Find Hidden Vulnerabilities Before You Ship – For Real
Kadag runs your app in an instrumented environment where security AI agents uncover security flaws - with having access to code and runtime
How It Works
Security Testing by running your app in a controlled environment
Install the Kadag GitHub app for code access integration
Repo is cloned and `docker compose up` executed in sandbox VM
AI Agents interact with your application like a security engineer
AI Agents have access to source code, runtime instrumentation and the browser context
Security vulnerabilities are reported along with steps to reproduce and remediation recommendations tailored to your app
Main Features Of Kadag
Built for modern stacks, it auto-instruments and runs containerized applications for realistic security testing
Deep and Contextual
Kadag combines code and runtime context in an instrumented environment that achieves deep coverage.
No Noise
Testing scenarios that mirror real workloads. All reported issues have an easy to run script to reproduce the issue.
Tested Vulnerability Remediations
AI-provided fixes are tested in the same instrumented environment, making sure that the remediation does not break your application.
No Tweaking Required
Testing simulations driven by autonomous AI agents that adapt and evolve alongside your application.
AI-Driven Security Testing for Web Applications and APIs.
Kadag achieves deep security testing coverage by running your containerized application in a carefully instrumented test environment.
No noise, no blindspots. Kadag understands your application and uses both code review and runtime instrumentation to find security vulnerabilities in your application.
Ready to get started?
Test your application like never before
Achieve deep coverage through Application Security Testing in our carefully instrumented environment
Get Early AccessAny Questions? Look Here
Do I need to instrument my application?
No. As long as your application can be built in a Docker container, we can run it in our instrumented environment.
How are you interacting with my application?
We use an instrumented browser controlled by Playwright and multiple AI Agents. Code and runtime instrumentation provide context to cover multiple code paths in your application.
How does Kadag Security differ from other security testing tools?
We run your app in our sandbox and our agents try any kind of destructive testing. By having access to the code and to the runtime instrumentation, our agents have a feedback mechanism to achieve deep coverage.
How does it work?
We run multiple instances your containerized application in an instrumented environment. This allows us to test for different security vulnerabilities that are unreachable for conventional security scanners.
What kind of vulnerabilities it is testing for?
We test for common application vulnerabilities such as SQL Injection, Server-side Request Forgery, Cross-site Scripting, Command Injection etc. as well as Business Logic issues and Authentication/Authorization issues.
What integrations do you support?
We integrate seamlessly with GitHub to support one-click scans or automatically on pull requests. GitLab, Bitbucket and Azure DevOps integrations are coming soon.
Let's talk about your security.
Our Location
Bucharest, Romania