
Mantis
Find real vulnerabilities. Prove they're exploitable.
Static analysis, AI-powered validation, and adversarial red-teaming — in a single pipeline. For AI applications, rapid prototypes, and production SaaS alike. What survives the pipeline is real, actionable, and audit-ready.
How It Works
Four stages. One pipeline. No noise.
The full pipeline runs in under 6 hours — from repository access to validated findings. What takes a manual security review weeks, Mantis delivers before your next standup.
Static Analysis
Point us at your codebase — a Git repository or file upload. 56 scanners across 5 languages analyze everything: injection vectors, credential exposure, dependency vulnerabilities, insecure configurations. The full traditional spectrum, plus AI-specific patterns like prompt injection sinks and unprotected tool endpoints.
AI Validation
Raw scanners are noisy by design — 85% of their output is false positives. Our heuristic filter eliminates ~65% of that noise. Then a proprietary fine-tuned model reviews every remaining finding individually — it understands code context, framework conventions, and actual exploitability. Another ~75% gone. What survives has been confirmed as real.
Dynamic Red-Teaming
47 attack playbooks with 208 variants, executed against your running system. Prompt injection, tool abuse, authorization bypass, data exfiltration — real attacks, not theoretical risk scores. Every successful exploit is logged with the exact payload and the system response that confirmed it.
Unified Report
One document. Validated findings with severity and exploitation proof. Compliance mapping across 10+ frameworks — EU AI Act, OWASP LLM Top 10, PCI-DSS v4.0, NIST AI RMF, SOC 2, ISO 27001, MITRE ATLAS. Defense profile scoring across 7 security dimensions. And a prioritized remediation roadmap: what to fix first, how to fix it, and why.
What You Need to Run It
Minimal setup. No agents to install, no infrastructure to provision.
For static analysis
A Git repository URL with read access, or a code archive upload. That's it. No SDK, no CI plugin required for the initial assessment.
For dynamic red-teaming
A reachable endpoint — staging or production. If the system requires authentication, provide credentials or an API key. We handle the rest.
Test run available
We run a scoped assessment on a single component of your system — real findings, real report, same pipeline. You see exactly what Mantis produces before committing to a full engagement.
What You Get Back
A professional security assessment — not a CSV dump.
A structured PDF report — scope and depth scale with your system and the vulnerabilities discovered. Every finding has been validated by our AI model.
Validated findings
Each finding classified by severity and CWE, with clear risk context. No noise — only what passed both heuristic and AI validation.
Exploitation proof
For dynamic findings: the exact payload that worked and the system response that confirmed it. Not "this could theoretically be exploited" — here's what happened when we did.
Compliance mapping
Every finding automatically mapped to relevant frameworks: EU AI Act, OWASP LLM Top 10 (2025), NIST AI RMF, PCI-DSS v4.0, SOC 2, ISO 27001, MITRE ATLAS.
Defense profile
7 security dimensions scored from 0 to 1 — input filtering, output filtering, rate limiting, context isolation, tool sandboxing, auth controls, monitoring. Shows where you're strong and where the surface is exposed.
Remediation roadmap
Prioritized by severity and exploitability. What to fix in the first sprint, concrete recommendations on how to fix it, what can wait, and what to monitor. We don't just find problems — we show you how to close them.
Every assessment ends with a clear verdict: PASS, CONDITIONAL (fixable issues, re-scan after remediation), or FAIL (critical exposure requiring immediate attention).
One-Time Audit or Continuous Gate
Two ways to run Mantis. Pick the one that fits your release cycle.
One-time security audit
A full assessment at a point in time. Pre-release security check before a major launch. Compliance documentation for an upcoming audit. Due diligence for investors or enterprise customers asking to see your security posture. Or simply an honest baseline.
Deliverable: the full Mantis report — validated findings, exploitation proof, compliance mapping, remediation recommendations. One engagement, one document.
CI/CD integration — security gate
Mantis runs on every push, pull request, or release. Automated. New vulnerabilities flagged, regressions caught, noise from unchanged code suppressed.
Pre-merge gate blocks unsafe code. Release gate blocks unresolved critical findings. Baseline diffing surfaces only new findings. This is how you stop shipping the same class of vulnerability twice.
Periodic red-team campaigns
Quarterly or on-demand adversarial campaigns against production systems. Full adaptive attack battery — strategy adjusted based on what the system has learned to defend since last time.
Not a re-run of the same playbook. Each campaign adapts to your current defenses and targets the gaps that matter.
Not Just for AI
Mantis validates any codebase. The AI validation layer is what makes the difference.
AI applications and agentic systems
Agents, LLM integrations, MCP servers, RAG pipelines, multi-agent chains. The attack surface that traditional tools structurally cannot see: prompt injection, tool abuse, context poisoning, privilege escalation through delegation. This is where Mantis started, and where the deepest specialization lives.
Rapid prototypes and AI-assisted builds
Built fast with AI assistance? The speed is the point — but the security gaps that come with it aren't visible until someone looks. Mantis catches what the developer didn't know to check for: auth shortcuts, unvalidated inputs, exposed configurations. Get a security baseline before your prototype becomes production.
Production SaaS — cutting through scanner noise
You already run SAST. You already get hundreds of findings per scan. Your team ignores most of them because the false positive rate is 70–85%. That's not a people problem — it's a tooling problem. Mantis's AI validation layer separates signal from noise. Your security team fixes actual vulnerabilities instead of triaging spreadsheets.
Validated findings, not scanner output. Whether you're building agents, shipping a SaaS product, or preparing for an audit — the value is the same: know what's actually wrong, and prove it.
Proof, Not Promises
49 open-source projects. Named vulnerabilities. Verifiable.
Over 3 months, Mantis scanned 49 open-source AI and ML projects. Raw scanners produced 4,688 findings. After deduplication, heuristic filtering, and AI validation — 5 confirmed true positives with exploitation context. The rest was noise. Real projects, real code, verifiable results.
Direct SQL concatenation in pgvector index creation, exploitable through environment variable manipulation.
Production MCP server exposes all app functions as tools without any authentication layer.
User-uploaded document content interpolated directly into LLM prompts via f-string — no sanitization, no content boundaries.
Vulnerabilities found by Mantis, verified, and responsibly disclosed. Not synthetic benchmarks — production code in widely-used open-source projects.
When to Use Mantis
Mantis is a strong fit when you need to:
- Validate an AI product's security posture before public launch
- Prepare for investor technical due diligence or enterprise procurement review
- Replace noisy SAST output with validated, audit-ready findings
- Assess AI-specific attack surfaces that traditional pentesting cannot cover: prompt injection, MCP tool abuse, RAG data leakage, agent behavior
- Generate compliance-mapped security documentation for EU AI Act, SOC 2, PCI-DSS, or ISO 27001 audits
Mantis may not be the right fit for:
- Basic website penetration testing without AI or LLM components
- Compliance paperwork without technical security review
- Automated scanner reports without validation or remediation guidance
Frequently Asked Questions
What does a Mantis AI security audit include?
A four-stage pipeline: static analysis (56 scanners across 5 languages), AI-powered validation that removes roughly 85% of false positives, dynamic red-teaming (47 attack playbooks, 208 variants), and a single compliance-mapped report with validated findings and remediation guidance. The scanner set, language coverage, and attack playbooks are continuously expanded as new AI attack techniques emerge.
How is an AI security audit different from a traditional penetration test?
Traditional penetration tests focus on web, API, infrastructure, and access-control vulnerabilities. Mantis adds the AI-specific attack surface a pentest misses: prompt injection, tool and MCP abuse, agent permissions, RAG data leakage, memory poisoning, and model behavior — and reviews them together with the underlying code, not in isolation.
Can Mantis audit AI agents, MCP servers, and RAG pipelines?
Yes. Agentic systems with tool access, MCP server integrations, RAG and knowledge pipelines, multi-tenant AI platforms, and LLM applications are the core target surface — not an afterthought. These are exactly the components traditional security tooling was never designed to assess.
Who should run an AI security audit before launch or fundraising?
Kenaz is a strong fit for teams preparing an AI product for public launch, investor technical due diligence, acquisition, or enterprise vendor security review — anywhere you need to prove the product is safe enough to ship, sell, or raise on. It is built for pre-release validation, not post-incident cleanup.
Does Mantis validate vulnerabilities or just produce scanner output?
It validates. Traditional scanners and pentest tools bury you in false positives; Mantis runs a purpose-trained model that checks each finding for real exploitability and strips the noise out of the report. Across 49 open-source projects, 4,688 raw scanner findings were reduced to 5 confirmed true positives with exploitation context — actionable results, not a 4,000-line report no one reads.
What compliance frameworks does a Mantis report map to?
Findings are mapped to OWASP LLM Top 10 (2025), NIST AI RMF, the EU AI Act, SOC 2, ISO 27001, PCI-DSS v4.0, and MITRE ATLAS — so a security audit doubles as audit-ready documentation for enterprise procurement, investors, and regulators.
Can Mantis run as a one-time audit or integrate into CI/CD?
Both. Run it as a one-off engagement for a pre-release checkpoint or technical due diligence, or wire it into your CI/CD pipeline to catch issues before every release and re-run it periodically to confirm your AI system has not drifted into new risks as models, prompts, and dependencies change.
See what Mantis finds in yours
Start with a scoped test run on one component. Real findings, real report, same pipeline. No commitment required.
Request a Test Run
