AI builds fast. We make it safe.

Veritas RedTeam is an autonomous offensive-security platform purpose-built for Web3 infrastructure. A swarm of AI agents continuously audits your source code, maps your live attack surface (APIs, RPC nodes, subdomains, S3 buckets, frontends), stages proof-of-impact exploits in a sandbox, and fuses every finding into a single Neo4j attack graph. The result: confirmed exploit chains with file-and-line citations, signed PoCs, and machine-readable reports, delivered in minutes after every deploy instead of weeks after a quarterly pentest.

Smart Audit secures your on-chain code: contracts, governance, oracles, and bridges. RedTeam attacks everything around it: APIs, cloud, frontends, repos, leaked credentials, the way real adversaries do. The two products share an account and a workspace, so findings from both engines land in the same dashboard and feed the same attack graph. Most teams run Smart Audit on every PR and RedTeam continuously against staging and production.

Both, and they reinforce each other. The Source Engine audits your repository with recursive AI passes that trace data flows from entrypoint to sink down to the exact file and line. The Surface Engine attacks your live deployment with recon, exploitation, credential-hunt, and graph agents. Findings cross over: a flagged line of code is automatically validated as a real exploit on the running system, and a live exploit is back-traced to the originating commit.

Six stages, each handled by a dedicated agent class. 01 Source Engine ingests your repo and traces data flows. 02 Surface Recon resolves subdomains, APIs, RPC nodes, and S3 buckets and re-walks them on a loop. 03 Exploitation stages proof-of-impact payloads in a sandbox and screenshots the result. 04 Attack Graph fuses static and dynamic findings into a 3D Neo4j graph with reachability scoring. 05 Credential Hunt sweeps repos, pastes, and archives for leaked keys and validates liveness. 06 Reporting compiles signed PDF, JSON, and SARIF outputs with a CVSS-graded delta against the previous baseline.

RedTeam is read-mostly by default. Active exploitation only fires in scopes you explicitly authorize, and every action is gated per-scope, logged, and reversible. Proof-of-impact payloads run inside our sandbox against a snapshot or shadow target wherever possible. You can pin scans to staging only, throttle request rates per host, and require a human approval step before any state-changing action on a production target.

Continuous instead of point-in-time. A traditional pentest gives you a 60-page PDF that is already stale by the time you read it. RedTeam re-runs the entire kill chain after every deploy, in minutes, and chains individual findings into full attack paths so you fix the root cause once instead of patching leaves forever. Manual pentesters are still valuable for novel logic flaws; RedTeam handles the 80% that should never have shipped in the first place.

When the Exploitation agent confirms a finding, CypherFix opens a pull request against your repo with a minimal patch, a regression test, and a re-run of the original exploit proving it now returns 401 instead of 200. The PR is signed by cypherfix-bot, includes the full ops-log timeline, and is never auto-merged: a human still hits the button. End-to-end median is 18 seconds from confirmed exploit to open PR.

Source Engine covers Solidity, Vyper, Rust (Solana, CosmWasm, Substrate), Move (Aptos, Sui), TypeScript, Python, and Go. Surface Engine is chain-agnostic and works against any HTTP, GraphQL, or JSON-RPC endpoint, plus standard cloud providers (AWS, GCP, Cloudflare). If you have a setup that is not on this list, reach out: we have added new targets for design-partner teams in under a week.

GitHub and GitLab for source and PRs, Slack and Discord for alerts, PagerDuty and Opsgenie for on-call, Linear and Jira for ticketing, and any SIEM that ingests JSON or SARIF (Datadog, Splunk, Panther, Elastic). Webhooks and a typed REST API are available for everything you can do in the dashboard.

Findings stay in your Veritas workspace, encrypted at rest with per-tenant keys. We never train models on customer artifacts and never share findings across tenants. Signed PoCs are pinned to IPFS with a content hash you control, so you can prove provenance without granting third-party access. Data residency in EU or US is selectable per workspace.

We are SOC 2 Type II in audit and target ISO 27001 in the next cohort. RedTeam outputs map cleanly to OWASP Top 10, CWE, and MITRE ATT&CK so you can drop the JSON straight into your existing compliance evidence. A signed audit-grade PDF is generated for every run with a CVSS rationale per finding.

Role-based access with workspace, project, and scope-level permissions. SSO via SAML or OIDC is included on every plan. You can give an auditor read-only access to a single project, give an engineer PR-merge rights on CypherFix patches, and keep production exploitation gated to a named on-call group.

Pricing is based on the number of monitored targets and concurrent exploitation scopes, not on findings or seats. Design-partner teams in the first cohort get founding pricing locked in for 12 months. Reserve a scan slot to get an exact quote for your environment.

We are onboarding design-partner teams now in waves of roughly a dozen at a time. The first scan typically runs within 48 hours of slot confirmation. Reserve a scan slot to join the next cohort, or jump straight into the dashboard if you already have a Veritas account.