Skip to main content
Project VigilPl. 03: Invite-only beta
Specimen, Vigil × RoseleapRooted in Data · Built to Bloom

Fig. 01: The audit

The audit hackersrun on you. Before they do.

Vigil is an AI security audit for web apps and codebases, built for teams that can't afford a $5k pentest, and can't afford to be the next breach in the news.

Invite-only beta · We review in cohorts.

Not ready to apply? Run a free 10-second surface scan first →

~5 min

Per audit

40+

Checks per scan

Cohort 01

Now accepting applications

What Vigil checks

Two layers · One report

A · Surface

What your site exposes.

Paste a URL. Vigil scans the public surface for misconfigurations and the signals attackers look for first.

  • Missing security headers (CSP, HSTS, X-Frame-Options)
  • TLS / SSL misconfigurations
  • Exposed admin panels and sensitive endpoints
  • Open redirects and CORS gaps
  • Information leakage (stack traces, versions)

B · Code

What your repo hides.

Connect a repo or upload files. Vigil reads code with an AI security model tuned to flag the patterns that actually ship to production.

  • SQL injection and XSS patterns
  • Hardcoded secrets and exposed API keys
  • Insecure dependencies with known CVEs
  • Weak authentication and session handling
  • Missing rate limiting on sensitive routes

Mapped to recognised frameworks

MITRE ATT&CK · NIST CSF 2.0 · MITRE D3FEND

Every finding carries the attacker technique it enables and the defensive control it maps to, so your report speaks the language your auditors, insurers and board already use.

Built for, The teams that need it most

A–D
A

Indie developers

The audit you can’t afford to pay for, run in minutes.

B

Startups

Get the same baseline a $5k pentest would catch, before launch.

C

Agencies

White-label reports you can ship to clients alongside the build.

D

Internal teams

Continuous audits on every deploy, fewer surprises in review.

Restricted access

Some tools should not be in everyone's hands.

A scanner that finds real vulnerabilities is also one that could find them in someone else. Vigil is invite-only by design: we review applications in cohorts, prioritise teams auditing systems they own, and gate code-level scans behind verified accounts.

  • Cohort-based intake, small, deliberate batches.
  • Verified ownership required before code scans.
  • Reports are private to the requesting account.
  • No retention of scanned source beyond the audit.

Apply for cohort 01

Ask to be let in.

Drop your email. If you're a fit for the current cohort we'll send your access link directly. Otherwise we'll hold your spot for the next one.

Invite-only beta · We review in cohorts.

Vigil · A Roseleap instrumentPlate 03 · Restricted · By invitation