Cairn is Trailhead Security's agentic security testing engine. Multiple best-of-breed OSS tools, AI-normalized findings, and human+AI review on Premium — assessed, triaged, and reported at a pace the industry has never seen.
Cairn Engine · Built by Brendon McCaulley, CISSP · Subscriptions from $299/mo
Cairn's agentic engine autonomously discovers, exploits, and documents vulnerabilities across every layer of your environment — with AI-driven triage, not just raw scanner output.
Authenticated crawling across all defined user roles. Automatic Swagger/OpenAPI discovery, HTTP method enumeration, cross-role IDOR substitution, BOLA/BFLA detection, XSS, SQLi, CSRF, and path traversal. tRPC and GraphQL introspection included.
ACL/DACL enumeration, ADCS abuse path discovery, cross-forest trust analysis, GPO misconfiguration review, LAPS assessment, and BloodHound-comparable attack path mapping — fully automated against your AD environment.
IAM privilege escalation path discovery, public exposure analysis, and misconfiguration detection across AWS, Azure, and GCP. SaaS coverage includes M365, Google Workspace, GitHub, and Okta. Benchmarked against CloudGoat and AzureGoat.
LLM-powered finding analysis eliminates false positives, contextualizes severity, and generates remediation guidance — automatically. Every engagement produces a compliance-ready PDF with executive summary, CVSS scoring, and evidence chains via the Basecamp client portal.
Cairn handles the full engagement lifecycle. You define the scope — the engine handles the rest.
Submit your target, auth credentials, role definitions, and enabled modules via the API. Cairn validates scope and queues the engagement.
Cairn runs discovery, enumeration, exploitation attempts, and cross-role testing. AI triage runs continuously — findings are classified and prioritized in real time.
A compliance-ready PDF report and a live findings portal are generated automatically. Clients access findings via a secure, tokenized portal link.
Cairn plugs into your existing security workflow — no lengthy scoping calls, no waiting weeks for a report.
Integrate Cairn into your CI/CD pipeline via API keys. Trigger assessments on every major release. Get findings in your existing workflow.
Use Cairn's autonomous engine to handle breadth scanning while your team focuses on depth. Multi-target orchestration built in.
PCI-DSS Req 11.4, SOC 2 CC7, HIPAA risk assessments. Reports formatted for your auditor, generated at the pace compliance requires.
Typical engagement scope: single web app to full enterprise environment · Reports in 24–72 hours
Cairn orchestrates ZAP, Nuclei, Nikto, testssl.sh, ffuf, and its own engine in parallel. The agentic layer reasons across all findings — not just one scanner's output.
Define multiple auth roles. Cairn tests every endpoint as every role — catching IDOR, privilege escalation, and tenant isolation failures automatically.
All tool findings pass through an LLM normalization layer before they reach you — semantic dedup, triage scoring, false positive suppression. Every tier.
Premium adds Brendon McCaulley, CISSP + a purpose-built team of Claude-powered AI agents — interactive crawling, pattern correlation, human judgment where it counts.
Cairn's AI layer is model-agnostic by design. When Anthropic Mythos — the most capable vulnerability-discovery AI ever built — reaches general availability, Cairn will be first in line.
Cairn doesn't run a single scanner. Every engagement deploys multiple industry-standard OSS tools in parallel, aggregates findings through an AI normalization layer, and — at the Premium tier — routes through a human+AI review team whose discoveries feed Cairn's growing detection corpus.
ZAP, Nuclei, Nikto, testssl.sh, ffuf, SQLmap, and Cairn's own engine run in parallel. No single-scanner blind spot. Every tool contributes its findings to a shared pool.
All raw findings pass through an LLM layer: semantic dedup, false positive suppression, CVSS triage scoring. You get clean, ranked, actionable output — not a wall of noise.
Brendon McCaulley, CISSP, and a purpose-built team of Claude-powered AI agents review findings together — crawling the attack surface interactively, correlating patterns, validating findings a scanner can't reason about.
Attack methods surfaced by the human+AI review team feed back into Cairn's detection corpus. The engine that runs next month is sharper — because this month's engagement made it so.
Your data stays yours. Only attack methods are extracted from Premium review sessions — never target data, finding details, or client identity. The loop advances Cairn's intelligence, not a data warehouse.
Traditional pentests run $10,000–$30,000 per engagement, take weeks to schedule, and give you one shot at a report. Cairn subscriptions start at $299/month — unlimited rescans, no per-scan fees.
All plans are subscriptions. Annual billing available via invoice (Net 30) — saves ~3 months.
All plans are monthly subscriptions. Annual billing via invoice, Net 30 — saves ~3 months. Questions? Talk to us.
Start with Starter at $299/mo, or talk to us about Pro and Premium subscriptions for your team.