Skip to main content
Fortify Labs
Engagement Models

Three ways to work with us.

Every engagement runs on the same 477-belief compound-learning brain and the same 11 specialist agents. What changes is cadence, scope, and what leaves the engagement on your letterhead.

Tier 1 · Continuous offensive coverage

Retainer Pentest

$10,000 – $25,000/ month
Scope this tier

The default engagement for teams shipping weekly or faster. Autonomous scans running against your production stack on a fixed cadence, with every finding verified by exploit before it lands in your inbox.

What’s included
  • Weekly autonomous scans across web, API, and cloud surface
  • Every finding with live PoC + remediation playbook
  • Private Slack channel with the lead operator
  • Brain beliefs tuned to your framework and architecture
  • Retest on every fix, no additional billing
  • Monthly executive summary + trendline
Service levels
First scan delivered
Within 5 business days
Critical finding response
Same-day notification
Retest turnaround
72 hours after fix
Contract term
Month-to-month after 3mo minimum
Deliverables
  • ·Weekly findings report (HTML + PDF)
  • ·Per-finding remediation playbook + Cursor-ready fix prompt
  • ·Monthly executive summary with trend analysis
  • ·Quarterly compliance control-mapping crosswalk
Ideal for

Engineering teams shipping ≥1 production release per week, SaaS with customer data, fintech, healthcare preparing for compliance attestation.

Most common
Tier 2 · Deep, compliance-ready engagement

Annual Audit

$25,000 – $50,000/ engagement
Scope this tier

Board-ready, signed, stamped. A formal offensive audit mapped to SOC 2, ISO 27001, HIPAA, or PCI, with an attestation letter on a clean rerun. Suited for once-a-year regulatory cadence or a board ask.

What’s included
  • Full offensive audit: web, mobile, cloud, internal
  • Authenticated multi-role testing with Playwright agents
  • Secondary pass by a human senior operator
  • Formal report: exec summary, technical detail, control mapping
  • Retest window included (60 days)
  • Attestation letter on clean rerun
Service levels
Kickoff
Within 10 business days of contract
Audit window
2 – 4 weeks
Report delivered
5 business days after audit close
Retest window
60 days from report delivery
Deliverables
  • ·Executive summary (3–5 pages, board-safe)
  • ·Technical findings report with full PoC evidence
  • ·Compliance control mapping (SOC 2 / ISO 27001 / HIPAA / PCI)
  • ·Remediation roadmap with priority tiers
  • ·Attestation letter on clean rerun
Ideal for

Companies preparing for SOC 2 Type II, ISO 27001 surveillance audit, HIPAA attestation, PCI QSA visit, board-level security review, or a Series B/C/D due diligence.

Tier 3 · Active breach support

Incident Response

Customscoping
Scope this tier

Something happened. We go deep on the intrusion path, map the blast radius, and harden what let it through. Paid by day-rate or fixed fee depending on scope.

What’s included
  • Rapid engagement (typically 24 – 72 hours)
  • Log forensics + reconstructing the intrusion path
  • Blast-radius mapping across infra, data, and identity
  • Containment recommendations and post-incident hardening
  • Executive and board-level briefing
  • Optional: counterparty and regulator communication support
Service levels
Engagement start
24 – 72 hours
Initial findings
Within 5 days of start
Full report
10 – 15 business days
Board briefing
On request, within 48h of report
Deliverables
  • ·Intrusion path reconstruction with log evidence
  • ·Blast-radius map (data, infra, identity)
  • ·Hardening plan with priority tiers
  • ·Executive and board briefing decks
  • ·Regulator-ready incident timeline (on request)
Ideal for

Teams that have already been breached, suspect an intrusion, or need a rapid second opinion on an internal investigation.

Why Fortify Labs

Built for teams that outgrew annual pentest PDFs.

100% XBOW benchmark

The industry-standard AI pentest evaluation. Our system scores 104/104. XBOW's own scores 85%. Every claim is queryable against our public Supabase endpoint.

Compound learning

Every engagement feeds back into a shared belief system. A proven technique on one customer surfaces faster for the next. Engagement #100 is sharper than engagement #1.

Senior operator on every engagement

Every retainer has a named human lead. Every audit has a senior operator pass behind the agent swarm. You never deal with a bot inbox.

Proof, not theory

Nothing leaves the engagement without a reproducible PoC. Theoretical findings stay in draft. If you can't demo it in an incognito window, we don't bill it.

30-minute scoping call

Not sure which fits?

A 30-minute scoping call maps engagement to risk surface. You leave with a sample report, a fixed fee, and a clear picture of what coverage looks like at your stage.

Request a Scoping Call

Response within 24 hours · NDA on request