Pentest Overview

What is Aikido Pentest

Aikido Pentest is an agentic, AI-powered penetration testing platform that performs deep, realistic security assessments in a fraction of the time of a traditional pentest.

It uses hundreds of autonomous agents that behave like top-tier red teamers; discovering, exploiting, and validating vulnerabilities across your applications, APIs, and infrastructure.

Instead of waiting weeks for manual reports, you get actionable results within hours, complete with validated findings, proof-of-concepts, and remediation guidance.

Core principles

• Built by world-class hackers: designed to think and act like them, but safe and repeatable.

• Scalable & continuous: run tests on demand, or continuously with each release.

• Full visibility: every request, exploit, and finding can be observed live.

• Actionable output: results are validated and prioritized, ready for developers to fix.

How it works

Aikido Pentest performs a full penetration testing workflow using intelligent agent coordination.

1. Discovery

The system maps all features, endpoints, and APIs of your application, either by scanning (black-box) or analyzing your code and OpenAPI specs (white-box).

Examples include endpoints like password reset, account deletion, or file uploads.

2. Exploitation

Hundreds of agents are dispatched to focus on specific areas, simulating a wide range of real-world attack techniques. To view the comprehensive list of vulnerabilities and attack vectors covered during this phase, please refer to this page.

3. Validation

Each finding is validated using additional agents to eliminate false positives and confirm exploitability.

You get verified vulnerabilities, each with:

• Attack type and severity level

• CVE or CWE references (if applicable)

• Example request/response data

• Developer-ready remediation steps

4. Report

When Aikido Pentest finishes validation, it produces a single, detailed report that combines an executive overview with developer-first, actionable findings. The report is designed so security, engineering and compliance teams can all act on it immediately.

Pricing and credits

Aikido Pentest is paid with Aikido credits.

• Manage credits and payments in Wallet & Credits.

• For Rightsized assessments, Aikido shows a recommended credit amount based on the repositories you linked.

Skip Payment

Start your pentest now and pay with credits later.

How it works

• Start instantly: We create "pending credits" to cover your initial run.

• Limited results: Critical and High-risk issues will stay blurred until you pay the pending credits.

• One at a time: You must pay your balance before using Skip Payment again.

Requirements

You can use Skip Payment if you:

• Have no unpaid credits that are outstanding

• Are running a pentest that costs 8,000 credits or less (majority of apps fall within this scope)

• Have linked at least one active repository (not a demo).

• Have provided at least two valid test user accounts.

What it’s not

Aikido Pentest complements, but doesn’t replace, all forms of security testing.

It is not:

• A social engineering or physical security assessment.

• A guarantee that all vulnerabilities are found