See your surface
like an attacker.

The Asset Graph maps every endpoint, repo, secret, and trust edge into a single navigable territory. Hot nodes glow. Critical paths burn. Reachability is scored, not assumed.

{[ ['GRAPH', 'ASSET CONTEXT'], ['LIVE', 'PRODUCT SURFACE'], ['RISK', 'REACHABILITY'], ['FLOW', 'DEPENDENCIES'], ].map(([n, l], i) => (

{n}

{l}

))}

ASSET GRAPH · KENSAI +− Ffit

● ASSET ● HOT ● CRITICAL PATH FIG. 06 · SPATIAL CHASSIS

Speak MCP. Speak SARIF.
Speak whatever your stack speaks.

The Kensai MCP Suite turns the platform into a tool any LLM can call — Claude, ChatGPT, Cursor, Copilot, your in-house agent. SARIF in, JSON out. Findings, scans, hunts, governance, billing — all addressable.

{[ 'GITHUB','GITLAB','BITBUCKET','JIRA','LINEAR','SLACK','PAGERDUTY','OPSGENIE', 'SPLUNK','DATADOG','SENTRY','ELASTIC','SUMOLOGIC','SNYK','SEMGREP','TRIVY', 'AWS','GCP','AZURE','CLOUDFLARE','VERCEL','FASTLY','OKTA','AUTH0', 'HACKERONE','BUGCROWD','INTIGRITI','YESWEHACK','CLAUDE','OPENAI','CURSOR','MCP', ].map(b => (

{b}

))}

{/* Code snippet */}

MCP · /findings.list

"Hey Claude, what bled overnight?"

Your AppSec lead can ask plain-English questions of the platform. Kensai responds with structured findings, gates, and remediation steps — auditable, attributable, and never made up.

{`$ kensai mcp call findings.list \\
    --tenant quanta-labs \\
    --since '6h ago' \\
    --severity '>=high'

`}{`# 4 findings · gate-verified
`}{`F-1824  `}CRITICAL{`  G3  SQL injection · /api/users/login
F-1819  `}CRITICAL{`  G3  RCE deserialization · /jobs/run
F-1823  `}HIGH    {`  G5  IDOR · /orgs/:id/billing
F-1822  `}HIGH    {`  G3  Path traversal · /files/:name

`}{`# evidence: oci://kensai-evidence/F-1824/poc.har
# autofix: PR #4421 opened · qlabs/api
# bounty:  review path available when a finding is ready`}{`
`}● next: type 'forge F-1824' to advance to G4

One platform.
Three intensities.

Kensai prices on assets monitored and bounty submissions, not on seats. Add as many engineers as you want. We win when you ship fixes, not when you hire reviewers.

{[ { t:'OPERATOR', sub:'Single-team', price:'Custom', unit:'', desc:'Early access for focused teams.', cta:'Start the conversation' }, { t:'ENTERPRISE', sub:'Multi-team · default', price:'Custom',unit:'', desc:'Broader product rollout, integrations, and workflow support.', cta:'Talk to sales', accent:true }, { t:'SOVEREIGN', sub:'Regulated · public sector', price:'Custom', unit:'', desc:'Deployment shape discussed directly, based on need.', cta:'Request brief' }, ].map((p, i) => (

{p.accent &&

}

{p.t}

{p.sub}

{p.price} {p.unit}

{p.desc}

{p.cta} →

{[ ['G1–G5 gates', '✓'], ['Dual-engine scans', '✓'], ['Auto Hunts', i ? '✓' : 'Limited'], ['MCP Suite', i ? '✓' : '—'], ['Bounty Forge', i ? '✓' : 'Read-only'], ['SSO · SCIM', i ? '✓' : '—'], ['Audit · SIEM', i ? '✓' : '—'], ['BYOK · Sovereign', i === 2 ? '✓' : '—'], ].map(([k, v]) => (

{k} {v}

))}

剣

Ready when you are

Find what matters.
Fix what's critical.

A 30-minute scoping call. We bring a live hunt against a sandboxed replica of your surface. You leave with three real findings — yours to keep, whether you sign or not.

Book demo → Tour the platform Read the docs

347,593 CVEs· 1.85M LOC· 7 OSS TOOLS· 10 COMPANIES· FEDRAMP MODERATE

See your surface like an attacker.

Speak MCP. Speak SARIF. Speak whatever your stack speaks.

One platform. Three intensities.

Find what matters. Fix what's critical.

See your surface
like an attacker.

Speak MCP. Speak SARIF.
Speak whatever your stack speaks.

One platform.
Three intensities.

Find what matters.
Fix what's critical.