SCATHA

Find the bugs before attackers do.

Evidence-led agentic vulnerability research for code you own. Built for teams that need real results without handing sensitive source to opaque workflows.

See the Wins

Product thesis

SCATHA is a serious research platform for organisations that need defensible, remediation-ready security results without surrendering control of sensitive code, runtime context, evidence, or cost.

Maintainer-acceptedResponsible disclosure outcomes beyond internal demos.
16-year issueA long-lived authentication-bypass class finding surfaced in foundational software.
Private deploymentResearch can run where the code and evidence need to remain.

Boundary

Authorised codebases. Controlled evidence. No broad internet scanning.

SCATHA is built for authorised security work against repositories, archives, local directories, product estates, and supply-chain code that the customer owns or is approved to assess.

The system supports deep source review, controlled validation, and remediation-grade reporting. It does not scan random hosts, automate activity against third parties, or turn model confidence into customer-facing findings.

Early wins

Already finding what established tooling missed.

SCATHA has already produced maintainer-accepted vulnerability reports in real-world software used by developers, infrastructure teams, and enterprises.

Accepted

Maintainer-Reviewed Results

Findings have moved beyond internal demos into responsible disclosure conversations and accepted fixes.

16 years

Long-Lived Critical Risk

One accepted issue was an authentication-bypass class vulnerability that had existed for sixteen years.

Infrastructure

Serious Software Targets

Early work has covered popular Linux applications and Unix-family operating system software.

Evidence

Reports Engineers Can Use

Results are packaged for remediation, reproduction, disclosure review, and fix verification.

Market shift

Market Timing

The first wave of AI vulnerability research changed expectations. SCATHA is built for private operational use after that shift.

Private

Named Results by Briefing

Customer briefings can cover named disclosures, evidence packages, and deployment fit under appropriate confidentiality.

Why it matters

AI changed vulnerability research. Control decides who can use it.

Private code stays privateRun research in the environment your policy, customers, and regulators require.
Evidence beats noiseSecurity teams need results that survive engineering scrutiny, not plausible AI commentary.
Real targets are messySCATHA is designed for serious software estates, from native code to large product repositories.
Operators stay in controlHuman review, scope boundaries, and budget visibility stay part of the workflow.

How it works

From repository to reproducible evidence.

SCATHA does not stop at plausible model commentary. It runs a structured vulnerability validation workflow that moves from authorised code access to confirmed findings, reusable evidence, and fix-ready reports.

01

Target Ingest

Connect the authorised repository, confirm scope, prepare the workspace, and preserve the run boundary.

02

Runtime Recon

Identify the stack, map entry points, profile dependencies, and prepare controlled validation environments.

03

Threat Modelling

Build an attack-surface model, identify high-risk paths, and prioritise hypotheses for validation.

04

Validation

Convert hypotheses into controlled tests, execute them safely, confirm exploitability, and filter noise.

05

Reporting

Deliver validated findings, reproduction material, patch guidance, replay support, and multi-format exports.

Focused run

Targeted Repository Run

Deep validation for a single authorised codebase, library, service, or software component.

Campaign

Multi-Repository Validation

Coordinated assessment across approved products, dependencies, shared components, and internal estates.

Monitoring

Continuous Repo Monitoring

Detect newly introduced exploitable risk as branches, commits, and production code paths change.

Evidence outputs

Reports engineers can reproduce and leaders can defend.

SCATHA turns authorised research into validated findings, reproduction material, fix guidance, and exportable records for security, engineering, audit, and disclosure work.

Evidence package Validated finding
Exploitability Confirmed in a controlled runtime
Reproduction Replay material and observed signals
Remediation Engineering-ready fix context
Export Executive, technical, and machine-readable outputs
Validated findings

Confirmed vulnerabilities with severity, impact, affected behaviour, and proof boundaries.

Reproduction evidence

Runtime evidence, traces, observed signals, and replay material for engineering review.

Patch guidance

Remediation detail and fix-verification support for teams that need to close the issue.

Audit-ready exports

Readable reports plus structured outputs for security workflows and internal assurance.

Operating modes

From one repository to broad security intelligence.

SCATHA can run deeply against a single target, support large-codebase macro flows, or coordinate multi-target operations where every result remains connected to the underlying evidence package.

Operators can monitor progress, spend, coverage, review queues, and reporting through a calm command surface built for repeated security work.

Single Target Run

Focused vulnerability research against an authorised repository or software component.

Large Codebase Flow

Structured investigation for native codebases, monorepos, API platforms, and complex product estates.

Operations Campaign

Budget-aware multi-target campaigns with human approval gates and consolidated reports.

Continuous Monitoring

Repeatable checks for new code risk, changed attack surfaces, and fix verification over time.

Operator control

Every run stays visible, bounded, and reviewable.

SCATHA is built for repeated security work where scope, spend, coverage, evidence status, and human review need to remain clear throughout the run.

Run control Authorised target review
Scope Map Review Evidence Report
ScopeApproved
SpendVisible
CoverageTracked
Needs review Scope expansion request
Evidence status Reproduction material attached
Reporting Executive and engineering outputs ready
Scope gates

Campaigns and target runs stay inside approved boundaries unless an operator reviews the change.

Cost visibility

Model mix, spend, and budget pressure are part of the operating surface, not an afterthought.

Coverage honesty

Skipped surfaces, blocked checks, and unresolved review items remain visible in reports.

Human review

Automation accelerates the work while operators keep control over sensitive movement and exports.

Deployment

Private by design. Model agnostic by necessity.

Run SCATHA where the source code and evidence need to live: cloud, private infrastructure, on-premise, or controlled local environments.

Environments
  • Private infrastructure
  • Cloud deployments
  • On-premise systems
  • Air-gapped workflows
Targets
  • Native applications
  • SaaS platforms
  • Libraries and packages
  • Supply-chain code
Inference
  • Local models
  • Hosted model APIs
  • Hybrid strategies
  • Cost-aware routing
Outputs
  • Verified findings
  • Replay material
  • Patch guidance
  • PDF, JSON, and SARIF

Where SCATHA fits

Private vulnerability research for the work security teams actually need to finish.

01

AI-Generated Code Validation

Review agent-assisted and AI-generated changes before insecure code reaches production.

02

Continuous Product Security

Revisit changed code, new attack surfaces, and recurring bug classes as engineering velocity increases.

03

Supply-Chain Campaigns

Coordinate analysis across approved dependencies, internal packages, and product-critical components.

04

Incident Response Triage

Determine whether a suspected issue is real, reachable, and relevant inside the target environment.

05

Fix Verification

Use preserved evidence and replay material to confirm remediation changed the security outcome.

06

Red Team Enablement

Preserve controlled replay assets for authorised assurance, exercise design, and remediation workflows.

07

Commercial Risk Assessment

Produce evidence-led views for vendor review, acquisition diligence, product assurance, and executive risk decisions.

08

AI Attacker Readiness

Validate exploitable vulnerabilities before hostile agents, automated scanners, or AI-assisted attackers find them first.

Questions

Short answers for serious evaluations.

What is SCATHA?

An AI-native vulnerability research platform for authorised codebases, validated evidence, and remediation-ready reporting.

Can SCATHA run on private infrastructure?

Yes. SCATHA is designed for private infrastructure, cloud, on-premise, hybrid, and controlled local environments.

Does source code need to leave our environment?

Not for private deployments. SCATHA is built for teams that need control over source, runtime, evidence, model selection, and data handling.

Is SCATHA an internet scanner?

No. SCATHA is for defensive security work against codebases, repositories, and environments the customer owns or is authorised to assess.

Responsible use

Bring SCATHA into your security workflow.

Book a private briefing to discuss repository validation, software supply-chain assessment, continuous monitoring, or private deployment.