What is in 1.0.0
Brektra is now generally available. The platform runs autonomous pentesting across AI applications, web and API surfaces, cloud accounts, and Active Directory. Every confirmed exploit produces a typed proof artifact, an interactive kill chain replay, and a remediation pull request that the re-test loop validates after merge.
Highlights
- All four surfaces in one engine. AI app prompt injection, RAG poisoning, tool abuse, agent hijacking, MCP exploitation, and multi-turn jailbreaks live next to web/API/Cloud modules. Cross-surface chains are recorded as one kill chain.
- Replay UI. React Flow tree, Monaco inspector, playback controls, and shareable signed links. Customers and auditors see exactly how each exploit landed.
- Patch PRs. Findings flow into LLM-generated patches that open as pull requests against your repo via the Brektra GitHub App. After merge, the same finding is re-tested automatically.
- CI/CD. A GitHub Action gate fails the build on confirmed exploits. brektra-cli runs the same scan from any terminal.
- Public Attack Atlas. 50 documented attack patterns with executable demos. Every pattern is also a one-click scan against your verified app.
- Compliance and reporting. OWASP LLM Top 10, OWASP Top 10, SOC 2, and ISO 27001 mapping. White-label PDF deliverables for consultants on the Business plan.
- BYOE. Custom payload library scoped per workspace, versioned, with safe-mode variants for destructive payloads.
Plans
Free, Starter, Pro, Business, Enterprise. Free is lifetime-capped at 3 scans. Paid tiers cover seats, surfaces, retention, and consultant features.