pricing

We charge when you would have lost data.
Not before.

The full price table is being built ahead of launch. Until then: design partners run free, enterprise scopes are bespoke, and the production tier is on email.

design partner
For one team, willing to break things together.
$0until we get in
  • one staging environment, ~50 routes
  • shared agent fleet — 1 recon, 1 authn, 1 authz
  • findings to email + a single slack channel
  • reproducible PoCs, no PR automation
  • attribution welcome, not required
We charge nothing until the first confirmed exploit hits your inbox.
productionmost relevant
Continuous coverage for real customer apps.
soonper confirmed exploit
  • staging + production targets, unlimited routes
  • dedicated agent fleet — full recon/authn/authz/race/SSRF coverage
  • github app, fix PRs auto-opened against the offending repo
  • slack/linear/jira integrations, on-call digest
  • token + wall-clock budgets you set, killed on breach
Pricing is a function of confirmed exploits per quarter, not seats or tokens. We will publish pricing detail at launch.
enterprise
Custom scopes, isolation, paper.
soonlet's talk
  • isolated tenant, dedicated infra in your region
  • SSO/SAML, audit log streaming, retention controls
  • red-team-as-a-service: bespoke agents for your stack
  • SOC2 Type II report, custom DPA, signed MSA
  • named offensive engineer + quarterly readouts
Annual minimums, multi-quarter commitments, the usual.
the gap
// brink vs. the alternative
quarterly pentest
A snapshot. Brittle, expensive, scheduled around vendor availability — not your release cadence.
a typical pentest engagement · stale by month-end
bug bounty
Variable cost, variable signal. Triage burden falls on you; researchers are paid for theatrics.
pay per find · adversarial · noisy
brink
Continuous. Reproducible. The agents wake up, probe, write findings, sleep, repeat — every day.
$0 → confirmed-exploit pricing · 24/7
questions you actually have

FAQ.

Why is most of the table empty?

Because we are pre-launch and we are not pricing the production tier publicly until it ships. Pricing pages that read like fiction are worse than pricing pages that read like a stub.

How do you bill?

Per confirmed exploit, with a monthly cap. A "confirmed exploit" is one that reproduced against a real-but-synthetic account, passed the validator, and was severity ≥ medium. Info-level findings are free.

What about false positives?

You do not pay for them. The validator runs before the finding hits your inbox; if one does not reproduce, you can dispute it in one click — we eat the cost.

Can I cap spend?

Yes. Every run has both a token budget and a wall-clock budget. You set both; we kill the run if either breaches. Default monthly cap is 100 confirmed exploits per project.

Do you offer a free tier forever?

No. Design-partner status converts to a paid tier once the production product ships. We will give you 60 days notice and matching credits.

still curious
If you need a number before you can move, send us your stack. We'll send a real one back.