Wedjat Signal: clear

Green means go.

Wedjat is an AI-directed red team. From one approved foothold we walk the attack path to your crown jewels, hop by hop, every step a command you can run yourself. When we say a door opens, you watch it open.

How we operate

Powerful, and leashed on purpose.

Our agent attacks you the way a real adversary would. What stops it is not good manners. It is a network jail it cannot reach past and a scope gate it cannot argue with. That is what makes it safe to point at production.

01

Proof, not a risk score

Nothing counts as a finding until we've shown it working. No CVSS estimates, no scanner dump for your team to sort through. Every claim is a single command, and we hand you the command.

Evidence-anchored
02

Boxed and leashed

The agent runs inside a default-deny network jail. It reaches what the scope allows and nothing else. Your data never leaves your box. Every action is written to an append-only log before it happens.

Scope-gated at every hop
03

Covert by default

We come in assumed-breach and quiet, the way a patient attacker would, not the way a compliance scan announces itself. You find out what someone with a foothold and time can actually reach. You find out from us, on a Tuesday, instead of from them.

Adversary emulation
04

Scope-gated by construction

Approved scope, dated window, recorded run. When a path crosses the boundary you set, we record that it exists and we stop. We do not step over the line to see what's there. The line is the product.

Approved scope, dated window

The blast radius

One leaked key. Four hops. The crown jewels.

The chain nobody mapped: four small mistakes that add up to one critical breach. We start from a single approved foothold and prove each hop before taking the next. Here is the real shape of one.

WDJ-0042-PATH-01 assumed-breach traversal evidence store Critical
Exposed dev credential found in a public .git/config on dev.example.com
ev_4471
Internal CI host credential reuse authenticates to ci.example.com:8080
ev_4490
Artifact registry CI service token in the environment grants read
ev_4502
Production customer database a registry image embeds a DSN that reaches prod
ev_4517

Blast radius: one leaked dev key reaches your production customer identity store in four hops. Every edge above is a command we ran and you can re-run, not a claim we're asking you to trust.

We never take what is behind the door. To prove database access we write our own marker, read it back, then drop it. We never read one row of your data.

When the light is green, you are clear to go.

No risk scores, no maybes. We find the path an attacker would take, prove it end to end, and hand you the exact command to close it. Then we run it again. Green is not an opinion. It is a door we tried to open and could not.

Back to top