Pricing

No contracts.
No surprises.

Per-assessment pricing. Pay when you need it. Get the same findings a $20K consulting engagement delivers — at a fraction of the cost.

// ROI Calculator

See what you're actually saving.

Adjust the sliders to match your environment and see how ThreatForged AI compares to a traditional consulting engagement.

75 IPs
2x / year
$20,000
Annual savings with ThreatForged AI
$36,500
Consulting firm cost (annual)
$40,000
Based on your inputs above
ThreatForged AI cost (annual)
$3,500
Setup (year 1) + assessments + additional IPs
Cost per IP — consulting
$267
Per IP per engagement
Cost per IP — ThreatForged AI
$23
Per IP per engagement
// Plans

Simple, transparent pricing.

One-time setup, then pay per assessment. No retainers, no seat licenses, no annual commitments.

Setup
$500 one-time
Required for your first engagement. Covers scoping, environment intake, and secure agent deployment.
  • Scoping call with Ryan
  • Environment intake & documentation
  • Secure agent deployment
  • Baseline environment snapshot
  • Waived on repeat engagements
Most Common
Base Assessment
$1,500 / assessment
Full internal AD assessment covering all four attack phases. Up to 50 IPs. Report delivered within 5 business days.
  • AD enumeration & BloodHound analysis
  • NTLM relay & coercion testing
  • ADCS abuse (ESC1, ESC8, ESC15)
  • Privilege escalation & DCSync
  • Compliance-ready report
  • Step-by-step remediation guidance
  • 30-day remediation Q&A support
Additional Scope
$15 / IP
Extend coverage beyond the base 50 IPs. Billed per additional IP assessed in the same engagement.
  • Same full methodology
  • Included in the same report
  • No minimum additional IPs
  • Capped pricing available for large environments — ask about enterprise rates

* MSP and vCISO partners — volume licensing and white-label reporting available. Contact us for partner pricing.

// How We Compare

ThreatForged AI vs. the alternatives.

Same findings. Fraction of the cost. No security team required to operate it.

Feature ThreatForged AI Consulting Firms Enterprise Platforms Vuln Scanners
Cost per assessment $1,500–$2,500 $15,000–$30,000 $50,000+/yr $500–$3,000/yr
Active AD exploitation Full chain Manual Automated No
ADCS abuse testing ESC1, ESC8, ESC15 Varies by firm Some platforms No
Compliance-ready report Included Included Included CVE list only
Time to results 5 business days 2–6 weeks Days Hours
Security team required No Yes Yes No
Remediation guidance Step-by-step Included Varies Minimal
Annual contract required No No Yes Usually
// FAQ

Common questions.

What does "up to 50 IPs" actually mean? +
The base assessment covers up to 50 IP addresses in your internal AD environment — typically domain controllers, file servers, workstations, and key infrastructure. We scope this with you during the intake call so you know exactly what's included before we start. Additional IPs are $15 each.
Do I need a security team to manage this? +
No. ThreatForged AI is specifically built for IT Directors and small IT teams who don't have a dedicated security hire. The assessment runs autonomously after setup. The report is written in plain English with prioritized, step-by-step remediation guidance you can act on immediately — no security expert required to interpret it.
How does the $500 setup fee work? +
The setup fee covers the initial scoping call, environment documentation, and secure deployment of the assessment agent in your environment. It's a one-time charge — waived on all repeat engagements. If you run two assessments per year, your second year is just $3,000 total (2 × $1,500).
Will this disrupt our network or cause downtime? +
No. The assessment is scoped and controlled — we use the same techniques as a real attacker, but with human approval gates before any potentially disruptive actions. Nothing is executed without your explicit sign-off. We've run assessments in live credit union environments during business hours without impacting operations.
What does the report look like? +
The report includes an executive summary written for non-technical leadership, a prioritized findings list with severity ratings, the full attack chain we executed (with screenshots), and step-by-step remediation instructions for every finding. It's structured to satisfy NCUA examiners, SOC 2 auditors, and cyber insurance requirements out of the box.
Is there a contract or minimum commitment? +
No annual contracts, no retainers, no minimum commitments. You pay the setup fee once and then per assessment when you need one. We think you should keep coming back because the value is obvious — not because you're locked in.
Do you offer MSP or vCISO partner pricing? +
Yes. If you're an MSP or vCISO platform looking to offer pentesting as a service to your client base, we have volume licensing and white-label reporting options. Reach out directly at [email protected] to discuss partner arrangements.
// Get Started

Ready to see what's actually exploitable?

Book a 30-minute scoping call. We'll walk through your environment, answer your questions, and tell you exactly what an assessment would cover — no sales pitch, no obligation.

Book a Demo Email Ryan Directly