UNAUDITED

Jul 05 01:39paymentsv4.10.17UNAUDITED

Jul 05 19:42searchv4.8.14UNAUDITED

Jul 04 23:11edgev4.11.12UNAUDITED

Jul 04 20:05billingv4.13.17UNAUDITED

Jul 04 15:18authv4.13.4UNAUDITED

Jul 04 14:25webv4.13.21ROLLBACK

Jul 04 06:45webv4.8.14STAGING

Jul 03 10:17scoringv4.8.19UNAUDITED

Jul 03 18:54paymentsv4.12.20UNAUDITED

Jul 03 02:27infrav4.13.20UNAUDITED

Jul 02 15:38edgev4.10.6DEPLOYED

Jul 02 12:37authv4.13.21UNAUDITED

Jun 01 12:06infrav4.9.21UNAUDITED

Jun 01 08:32webv4.10.25UNAUDITED

Jun 01 15:53notifyv4.8.4DEPLOYED

Jun 01 06:38billingv4.10.11CANARY

Jun 01 16:51paymentsv4.8.3UNAUDITED

Jun 01 01:39authv4.11.13UNAUDITED

Jun 01 18:29apiv4.9.22UNAUDITED

Jun 01 06:53webv4.8.8CANARY

Jun 01 12:26webv4.10.0UNAUDITED

Jun 30 09:34graphqlv4.10.23UNAUDITED

Jun 30 17:21authv4.13.2UNAUDITED

Jun 30 04:54webv4.13.11UNAUDITED

Jun 30 11:34paymentsv4.9.14STAGING

Jun 29 02:54scoringv4.10.17STAGING

Jul 20 19:37webv4.10.26UNAUDITED

Jul 19 19:33searchv4.10.4UNAUDITED

Jul 19 10:17paymentsv4.12.6UNAUDITED

Jul 19 21:06authv4.12.14DEPLOYED

Jul 19 23:11apiv4.13.18UNAUDITED

Jul 19 07:39infrav4.11.16UNAUDITED

Jul 19 03:50paymentsv4.8.18UNAUDITED

Jul 19 19:14infrav4.9.21UNAUDITED

Jul 19 20:59paymentsv4.8.4UNAUDITED

Jul 18 19:50paymentsv4.8.17UNAUDITED

Jul 17 09:35notifyv4.12.1UNAUDITED

Jul 17 00:20edgev4.10.1DEPLOYED

Jul 17 15:01infrav4.9.16UNAUDITED

Jul 16 01:16apiv4.8.13UNAUDITED

Jul 15 19:59graphqlv4.9.13STAGING

Jul 14 04:47notifyv4.9.26ROLLBACK

Jul 14 04:57infrav4.11.5DEPLOYED

Jul 13 20:15edgev4.11.28UNAUDITED

Jul 12 03:04apiv4.9.5UNAUDITED

Jul 12 20:11notifyv4.10.19UNAUDITED

Jul 12 02:49webv4.10.8UNAUDITED

Jul 11 02:51infrav4.9.10UNAUDITED

Jul 10 10:03apiv4.13.29UNAUDITED

Jul 10 06:22infrav4.12.21DEPLOYED

Jul 09 14:37billingv4.12.5UNAUDITED

Jul 09 11:56webv4.12.26UNAUDITED

Jul 09 04:34scoringv4.13.6UNAUDITED

Jul 08 11:30paymentsv4.12.10UNAUDITED

Jul 08 06:02webv4.11.17UNAUDITED

Jul 07 02:58edgev4.11.10UNAUDITED

Jul 07 03:01infrav4.13.21UNAUDITED

Jul 06 23:28edgev4.8.3STAGING

Jul 05 15:44searchv4.13.5CANARY

Jul 05 12:20paymentsv4.13.21UNAUDITED

Jul 05 01:39paymentsv4.10.17UNAUDITED

Jul 05 19:42searchv4.8.14UNAUDITED

Jul 04 23:11edgev4.11.12UNAUDITED

Jul 04 20:05billingv4.13.17UNAUDITED

Jul 04 15:18authv4.13.4UNAUDITED

Jul 04 14:25webv4.13.21ROLLBACK

Jul 04 06:45webv4.8.14STAGING

Jul 03 10:17scoringv4.8.19UNAUDITED

Jul 03 18:54paymentsv4.12.20UNAUDITED

Jul 03 02:27infrav4.13.20UNAUDITED

Jul 02 15:38edgev4.10.6DEPLOYED

Jul 02 12:37authv4.13.21UNAUDITED

Jun 01 12:06infrav4.9.21UNAUDITED

Jun 01 08:32webv4.10.25UNAUDITED

Jun 01 15:53notifyv4.8.4DEPLOYED

Jun 01 06:38billingv4.10.11CANARY

Jun 01 16:51paymentsv4.8.3UNAUDITED

Jun 01 01:39authv4.11.13UNAUDITED

Jun 01 18:29apiv4.9.22UNAUDITED

Jun 01 06:53webv4.8.8CANARY

Jun 01 12:26webv4.10.0UNAUDITED

Jun 30 09:34graphqlv4.10.23UNAUDITED

Jun 30 17:21authv4.13.2UNAUDITED

Jun 30 04:54webv4.13.11UNAUDITED

Jun 30 11:34paymentsv4.9.14STAGING

Jun 29 02:54scoringv4.10.17STAGING

PENTEST CADENCE

2/ yr · 39 days of testing

184^d07^h12^m

SINCE LAST AUDIT

D + 0

JAN 14 · last pentest

D + 30

~ 96 deploys

D + 60

~ 192 deploys

D + 90

~ 288 deploys

D + 120

~ 384 deploys

D + 150

~ 480 deploys

D + 184

TODAY · WEEK 27

D + 220

JUL 22 · scheduled

Slow

2 to 4 weeks per report. Between pentests, 3 to 12 months of blind spots.

Locked behind a firm

Find a consultancy, negotiate scope, wait for a slot. Every pentest becomes a procurement project.

Expensive

€25,000+ for a full audit. A budget that caps you at once a year, no matter how fast you ship.

PROCESS · 03 STAGES

How automated AI pentesting works

From your perimeter to a signed report. No firm. No procurement call.

RUN #FL-2026-0184

72 H 00 M END-TO-END

T+00:00T+36:00T+72:00

T+00:00

30 MIN

T+00:00

30 MIN

D1 · 14:36 UTC

01 · STAGE

Connect your perimeter

Drop in your domains, IPs, URLs. Our ASM maps your external surface in minutes.

247

ASSETS DISCOVERED

SUBDOMAINS

OPEN PORTS

ASSETS · 5 / 247

acme.comAPEX

*.api.acme.comWILDCARD

10.42.0.0/16CIDR

admin.acme.ioSUBDOMAIN

sso.acme.comSUBDOMAIN

T+00:30

71 H

T+00:30

71 H

D3 · 13:00 UTC

02 · STAGE

Launch a pentest

Pick an asset. Our AI agents attack it the way a human pentester would. Recon, exploit chains, escalation, pivot.

AGENTS DISPATCHED

PoC ATTEMPTS

CHAINS VALID

STDOUT · ENGAGEMENT

14:32:04AGENT-7recon → nginx 1.18.0 detected

14:32:11AGENT-7CVE-2021-23017 candidate

14:32:24AGENT-7crafting payload · stage 1/3

14:32:48AGENT-7PoC successful · RCE confirmed

14:33:02AGENT-3lateral · /api/internal exposed

14:33:19AGENT-3priv-esc → admin token

ATTACK CHAIN VALIDATED

T+71:30

30 MIN

T+71:30

30 MIN

DELIVERED · D3 14:00 UTC

03 · STAGE

Get an audit-grade report

Every finding validated by proof-of-concept. Zero false positives. Business impact, prioritized remediation, audit-grade PDF. Delivered in hours.

FINDINGS

FALSE POSITIVES

PDF · SIGNED

FINDING #017FL-2026-0184

CRITICALIDOR · /api/orgs/{id}

Authenticated tenant A reads tenant B's billing, invoices, and invitations by id-substitution.

PoC ✓BUSINESS IMPACTREMEDIATION

AUDIT-GRADE · DELIVERED

Why Fleuret

7 CRITERIA · 3 PROVIDERS

FLEURET WINS 4 / 7

NOT A FIRM

Consulting firm

THE PLATFORM

Fleuret

NOT A SCANNER

Legacy scanner

Rigor

Depth

Deep

Depth

Deep

Depth

Shallow

False positives

Rare

False positives

Zero. Every finding has a PoC.WIN

False positives

Many

Economics

Speed

2-4 weeks

Speed

Hours

Speed

Minutes

Cost

€25,000+

Cost

€2,500 flatWIN

Cost

Cheap, but noisy

Frequency

Quarterly-Annual

Frequency

On-demand. Every release.WIN

Frequency

Continuous

Fit

Audit-grade report

Adaptability

Deep, but slow and expensive.

Both. On every release.

Fast, but shallow and noisy.

THE PLATFORM

Fleuret

Rigor

Depth

Deep

False positives

Zero. Every finding has a PoC.WIN

Economics

Speed

Hours

Cost

€2,500 flatWIN

Frequency

On-demand. Every release.WIN

Fit

Audit-grade report

Adaptability

Both. On every release.

NOT A FIRM

Consulting firm

Rigor

Depth

Deep

False positives

Rare

Economics

Speed

2-4 weeks

Cost

€25,000+

Frequency

Quarterly-Annual

Fit

Audit-grade report

Adaptability

Deep, but slow and expensive.

NOT A SCANNER

Legacy scanner

Rigor

Depth

Shallow

False positives

Many

Economics

Speed

Minutes

Cost

Cheap, but noisy

Frequency

Continuous

Fit

Audit-grade report

Adaptability

Fast, but shallow and noisy.

Transparent pentest pricing

Start with a per-webapp POC. Scale into continuous coverage when you are ready.

Per-webapp POCOne-time pentest, per webapp

Continuous protectionAnnual subscription, multi-surface coverage

POC

Starting at

€3,000/ webapp

Full pentest per webapp. Paid upfront, delivered in 72 hours.

Credited toward year 1 if you upgrade to continuous within 6 months.

Full agentic pentest
DORA / NIS2 PDF report
Reproducible findings, zero false positives
Delivered in 72 hours

Book a demo

0 findings, 0 invoice.

If Fleuret finds nothing exploitable on your POC, you pay nothing.

Starter

1 to 3 webapps

€10,000/ year

2 pentests per webapp per year. Platform access, re-test included.

1 to 3 webapps covered
2 pentests / app / year
DORA / NIS2 PDF report
Re-test included

Book a demo

Growth

4 to 10 webapps

€25,000/ year

Weekly automated rescan. Jira tickets per finding. Audit-ready PDF.

4 to 10 webapps covered
Weekly automated rescan
Jira tickets with re-test link
DORA / NIS2 audit-ready PDF
Board-deck export for quarterly review

Book a demo

Scale

10+ webapps

Custom

Volume pricing, dedicated CSM, custom integrations.

Everything in Growth +
Dedicated CSM
REST / GraphQL APIs + external infra

Talk to a founder

vs €25,000+ for a yearly consulting-firm pentest

Design Partner cohort open until June 1

3 pentests for €4,900 (vs €9,000 at POC list). 5 seats.

See the cohort →

Are you a GRC platform or a pentest marketplace?

Fleuret resells under your brand. Clear channel margins.

Become a partner →

BOOK · 15 MINUTES

Run your first pentest this week.

15 minutes, no commitment. We scope a pentest on your real perimeter.

Book a demo

15 MIN · CET · NDA-READY

Human-grade pentest.A fraction of the cost.Every release.

You ship every day. Your pentest ships once a year.

Slow

Locked behind a firm

Expensive

How automated AI pentesting works

Connect your perimeter

Launch a pentest

Get an audit-grade report

Why Fleuret

Transparent pentest pricing

Run your first pentest this week.

Privacy Settings