ACID Logo

Agents that think like researchers discovering what others miss.

Micro-agent swarms autonomously reason, communicate, and learn to find vulnerabilities that scanners and manual testers overlook.

Book a DemoSee How It Works
ACID Security Dashboard showing project overview and vulnerability summary

Four Attack Surfaces. One Platform.

ACID deploys specialized agent swarms for each surface, combining autonomous reasoning with deep domain expertise.

REST API Security

Comprehensive security testing for REST APIs including OWASP API Top 10 vulnerabilities, authentication testing, and injection attacks.

LLM Chatbot Security

Test LLM-powered chatbots for security vulnerabilities, jailbreaks, and data exfiltration attempts.

Web Application Pentesting

AI-powered penetration testing for web applications using autonomous agents to discover vulnerabilities and generate proof-of-concept exploits.

AI-Powered SAST

Security analysis of source code and repositories using AI agents to find vulnerabilities, misconfigurations, and security weaknesses.

Comprehensive Security Dashboard

See every project, vulnerability, and agent activity at a glance. Real-time status updates, severity breakdowns, and actionable insights — all in one view.

ACID dashboard showing project list, severity metrics, and real-time agent status

Deep Vulnerability Analysis

Every finding includes proof-of-concept evidence, CVSS scoring, affected endpoints, and remediation guidance. No false positives — only validated, exploitable vulnerabilities.

Vulnerability detail view with severity, evidence, and remediation steps

Visual Workflow Automation

Design authentication flows, chain API calls, and orchestrate complex test sequences with an intuitive drag-and-drop workflow builder.

Workflow editor with connected nodes for API authentication and testing pipelines

How ACID Thinks

A swarm of specialized micro-agents that reason, collaborate, and adapt \u2014 going far beyond pattern matching.

Reason

Each agent builds a contextual model of API behavior, inferring business logic and authorization boundaries from observed responses.

Communicate

Agents share findings in real time — a recon discovery instantly informs fuzzing and exploitation agents for coordinated attacks.

Learn

Persistent memory across sessions means agents remember past interactions, building deeper understanding with every test run.

Recon Agent
Inference Agent
Fuzzing Agent
Exploitation Agent

Why ACID Wins

See how agentic security compares to the alternatives.

Continuous Discovery

ACID
Scanners
Manual

Business Logic Testing

ACID
Scanners
Manual

LLM / Chatbot Security

ACID
Scanners
Manual

Autonomous Reasoning

ACID
Scanners
Manual

Persistent Memory

ACID
Scanners
Manual

Time to First Result

ACID
Scanners
Manual

Low False Positives

ACID
Scanners
Manual

How It Works

From deployment to actionable report in six steps.

01

Connector Agent

No inbound firewall ports required. Your APIs stay behind your perimeter.

02

Workflow Validation

ACID validates authentication flows, normalizes your API spec, and auto-corrects inconsistencies before testing begins.

03

Micro-Agent Swarms

Recon, inference, fuzzing, and exploitation agents work in parallel — each specializing in a phase of the attack lifecycle.

04

Central Intelligence

A coordination engine maintains long-term memory, enables cross-session learning, and directs agent strategy in real time.

05

Dashboard & Integrations

Live results stream to your dashboard. Connect Slack, Jira, GitHub, GitLab, or your CI/CD pipeline for automated workflows.

06

Reporting

Findings organized by endpoint, bug class, and severity — with proof-of-concept evidence and remediation guidance.

Built by Researchers, for Researchers

Stephen Sims

Founder, CEO

Stephen is a leader in offensive security research, penetration testing, and security education. As a SANS Fellow, he has shaped the training landscape for thousands of security professionals worldwide. He co-founded Off By One Security to push the boundaries of AI-driven vulnerability discovery.

  • SANS Institute Fellow and Curriculum Lead for Offensive Operations
  • Co-author of the Gray Hat Hacking book series
  • International speaker at major conferences including DEF CON, OWASP AppSec, and RSA keynotes

Huascar Tejeda

Founder, CTO

Huascar is a seasoned security researcher and engineer with deep expertise in vulnerability discovery and exploit development. As founder of Pentraze Cybersecurity, he built a reputation for uncovering critical vulnerabilities across diverse platforms. He leads the technical direction at Off By One Security, architecting the AI-powered engine behind ACID.

  • Co-author of the Gray Hat Hacking book series
  • Founder of Pentraze Cybersecurity
  • Widely recognized vulnerability researcher and competitive CTF champion

“We built ACID because we were tired of tools that find what they're told to find. We wanted agents that discover what they're not supposed to.”

Plans That Scale With You

Start small, grow as you need. Every plan includes continuous testing, detailed reports, and dedicated support.

Starter

Get started with a single attack surface.

  • Choice of 1 attack surface
  • Monthly credit allocation
  • Standard support
  • Detailed reporting
Book a Demo
Most Popular

Professional

For teams that need broader coverage.

  • Choice of 2 attack surfaces
  • Higher credit allocation
  • Expedited support & onboarding
  • Custom integrations & consulting
Book a Demo

Enterprise

Full platform access with white-glove service.

  • All attack surfaces included
  • Enterprise credit allocation
  • White-glove onboarding & SLA
  • CI/CD integration and training
Contact Us

Stop Scanning. Start Discovering.

See how ACID's agentic approach finds what others miss. Book a demo with our team or go straight to your dashboard.

Book a Demo

Get in Touch