Frequently Asked Questions

How does Sable work?

You log into app.vulnetic.ai, start a pentest, and walk away. Sable takes the same approaches as an expert human, performing detailed enumeration and exploitation of the target, executing its commands and tools in a sandboxed docker container.

What makes this different from vulnerability scanners?

Sable actually exploits vulnerabilities and chains attacks together, not just scanning for known CVEs. Sable is capable of performing complex business logic attacks and has successfully pentested 500+ IP networks using various privilege escalation and internal exploitation techniques.

What types of systems can you test?

Sable handles the same targets your team tests: web applications, cloud infrastructure, networks, APIs, Active Directory environments, and LLMs/chat models. The only targets Sable has not been tested against is mobile.

How long does an AI penetration test take?

It varies, but 2-4 hours is typical for a web application penetration test or bug bounty. The assessment can continue as long as you give the system additional tasks to complete, or it can stop itself when Sable decides the target has been fully exploited.

Is my data secure?

Yes. We do not train models on customer data. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Vulnetic has successfully completed a SOC 2 audit. For full details on how we handle your data, see our Trust & Security page.

Can I self-host or use private cloud deployment?

Yes. For organizations with strict data residency or compliance requirements, we offer private cloud deployment options. Run Vulnetic entirely within your own infrastructure. Contact our enterprise team to learn more.