Autonomous · Proof-First · Attack-Proven

Every finding, proven before it's reported.

The proof-first platform for external attack surface and network pentesting. Findings are attack-proven, not AI-guessed — every one demonstrated, with the evidence attached. For teams done triaging scanner noise.

// Silence means tested-and-clean, not silently-broken.
// Our silence is as trustworthy as our findings.

Hard-scoped, fail-closed, fully logged — every probe inside your authorization, every decision on the record.

✓ 4/4 gates · authenticity verified
app.ghosttrace.ai/gt/findings/GT-2041
Illustrative
scope ledger: every request logged, allow or deny
0
findings reported without proof — if we can't demonstrate it, you never see it
4+1
four evidence gates plus one authenticity check — every finding, no exceptions
ALL
AI decisions scored and logged — the AI is audited, not trusted
YOURS
every finding ships an evidence bundle you can verify yourself
Interactive tour

Don't take the demo's word for it either.

Click through the real product flow in two minutes — a run, the gates, an evidence bundle. No form, no sales call, no email.

Take the 2-minute tour
arrow keys work too · 5 steps · ungated
app.ghosttrace.ai/gt · Meridian Mutual
Illustrative

The client dashboard — six proven, seventeen held back. Few, and every one earns its place.

The proof system

A finding without proof is a guess with a severity label.

Four independent evidence gates, then an authenticity check on the evidence itself. Fail one and it's held back — no exceptions, no judgment calls.

G1

Reachability

Actually reachable from outside. Theoretical risk doesn't make the cut.

gate 1 of 4 · pass required
G2

Signal quality

The response genuinely indicates the weakness. Coincidental pattern-matches die here.

gate 2 of 4 · pass required
G3

Exploitability

Can actually be acted on, not merely observed. If it can't be leveraged, it fails.

gate 3 of 4 · pass required
G4

Impact

A concrete consequence — data exposed, access gained, integrity violated. No stakes, no report.

gate 4 of 4 · pass required

Then the evidence itself goes on trial.

Is this evidence real, or did the harness fool itself? Pass the gates but not authenticity, and it's Tier 3 — caveat shown, not hidden. Tier 4 is fully proven. Below Tier 3, nothing is reported as proven.

And the bundle stands alone.

Each finding ships a self-contained bundle — raw request, raw response, per-gate decisions, authenticity verdict. The raw data is in your hands; verify every finding yourself.

The platform

Four ways to run it.

EASM tells you what might be wrong. Pentest proves it. Run either as a one-time engagement, keep the proof always-on, or combine both into Continuous Coverage — one autonomous system that watches for change and re-proves what matters.

Surface · what might be wrong

EASM

Discovery and verification of everything you expose to the internet — subdomains, services, APIs, forgotten staging. Every asset confirmed, not guessed from stale records.

Proof · what an attacker actually does

Pentest

Active, gate-verified exploitation against your authorized network — turning "you have this exposure" into "here's exactly what an attacker does with it." Authenticated testing probes behind the login when credentials are provided. SSO & vault rolling out

Proof · always-on

Pentest Continuous design-partner rollout

Event-triggered re-proving: when your surface changes, GhostTrace re-runs the relevant checks and reports only what's new, resolved, or reopened — deltas, not data dumps.

Flagship
Watch + prove, continuously

Continuous Coverage auto-trigger rolling out

EASM and Pentest as one autonomous system: a change on your surface auto-triggers a governed assessment, and only the newly proven exposure surfaces — so the gap between "something changed" and "here's the proof" collapses to near zero.

Under the hood

Two engines, working as one.

A deterministic core you can audit line by line, and an AI brain that reasons like an attacker — together, not in sequence. Whichever surfaces a candidate, it faces the same gates.

Roadmap · stated honestly

What's next

We publish what we don't do yet — a proof-first company shouldn't market what it can't prove. In priority order:

  • Broader API weakness coverage — closing the OWASP API Top 10 gaps
  • Cloud posture checks — S3, IAM, and metadata-service exposure
  • Non-numeric ID support — UUIDs, slugs, and hash-style identifiers
  • Real-time ticketing and SIEM integration — polling API and webhook push
Read the honest limits
The intelligence layer

Every finding, in full context.

Proof isn't one number — it's the whole story around a finding. The heart of it is the differential: the same endpoint behaving correctly, then leaking. That contrast is what turns "suspicious" into "proven."

Control — an object you shouldn't reach
GET /v2/policies/00000/documents   HTTP/2 403 Forbidden # good — the endpoint can deny
Exploit — a real object, id swapped
GET /v2/policies/88412/documents   HTTP/2 200 OK ← should be 403 # another tenant's documents, returned

403 vs 200 on the same endpoint — that's the proof it's a real authorization flaw, not a broken service. Already captured today; surfacing into the dashboard now.

And the reasoning engine draws the whole path.

Individual findings are one thing. The picture that changes a boardroom conversation is the chain — from the public internet to a business impact, every hop a proven finding you can open.

app.ghosttrace.ai/gt/attack-paths
Illustrative

Sample attack path from a proof-first assessment (fictional demo data).

Reproduce-it in your bundle

A self-contained request you replay yourself. If it doesn't reproduce on your side, you shouldn't have to trust it.

Remediation in your bundle

A concrete fix path written for the engineer who owns the code — not a generic CWE paste.

Recon context in your bundle

How the target was reached and what surrounds it — the discovery trail behind every finding.

CVE / KEV match in your bundle

Where a proven finding lines up with known-exploited vulnerabilities, so priority is obvious.

Standards mapping in your bundle

CWE, OWASP, and MITRE ATT&CK references attached to each finding for audit and reporting.

Attack graph in your bundle

How individual findings chain into a single path — the picture a human pentester would draw.

Every item above is collected with proof attached — the differentiator competitors can't cheaply copy. Every card here is tagged in your bundle: it ships with every finding today.

How a run works

Real offensive testing — bounded by your authorization, at every step.

Threat actors don't ask permission; your surface is already being probed. GhostTrace runs the same offense — autonomously — but inside an authorization you define, enforced in code and recorded in a ledger. Not a single packet leaves for a target outside your scope, and probing is paced to spare production.

01

Authorize

Your engagement becomes a hard allowlist. The scope governor enforces it fail-closed at the API, the worker, and every outbound request — tightened mid-run, never widened.

02

Preview

Before real probing, the dry-run shows exactly what will happen — which checks, which surface, what scope. Fully transparent, nothing hidden, all of it logged.

03

Probe & prove

The engine maps your surface and attacks what it finds. Every candidate faces the gates. The cost governor caps each run, so the AI can't run away — no endless loops against your systems.

04

Adjudicate & deliver

Findings are autonomously gate-verified, adjudicated, and reported — no human bottleneck in the loop. You get the evidence bundles, audit ledgers, and structured exports your ticketing and SIEM can consume — plus a one-click executive report rolling out.

What GhostTrace never does

Enforced in code and entitlement, visible in the ledgers — not by a human watching over it.

  • Never tests outside the allowlist — scope can be tightened mid-run, never widened. Adding a target means re-authorization.
  • Never reports without gate evidence — below Tier 3, a candidate stays in the artifacts, not in your report.
  • Never acts outside the authorized engagement — scope, targets, and timing are bounded by what you signed, enforced fail-closed.
  • Never calls a capability "live" without a test behind it — the manifest gate checks every claimed capability against the code that runs it, enforced in the build, not the docs.
How it compares

Scanners guess. Pentests expire. AI tools can't show their work.

The honest comparison — including where each alternative is the right call, and where it structurally cannot get you to proven.

Legacy scannersQualys, Tenable, DAST tools Manual pentestconsultancy engagement AI-pentest entrantsautonomous black-box platforms GhostTraceproof-first, auditable
What gets reported Pattern matches — 10–100× more findings than are actionable What a human verified — quality varies with the team you got AI-generated findings with varying validation Only gate-verified findings — four gates plus authenticity, evidence attached
Can you audit it? Rules are opaque; "clean" and "broken" look identical You can ask the consultant — until the engagement ends Black-box reasoning; can't explain how a finding was derived Every capability tested in CI, every decision in a ledger, every finding traceable to evidence
Triage burden Yours — full-time staff closing tickets that should never have opened Low, but findings arrive as a PDF snapshot Lower volume, but you still verify the AI's claims Near zero — if it's reported, it passed the gates
Trusting the quiet Zero findings might mean the scanner silently broke Silence between engagements means nothing at all No structural way to prove the AI actually looked CI gates prove every claimed capability runs — silence means tested-and-clean
Cost shape Cheap per scan, expensive in triage headcount $30K–$200K per engagement, weeks to schedule Platform pricing, opaque AI spend Automated cadence at mid-market price; AI spend hard-capped per run
The right tool when You need checkbox breadth at minimal cost Stakes demand bespoke human adversaries You want maximum autonomy and accept the opacity You want findings you can verify and silence you can trust
swipe to compare →
Security & data handling

Your assessment data is the most sensitive we could hold. We treat it that way.

You're inviting a tool to attack your systems and store the proof. Here's where that data lives and how it's isolated — the questions your security team will ask first.

tenant isolation

Row-level isolation, database-enforced

Every organization's data is separated at the database layer with row-level security and accessed through a non-privileged role. One tenant's queries can never read another's rows — isolation is a database guarantee, not an application promise.

encryption at rest

Evidence encrypted, per record

Findings and evidence bundles are encrypted at rest with per-record keys managed in KMS. The raw request/response that proves a finding is protected the moment it's captured.

least authority

Scoped to exactly what you authorize

The scope governor bounds every outbound request to your allowlist, fail-closed. Nothing is tested, stored, or reported outside the engagement you defined — and the scope ledger lets you audit every decision after the fact.

SOC 2 in progress · DPA available on request · data-residency options for regulated environments. The full posture lives in the Trust Center.

The moat

The tool that proves itself.

Every security tool decays: detection logic drifts, capabilities silently break, and "no findings" stops meaning anything. GhostTrace is built so that failure mode is structurally impossible to hide.

capability manifest

The manifest can't lie

Every capability the platform claims is checked against the code on each build. A claim without matching code — or a "live" claim without a test proving it runs — fails the build.

fixture corpus

Every detector proves it still works

Each detector ships with a known weakness it must catch. When a framework change breaks detection, the build breaks first — not your security posture.

dormancy audit

Drift gets caught, not buried

A recurring audit confirms every "live" capability is actually exercised by real scan paths. Anything dormant is surfaced and resolved, never left quietly broken.

The full discipline — standing rules, build gates, and the self-audit that surfaces drift before it can ever reach a report — is documented in the Trust Center.

See the deliverable first

Read a full sample report.

Before you book anything, see exactly what lands in your hands. A complete assessment for a fictional org — six proven findings across both modules, an AI-chained attack path, evidence and remediation on every one, and the machine-readable artifacts that let you verify each finding yourself.

No form, no email. Report opens in your browser; the .zip adds results.json, evidence bundles, and the audit ledgers.

Sample assessment · Meridian Mutual (demo)
GhostTrace_Sample_Report_and_Evidence/
├── Assessment_Report.html — the human-readable report
├── results.json — 23 candidates in, 6 proven out
├── evidence/ — per-finding bundles (request, response, gates, authenticity)
├── scope_ledger.jsonl — every allow/deny decision
└── activation_ledger.jsonl — every capability that fired

Validated against ground truth. Then against the real world.

Against a vulnerable canary: the expected findings every run, zero false-positive recurrence. Against real infrastructure: a genuine exposure — autonomously gate-verified, adjudicated, and reported to the owner. We're taking a few design partners who want that discipline on their surface.

Become a design partner
Request a demo

Watch a finding earn its way into the report.

A live run — discovery, the gates, the evidence bundle your team would receive — and we'll scope a design-partner engagement for your environment.

  • 30-minute walkthrough with the founder who architected the engine
  • Live dashboard, real gate decisions, independently verifiable evidence
  • Engagement scoping: targets, rules of engagement, dry-run preview

Not ready to talk? The tour and sample report are ungated — dig in first, no email required.

No spam, no sequence. A human replies within one business day.