Cairn is Trailhead Security's agentic security testing engine. Web applications, Active Directory, cloud infrastructure, and APIs — autonomously assessed, AI-triaged, and professionally reported.
Cairn Engine · Built by Brendon McCaulley, CISSP · 20 years in security
Cairn's agentic engine autonomously discovers, exploits, and documents vulnerabilities across every layer of your environment — with AI-driven triage, not just raw scanner output.
Authenticated crawling across all defined user roles. Automatic Swagger/OpenAPI discovery, HTTP method enumeration, cross-role IDOR substitution, BOLA/BFLA detection, XSS, SQLi, CSRF, and path traversal. tRPC and GraphQL introspection included.
ACL/DACL enumeration, ADCS abuse path discovery, cross-forest trust analysis, GPO misconfiguration review, LAPS assessment, and BloodHound-comparable attack path mapping — fully automated against your AD environment.
IAM privilege escalation path discovery, public exposure analysis, and misconfiguration detection across AWS, Azure, and GCP. SaaS coverage includes M365, Google Workspace, GitHub, and Okta. Benchmarked against CloudGoat and AzureGoat.
LLM-powered finding analysis eliminates false positives, contextualizes severity, and generates remediation guidance — automatically. Every engagement produces a compliance-ready PDF with executive summary, CVSS scoring, and evidence chains via the Basecamp client portal.
Cairn handles the full engagement lifecycle. You define the scope — the engine handles the rest.
Submit your target, auth credentials, role definitions, and enabled modules via the API. Cairn validates scope and queues the engagement.
Cairn runs discovery, enumeration, exploitation attempts, and cross-role testing. AI triage runs continuously — findings are classified and prioritized in real time.
A compliance-ready PDF report and a live findings portal are generated automatically. Clients access findings via a secure, tokenized portal link.
Cairn plugs into your existing security workflow — no lengthy scoping calls, no waiting weeks for a report.
Integrate Cairn into your CI/CD pipeline via API keys. Trigger assessments on every major release. Get findings in your existing workflow.
Use Cairn's autonomous engine to handle breadth scanning while your team focuses on depth. Multi-target orchestration built in.
PCI-DSS Req 11.4, SOC 2 CC7, HIPAA risk assessments. Reports formatted for your auditor, generated at the pace compliance requires.
Typical engagement scope: single web app to full enterprise environment · Reports in 24–72 hours
Cairn doesn't just invoke ZAP or Nuclei. The agentic engine reasons about findings, chains vulnerabilities, and makes decisions a human pentester would make.
Define multiple auth roles. Cairn tests every endpoint as every role — catching IDOR, privilege escalation, and tenant isolation failures automatically.
AI triage reviews every finding before it hits the report. You get actionable vulnerabilities, not a wall of scanner output to sift through.
Premium tier adds review by Brendon McCaulley, CISSP — validated findings, signed compliance letters, remediation guidance. Automation at scale, human judgment on demand.
Traditional pentests run $10,000–$30,000 per engagement, take weeks to schedule, and give you one shot at a report. Cairn starts at $299 per site — with unlimited rescanning for 30 days after every fix.
On-Demand and Pro are API-first. Premium is the fully managed service — portal, signed attestation, human review.
On-Demand billed per site. Pro and Premium billed monthly. Volume pricing for teams running >20 sites/month. Talk to us.
Start on-demand at $299, or reach out to discuss Pro and Premium access for your team.