Cairn is Trailhead Security's agentic security testing engine. Web applications, Active Directory, cloud infrastructure, and APIs — autonomously assessed, AI-triaged, and professionally reported.
Cairn Engine · Built by Brendon McCaulley, CISSP · Subscriptions from $299/mo
Cairn's agentic engine autonomously discovers, exploits, and documents vulnerabilities across every layer of your environment — with AI-driven triage, not just raw scanner output.
Authenticated crawling across all defined user roles. Automatic Swagger/OpenAPI discovery, HTTP method enumeration, cross-role IDOR substitution, BOLA/BFLA detection, XSS, SQLi, CSRF, and path traversal. tRPC and GraphQL introspection included.
ACL/DACL enumeration, ADCS abuse path discovery, cross-forest trust analysis, GPO misconfiguration review, LAPS assessment, and BloodHound-comparable attack path mapping — fully automated against your AD environment.
IAM privilege escalation path discovery, public exposure analysis, and misconfiguration detection across AWS, Azure, and GCP. SaaS coverage includes M365, Google Workspace, GitHub, and Okta. Benchmarked against CloudGoat and AzureGoat.
LLM-powered finding analysis eliminates false positives, contextualizes severity, and generates remediation guidance — automatically. Every engagement produces a compliance-ready PDF with executive summary, CVSS scoring, and evidence chains via the Basecamp client portal.
Cairn handles the full engagement lifecycle. You define the scope — the engine handles the rest.
Submit your target, auth credentials, role definitions, and enabled modules via the API. Cairn validates scope and queues the engagement.
Cairn runs discovery, enumeration, exploitation attempts, and cross-role testing. AI triage runs continuously — findings are classified and prioritized in real time.
A compliance-ready PDF report and a live findings portal are generated automatically. Clients access findings via a secure, tokenized portal link.
Cairn plugs into your existing security workflow — no lengthy scoping calls, no waiting weeks for a report.
Integrate Cairn into your CI/CD pipeline via API keys. Trigger assessments on every major release. Get findings in your existing workflow.
Use Cairn's autonomous engine to handle breadth scanning while your team focuses on depth. Multi-target orchestration built in.
PCI-DSS Req 11.4, SOC 2 CC7, HIPAA risk assessments. Reports formatted for your auditor, generated at the pace compliance requires.
Typical engagement scope: single web app to full enterprise environment · Reports in 24–72 hours
Cairn doesn't just invoke ZAP or Nuclei. The agentic engine reasons about findings, chains vulnerabilities, and makes decisions a human pentester would make.
Define multiple auth roles. Cairn tests every endpoint as every role — catching IDOR, privilege escalation, and tenant isolation failures automatically.
AI triage reviews every finding before it hits the report. You get actionable vulnerabilities, not a wall of scanner output to sift through.
Premium tier adds review by Brendon McCaulley, CISSP — validated findings, signed compliance letters, remediation guidance. Automation at scale, human judgment on demand.
Premium isn't just better coverage — it feeds a continuous intelligence loop. Every human+AI review session makes Cairn's detection engine sharper for every client on the platform.
Cairn runs a full autonomous scan. Then Brendon and Aria review findings together — validating, chasing false positives, and crawling the attack surface interactively for what the scanner missed.
The techniques that worked — the patterns, the vulnerability chains, the auth bypasses — are distilled into structured intelligence. No client data. No PII. Attack methods only.
New patterns feed Cairn's detection corpus. The engine that scans you next month is sharper than the one that ran last month — because your engagement made it so.
Your data stays yours. Only attack methods are extracted from Premium review sessions — never target data, finding details, or client identity. The loop advances Cairn's intelligence, not a data warehouse.
Traditional pentests run $10,000–$30,000 per engagement, take weeks to schedule, and give you one shot at a report. Cairn subscriptions start at $299/month — unlimited rescans, no per-scan fees.
All plans are subscriptions. Annual billing available via invoice (Net 30) — saves ~3 months.
All plans are monthly subscriptions. Annual billing via invoice, Net 30 — saves ~3 months. Questions? Talk to us.
Start with Starter at $299/mo, or talk to us about Pro and Premium subscriptions for your team.